aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/SecurityManager.py (unfollow)
Commit message (Collapse)AuthorFilesLines
2013-12-02- Fixed a bug which caused some authentication cookies to expire too soonMark Sapiro1-3/+3
if AUTHENTICATION_COOKIE_LIFETIME is non-zero.
2011-11-26Removed Python 2.5 dependency from fix for Bug #770377.Mark Sapiro1-2/+2
2011-04-26Since context may be AuthUser, we must refresh the cookie where we have a user.Mark Sapiro1-2/+2
2011-04-25A new list poster password has been implemented. This password may onlyMark Sapiro1-0/+9
be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
2011-04-25A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.Mark Sapiro1-1/+6
If this is set to a non-zero value, web authentication cookies will expire that many seconds following their last use. Its default value is zero to preserve current behavior.
2011-04-25Mailman now sets the 'secure' flag in cookies set via https URLs.Mark Sapiro1-1/+6
Bug #770377.
2009-09-03Inadvertently setting a null site or list password allowed accessMark Sapiro1-0/+3
to a list's web admin interface without authentication. Fixed by not accepting null passwords.
2008-11-20Fixed a problem in SecurityManager that caused it to not find theMark Sapiro1-2/+3
cookie when CheckCookie was not given a user and the user in the cookie had a %xx encoded character. Bug # 299220.
2008-11-12Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw1-8/+7
I've modified the patch to improve some of the stylistic issues.
2006-07-30Back port Python 2.5 compatibility changes to Mailman 2.1. Specifically,bwarsaw1-9/+11
- In SecurityManager.py, fix the parsecookie() code to work with Python 2.5 generated cookie text. The latter was changed to be more RFC compliant so it does not output trailing semicolons for each line of cookie text. This broke the splitting rules, so now first split on newlines, then on ';\s*'. This should work across all Python versions. - In Python 2.5, exceptions are new-style, and thus are no longer of ClassType. The instantiation type test in hold_for_approval() was too naive. This one is fixed differently here than in the MM trunk because in Python 2.1, 'type' isn't a type, it's a function and so can't be used as the second argument to isinstance() directly. - Raising strings generates deprecation warnings in Python 2.5. Switch the one weird use of this in Utils.py to use a class exception. Don't call it "quick exit" though because it's probably not.
2005-08-27FSF office has moved to 51 Franklin Street.tkikuchi1-1/+1
2004-11-25We have to escape other special characters like '=', so use urllib.tkikuchi1-1/+3
2004-10-09[ 1030228 ] Mass Subscribe address with control character - can't deletetkikuchi1-1/+1
Also, '/' can be used now.
2004-01-03__checkone(): Patch 869644, ignore NotAMemberError that can get raisedbwarsaw1-2/+5
from AuthContextInfo() when old cookie data is for someone no longer a member of the mailing list. Closes SF bug # 869647. Bug and patch by Stephan Berndts.
2003-12-26Authenticate(): When authenticating AuthUser, wrap thebwarsaw1-35/+40
self.authenticateMember() call in a try/except catching and ignoring NotAMemberErrors. The effect of this is that other authcontexts being check will then proceed as normal. This fixes admin login to the private archives, and non-public rosters. Under the old code, if you tried to get into the private archives w/o entering an email address, but using the admin password, you'd be denied access. WebAuthenticate(): Removed the wrapping of .Authenticate() in try/except catching of NotAMemberError, since this should never percolate out now. Also, use True/False everywhere it's appropriate (but not in the cookie code). Original bug and patch by Stephan Berndts. Closes SF bug # 864676 and SF patch # 864674.
2003-02-08Backporting from the trunk.bwarsaw1-12/+26
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 21:08:31 +0000