aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman/SecurityManager.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.Mark Sapiro2011-04-251-1/+6
| | | | | | If this is set to a non-zero value, web authentication cookies will expire that many seconds following their last use. Its default value is zero to preserve current behavior.
* Mailman now sets the 'secure' flag in cookies set via https URLs.Mark Sapiro2011-04-251-1/+6
| | | | Bug #770377.
* Inadvertently setting a null site or list password allowed accessMark Sapiro2009-09-031-0/+3
| | | | | to a list's web admin interface without authentication. Fixed by not accepting null passwords.
* trunkBarry Warsaw2008-11-291-1/+2
|\
| * Fixed a problem in SecurityManager that caused it to not find theMark Sapiro2008-11-201-2/+3
| | | | | | | | | | cookie when CheckCookie was not given a user and the user in the cookie had a %xx encoded character. Bug # 299220.
* | Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178.Barry Warsaw2008-11-121-8/+7
|/ | | | I've modified the patch to improve some of the stylistic issues.
* Back port Python 2.5 compatibility changes to Mailman 2.1. Specifically,bwarsaw2006-07-301-9/+11
| | | | | | | | | | | | | | | | | | - In SecurityManager.py, fix the parsecookie() code to work with Python 2.5 generated cookie text. The latter was changed to be more RFC compliant so it does not output trailing semicolons for each line of cookie text. This broke the splitting rules, so now first split on newlines, then on ';\s*'. This should work across all Python versions. - In Python 2.5, exceptions are new-style, and thus are no longer of ClassType. The instantiation type test in hold_for_approval() was too naive. This one is fixed differently here than in the MM trunk because in Python 2.1, 'type' isn't a type, it's a function and so can't be used as the second argument to isinstance() directly. - Raising strings generates deprecation warnings in Python 2.5. Switch the one weird use of this in Utils.py to use a class exception. Don't call it "quick exit" though because it's probably not.
* FSF office has moved to 51 Franklin Street.tkikuchi2005-08-271-1/+1
|
* We have to escape other special characters like '=', so use urllib.tkikuchi2004-11-251-1/+3
|
* [ 1030228 ] Mass Subscribe address with control character - can't deletetkikuchi2004-10-091-1/+1
| | | | Also, '/' can be used now.
* __checkone(): Patch 869644, ignore NotAMemberError that can get raisedbwarsaw2004-01-031-2/+5
| | | | | | from AuthContextInfo() when old cookie data is for someone no longer a member of the mailing list. Closes SF bug # 869647. Bug and patch by Stephan Berndts.
* Authenticate(): When authenticating AuthUser, wrap thebwarsaw2003-12-261-35/+40
| | | | | | | | | | | | | | | | | | | | | self.authenticateMember() call in a try/except catching and ignoring NotAMemberErrors. The effect of this is that other authcontexts being check will then proceed as normal. This fixes admin login to the private archives, and non-public rosters. Under the old code, if you tried to get into the private archives w/o entering an email address, but using the admin password, you'd be denied access. WebAuthenticate(): Removed the wrapping of .Authenticate() in try/except catching of NotAMemberError, since this should never percolate out now. Also, use True/False everywhere it's appropriate (but not in the cookie code). Original bug and patch by Stephan Berndts. Closes SF bug # 864676 and SF patch # 864674.
* Backporting from the trunk.bwarsaw2003-02-081-12/+26
|
* This commit was manufactured by cvs2svn to create branch2003-01-021-0/+333
'Release_2_1-maint'.