New submission from Gustavo Narea <m...@gustavonarea.net>:
The auth_tkt is not able to set for how long cookies should last, and as a
consequence,
developers who want users to be remembered even after closing their agents have
to
subclass this plugin to implement this feature.
The attached patch implements this feature. I will apply it if it looks good to
you, Chris.
----------
assignedto: Gustavo
files: auth_tkt-max_age.diff
messages: 232
nosy: Gustavo
priority: feature
status: unread
title: auth_tkt: Cookies will always expire when the user agent is closed
topic: repoze.who
__________________________________
Repoze Bugs <b...@bugs.repoze.org>
<http://bugs.repoze.org/issue87>
__________________________________
Index: repoze/who/plugins/tests/test_authtkt.py
===================================================================
--- repoze/who/plugins/tests/test_authtkt.py (revision 5118)
+++ repoze/who/plugins/tests/test_authtkt.py (working copy)
@@ -165,6 +165,26 @@
'auth_tkt="%s"; Path=/; Domain=.localhost'
% new_val))
+ def test_remember_creds_custom_max_age(self):
+ age = 240 # 4 minutes
+ plugin = self._makeOne('secret', max_age=age)
+ val = self._makeTicket(userid='userid')
+ environ = self._makeEnviron()
+ result = plugin.remember(environ, {'repoze.who.userid':'userid',
+ 'userdata':'userdata'})
+ self.assertEqual(len(result), 3)
+ self.assertEqual(result[0],
+ ('Set-Cookie',
+ 'auth_tkt="%s"; Path=/; Max-Age=%s' % (val, age)))
+ self.assertEqual(result[1],
+ ('Set-Cookie',
+ 'auth_tkt="%s"; Path=/; Domain=localhost; Max-Age=%s'
+ % (val, age)))
+ self.assertEqual(result[2],
+ ('Set-Cookie',
+ 'auth_tkt="%s"; Path=/; Domain=.localhost; Max-Age=%s'
+ % (val, age)))
+
def test_remember_creds_different_bad_old_cookie(self):
plugin = self._makeOne('secret')
old_val = 'BOGUS'
Index: repoze/who/plugins/auth_tkt.py
===================================================================
--- repoze/who/plugins/auth_tkt.py (revision 5118)
+++ repoze/who/plugins/auth_tkt.py (working copy)
@@ -25,11 +25,12 @@
}
def __init__(self, secret, cookie_name='auth_tkt',
- secure=False, include_ip=False):
+ secure=False, include_ip=False, max_age=None):
self.secret = secret
self.cookie_name = cookie_name
self.include_ip = include_ip
self.secure = secure
+ self.max_age = max_age
# IIdentifier
def identify(self, environ):
@@ -81,6 +82,9 @@
('Set-Cookie', '%s="%s"; Path=/; Domain=%s' % (
self.cookie_name, value, wild_domain))
]
+ if self.max_age:
+ cookies = [(h, "%s; Max-Age=%s" % (c, self.max_age)) for (h, c)
+ in cookies]
return cookies
# IIdentifier
Index: CHANGES.txt
===================================================================
--- CHANGES.txt (revision 5118)
+++ CHANGES.txt (working copy)
@@ -15,6 +15,10 @@
- One-hundred percent unit test coverage.
+- Made the ``auth_tkt`` plugin able to set cookies with a custom ``Max-Age``
+ attribute.
+
+
1.0.13 (2009/4/24)
==================
Index: docs/narr.rst
===================================================================
--- docs/narr.rst (revision 5118)
+++ docs/narr.rst (working copy)
@@ -212,7 +212,7 @@
.. module:: repoze.who.plugins.auth_tkt
-.. class:: AuthTktCookiePlugin(secret [, cookie_name='auth_tkt' [, secure=False [, include_ip=False]]])
+.. class:: AuthTktCookiePlugin(secret [, cookie_name='auth_tkt' [, secure=False [, include_ip=False [, max_age=None]]]])
An :class:`AuthTktCookiePlugin` is an ``IIdentifier`` plugin which
remembers its identity state in a client-side cookie. This plugin
@@ -225,6 +225,10 @@
cookie will be sent only across an HTTPS connection. If
*include_ip* is True, the ``REMOTE_ADDR`` of the WSGI environment
will be placed in the cookie.
+
+ By default, these cookies will expire when the user agent (e.g., browser)
+ is closed. To override this behavior, use the *max_age* argument to
+ set for how long the cookies should last (in seconds).
.. note::
Using the *include_ip* setting for public-facing applications may
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
