New submission from timor ti...@cyhex.com:
the repoze.who-friendlyform does not check for max_age value in the form.
fix:
add those lines to: friendlyform.py:129
#
max_age = form.get('max_age', None)
if credentials and max_age:
credentials['max_age'] = max_age
##
cheers
timor
--
files: friendlyform.py
messages: 271
nosy: cyhex
priority: bug
status: unread
title: max_age in repoze.who-friendlyform
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue99
__# -*- coding: utf-8 -*-
##
#
# Copyright (c) 2009, Gustavo Narea m...@gustavonarea.net.
# All Rights Reserved.
#
# This software is subject to the provisions of the BSD-like license at
# http://www.repoze.org/LICENSE.txt. A copy of the license should accompany
# this distribution. THIS SOFTWARE IS PROVIDED AS IS AND ANY AND ALL
# EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND
# FITNESS FOR A PARTICULAR PURPOSE.
#
##
Collection of :mod:`repoze.who` friendly forms
from urlparse import urlparse, urlunparse
from urllib import urlencode
try:
from urlparse import parse_qs
except ImportError:
from cgi import parse_qs
from paste.httpexceptions import HTTPFound, HTTPUnauthorized
from paste.request import construct_url, parse_dict_querystring, parse_formvars
from paste.response import replace_header, header_value
from zope.interface import implements
from repoze.who.interfaces import IChallenger, IIdentifier
__all__ = ['FriendlyFormPlugin']
class FriendlyFormPlugin(object):
:class:`RedirectingFormPlugin
repoze.who.plugins.form.RedirectingFormPlugin`-like form plugin with
more features.
It is like ``RedirectingFormPlugin``, but provides us with the following
features:
* Users are not challenged on logout, unless the referrer URL is a
private one (but that's up to the application).
* Developers may define post-login and/or post-logout pages.
* In the login URL, the amount of failed logins is available in the
environ. It's also increased by one on every login try. This counter
will allow developers not using a post-login page to handle logins that
fail/succeed.
You should keep in mind that if you're using a post-login or a post-logout
page, that page will receive the referrer URL as a query string variable
whose name is came_from.
implements(IChallenger, IIdentifier)
def __init__(self, login_form_url, login_handler_path, post_login_url,
logout_handler_path, post_logout_url, rememberer_name,
login_counter_name=None):
:param login_form_url: The URL/path where the login form is located.
:type login_form_url: str
:param login_handler_path: The URL/path where the login form is
submitted to (where it is processed by this plugin).
:type login_handler_path: str
:param post_login_url: The URL/path where the user should be redirected
to after login (even if wrong credentials were provided).
:type post_login_url: str
:param logout_handler_path: The URL/path where the user is logged out.
:type logout_handler_path: str
:param post_logout_url: The URL/path where the user should be
redirected to after logout.
:type post_logout_url: str
:param rememberer_name: The name of the repoze.who identifier which
acts as rememberer.
:type rememberer_name: str
:param login_counter_name: The name of the query string variable which
will represent the login counter.
:type login_counter_name: str
The login counter variable's name will be set to ``__logins`` if
``login_counter_name`` equals None.
self.login_form_url = login_form_url
self.login_handler_path = login_handler_path
self.post_login_url = post_login_url
self.logout_handler_path = logout_handler_path
self.post_logout_url = post_logout_url
self.rememberer_name = rememberer_name
self.login_counter_name = login_counter_name
if not login_counter_name:
self.login_counter_name = '__logins'
# IIdentifier
def identify(self, environ):
Override the parent's identifier to introduce a login counter
(possibly along with a post-login page) and load the login counter into
the ``environ``.
path_info = environ['PATH_INFO']
script_name = environ.get('SCRIPT_NAME') or '/'
query = parse_dict_querystring(environ)
if path_info ==
