Ticket #2407: sage-2407_1.patch

sage/server/notebook/avatars.py

@@ -57 +57 @@
             return 'invalid_user'
         elif avatarId.failure_type == 'password':
             return 'invalid_password', avatarId.username
+        elif avatarId.failure_type == 'cookies':
+            return 'cookies_disabled'
         else:
             raise ValueError, 'invalid failure type'
         
@@ -99 +101 @@
     def requestAvatarId(self, credentials):
         username = credentials.username
         password = credentials.password
+        if username == 'COOKIESDISABLED':
+            return defer.succeed(FailedLogin(username, failure_type = 'cookies'))
+        
         try:
             U = twist.notebook.user(username)
         except KeyError:
@@ -185 +190 @@
                 rsrc = twist.FailedToplevel(avatarId, problem='password', username=user_type(avatarId)[1])
                 return (iweb.IResource, rsrc, self.logout)
             
+            elif T[0] == 'cookies_disabled':
+                rsrc = twist.FailedToplevel(avatarId, problem='cookies', username=user_type(avatarId)[1])
+                return (iweb.IResource, rsrc, self.logout)
+            
             elif T == 'user':
                 rsrc = twist.UserToplevel(self.cookie, avatarId)
                 return (iweb.IResource, rsrc, self.logout)

sage/server/notebook/guard.py

@@ -264 +264 @@
         if request.args.get('startup_token', [''])[0]:
             import avatars
             return avatars.TokenCred(request.args.get('startup_token', [''])[0])
-        username = request.args.get('email', [''])[0]
-        password = request.args.get('password', [''])[0]
+        if request.headers.getHeader('cookie'):
+            for C in request.headers.getHeader('cookie'):
+                if C.name == 'cookie_test':
+                    username = request.args.get('email', [''])[0]
+                    password = request.args.get('password', [''])[0]
+                else:
+                    username = password = 'COOKIESDISABLED'
+        else:
+            username = password = 'COOKIESDISABLED'
         return credentials.UsernamePassword(username, password)
 
     def _loginSuccess(self, (iface, rsrc, logout), session, creds, segments):

sage/server/notebook/twist.py

@@ -2196 +2196 @@
     #child_login = LoginResource
     
     def render(self, ctx):
-        return http.Response(stream =  login_page_template(notebook.get_accounts(), notebook.default_user(), recover=notebook.conf()['email']))
+        response = http.Response(stream =  login_page_template(notebook.get_accounts(), notebook.default_user(), recover=notebook.conf()['email']))
+        response.headers.setHeader("set-cookie", [http_headers.Cookie('cookie_test', 'cookie_test')])
+        return response
 
 class FailedToplevel(Toplevel):
     def __init__(self, info, problem, username=None):
@@ -2210 +2212 @@
         # If published pages were disabled, then this should be disabled too.
         if self.problem == 'username':
             return http.Response(stream = login_page_template(notebook.get_accounts(), notebook.default_user(), is_username_error=True, recover=notebook.conf()['email']))
+        elif self.problem == 'password':
+            return http.Response(stream = login_page_template(notebook.get_accounts(), self.username, is_password_error=True, recover=notebook.conf()['email']))
         else:
-            return http.Response(stream = login_page_template(notebook.get_accounts(), self.username, is_password_error=True, recover=notebook.conf()['email']))
+            return http.Response(stream = message("Please enable cookies and try again."))
 
 
 class UserToplevel(Toplevel):