# HG changeset patch # User Tim Joseph Dumol # Date 1284656123 -28800 # Node ID 92b805f7cd165c65cdc525861fb30b9d78d21966 # Parent 54f54954e3c43aab9dbcafa9586a1e29e39d67ea [mq]: trac_9822-cookie-path-fix.patch diff -r 54f54954e3c4 -r 92b805f7cd16 sagenb/notebook/guard.py --- a/sagenb/notebook/guard.py Sun Jul 25 00:43:04 2010 -0700 +++ b/sagenb/notebook/guard.py Fri Sep 17 00:55:23 2010 +0800 @@ -260,15 +260,13 @@ if request.args.get('startup_token', [''])[0]: import avatars return avatars.TokenCred(request.args.get('startup_token', [''])[0]) + username = password = 'COOKIESDISABLED' if request.headers.getHeader('cookie'): for C in request.headers.getHeader('cookie'): if C.name == 'cookie_test_%s' % twist.notebook.port: username = request.args.get('email', [''])[0] password = request.args.get('password', [''])[0] - else: - username = password = 'COOKIESDISABLED' - else: - username = password = 'COOKIESDISABLED' + break return credentials.UsernamePassword(username, password) def _loginSuccess(self, (iface, rsrc, logout), session, creds, segments): diff -r 54f54954e3c4 -r 92b805f7cd16 sagenb/notebook/twist.py --- a/sagenb/notebook/twist.py Sun Jul 25 00:43:04 2010 -0700 +++ b/sagenb/notebook/twist.py Fri Sep 17 00:55:23 2010 +0800 @@ -134,6 +134,21 @@ if request.host not in ('localhost', '127.0.0.1'): request.addResponseFilter(gzip.gzipfilter, atEnd=True) +def get_port(request): + """ + Gets the port from the HTTP headers of ``request``. + """ + if request.headers.hasHeader('host'): + host = request.headers.getHeader('host') + split = host.split(':') + if len(split) == 2: + return int(split[1]) + elif notebook.secure: + return 443 + else: + return 80 + else: + return None ############################ # An error message ############################ @@ -1971,7 +1986,7 @@ def render(self, ctx): # We use this class only when require_login is False. Since # we haven't logged in, we just redirect to the home page. - return http.RedirectResponse('/') + return RedirectResponse('/') ############################ # Image resource @@ -2481,14 +2496,16 @@ class LogoutRedirectLogin(resource.PostableResource): def render(self, ctx): - response = http.RedirectResponse('/') - - # Force cookie deletion. - yesterday = time.time() - 3600 * 24 - c1 = http_headers.Cookie('nb_session_%s' % notebook.port, '', - expires=yesterday) - c2 = http_headers.Cookie('cookie_test_%s' % notebook.port, '', - expires=yesterday) + response = RedirectResponse('/') + + c1 = http_headers.Cookie('nb_session_%s' % get_port(ctx), '', + path = '/', + ports = [get_port(ctx)], + expires=0) # seconds after epoch + c2 = http_headers.Cookie('cookie_test_%s' % get_port(ctx), '', + path = '/', + ports = [get_port(ctx)], + expires=0) # seconds after epoch response.headers.setHeader("set-cookie", [c1, c2]) return response @@ -2567,7 +2584,10 @@ 'recovery': notebook.conf()['email'], 'sage_version':SAGE_VERSION} response = HTMLResponse(stream=template(os.path.join('html', 'login.html'), **template_dict)) - response.headers.setHeader("set-cookie", [http_headers.Cookie('cookie_test_%s' % notebook.port, 'cookie_test')]) + response.headers.setHeader("set-cookie", [http_headers.Cookie('cookie_test_%s' % get_port(ctx), + 'cookie_test', + ports=[get_port(ctx)], + path='/')]) return response class FailedToplevel(Toplevel): @@ -2659,10 +2679,19 @@ # This allows a Notebook user to select a "remember me" checkbox and not have to # sign back in when she restarts her web browser # This works by setting an expiration date because without one the browser forgets the cookie. + expires = None if 'remember' in request.args: - response.headers.setHeader("set-cookie", [http_headers.Cookie('nb_session_%s' % notebook.port, self.cookie, expires=(time.time() + 60 * 60 * 24 * 14)), http_headers.Cookie('cookie_test_%s' % notebook.port, self.cookie, expires=1)]) - else: - response.headers.setHeader("set-cookie", [http_headers.Cookie('nb_session_%s' % notebook.port, self.cookie), http_headers.Cookie('cookie_test_%s' % notebook.port, self.cookie, expires=1)]) + expires = time.time() + 60 * 60 * 24 * 14 # 2 weeks from now + response.headers.setHeader("set-cookie", [http_headers.Cookie('nb_session_%s' % get_port(request), + self.cookie, + path='/', + ports=[get_port(request)], + expires = expires), + http_headers.Cookie('cookie_test_%s' % get_port(request), + self.cookie, + path='/', + ports=[get_port(request)], + expires=0)]) return response setattr(UserToplevel, 'userchild_download_worksheets.zip', DownloadWorksheets)