kallithea Changeset - 273860c8fd85

Changeset - 273860c8fd85

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Søren Løvborg - 10 years ago 2015-06-15 17:22:17
kwi@kwi.dk

LoginController: Let sessionmiddleware set session cookies

sessionmiddleware already reads cookie_out and adds Set-Cookie header,
no need for LoginController to do it.

1 file changed with 6 insertions and 12 deletions:

kallithea/controllers/login.py

0 comments (0 inline, 0 general)

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -76,18 +76,12 @@ class LoginController(BaseController): @@
         log.info('user %s is now authenticated and stored in '
                  'session, session attrs %s' % (username, cs))
         # dumps session attrs back to cookie
         session._update_cookie_out()
         # we set new cookie
         headers = None
         if session.request['set_cookie']:
             # send set-cookie headers back to response to update cookie
             headers = [('Set-Cookie', session.request['cookie_out'])]
         return headers
     def _validate_came_from(self, came_from):
         """Return True if came_from is valid and can and should be used"""
         if not came_from:
             return False
@@ @@ -101,16 +95,16 @@ class LoginController(BaseController): @@
         if server_parsed.netloc != parsed.netloc:
             log.error('Suspicious NETLOC detected %s for url %s server url '
                       'is: %s' % (parsed.netloc, parsed, server_parsed))
             return False
         return True
-    def _redirect_to_origin(self, origin, headers=None):
     def _redirect_to_origin(self, origin):
         '''redirect to the original page, preserving any get arguments given'''
         request.GET.pop('came_from', None)
-        raise HTTPFound(location=url(origin, **request.GET), headers=headers)
         raise HTTPFound(location=url(origin, **request.GET))
     def index(self):
         c.came_from = safe_str(request.GET.get('came_from', ''))
         if not self._validate_came_from(c.came_from):
             c.came_from = url('home')
@@ @@ -125,16 +119,16 @@ class LoginController(BaseController): @@
             # import Login Form validator class
             login_form = LoginForm()
             try:
                 session.invalidate()
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
-                headers = self._store_user_in_session(
                 self._store_user_in_session(
                                         username=c.form_result['username'],
                                         remember=c.form_result['remember'])
-                return self._redirect_to_origin(c.came_from, headers)
                 return self._redirect_to_origin(c.came_from)
             except formencode.Invalid, errors:
                 defaults = errors.value
                 # remove password from filling in form again
                 del defaults['password']
                 return htmlfill.render(
@@ @@ -161,14 +155,14 @@ class LoginController(BaseController): @@
                 log.error(e)
                 h.flash(e, 'error')
                 # render login, with flash message about limit
                 return render('/login.html')
             if auth_info:
                 headers = self._store_user_in_session(auth_info.get('username'))
                 return self._redirect_to_origin(c.came_from, headers)
                 self._store_user_in_session(auth_info.get('username'))
                 return self._redirect_to_origin(c.came_from)
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):

0 comments (0 inline, 0 general)