kallithea Changeset - 44678a64cfae

Changeset - 44678a64cfae

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 13 years ago 2012-07-16 18:47:36
marcin@python-works.com

Use HttpFound response in login.
- redirect_to lacks possibility to pass headers
- use those headers for proper Set-Cookie handling

1 file changed with 23 insertions and 9 deletions:

rhodecode/controllers/login.py

0 comments (0 inline, 0 general)

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -25,9 +25,10 @@ @@
 import logging
 import formencode
 import datetime
 from formencode import htmlfill
+from webob.exc import HTTPFound
 from pylons.i18n.translation import _
 from pylons.controllers.util import abort, redirect
 from pylons import request, response, session, tmpl_context as c, url
@@ @@ -41,6 +42,7 @@ from rhodecode.model.user import UserMod @@
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
@@ @@ -62,6 +64,7 @@ class LoginController(BaseController): @@
             # import Login Form validator class
             login_form = LoginForm()
             try:
                 session.invalidate()
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
@@ @@ -70,22 +73,33 @@ class LoginController(BaseController): @@
                 auth_user.set_authenticated()
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
                 user.update_lastlogin()
                 Session().commit()
                 # If they want to be remembered, update the cookie
                 if c.form_result['remember'] is not False:
                     session.cookie_expires = False
                 session._set_cookie_values()
                 session._update_cookie_out()
                     _year = (datetime.datetime.now() +
                              datetime.timedelta(seconds=60 * 60 * 24 * 365))
                     session._set_cookie_expires(_year)
                 session.save()
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()
                 Session.commit()
                 # dumps session attrs back to cookie
                 session._update_cookie_out()
                 # we set new cookie
                 headers = None
                 if session.request['set_cookie']:
                     # send set-cookie headers back to response to update cookie
                     headers = [('Set-Cookie', session.request['cookie_out'])]
                 if c.came_from:
-                    return redirect(c.came_from)
+                    raise HTTPFound(location=c.came_from, headers=headers)
                 else:
-                    return redirect(url('home'))
+                    raise HTTPFound(location=url('home'), headers=headers)
             except formencode.Invalid, errors:
                 return htmlfill.render(
@@ @@ -115,7 +129,7 @@ class LoginController(BaseController): @@
                 UserModel().create_registration(form_result)
                 h.flash(_('You have successfully registered into rhodecode'),
                             category='success')
                 Session.commit()
+                Session().commit()
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:

0 comments (0 inline, 0 general)