[CalendarServer-changes] [7419] CalendarServer/trunk/calendarserver/provision/root.py

source_changes at macosforge.org source_changes at macosforge.org
Fri May 6 13:25:32 PDT 2011 

Revision: 7419
          http://trac.macosforge.org/projects/calendarserver/changeset/7419
Author:   sagen at apple.com
Date:     2011-05-06 13:25:30 -0700 (Fri, 06 May 2011)
Log Message:
-----------
Ignore wiki auth cookies from non web clients.

Modified Paths:
--------------
    CalendarServer/trunk/calendarserver/provision/root.py

Modified: CalendarServer/trunk/calendarserver/provision/root.py
===================================================================
--- CalendarServer/trunk/calendarserver/provision/root.py	2011-05-06 19:49:39 UTC (rev 7418)
+++ CalendarServer/trunk/calendarserver/provision/root.py	2011-05-06 20:25:30 UTC (rev 7419)
@@ -225,17 +225,33 @@
                     davxml.HRef.fromString("/principals/__uids__/%s/" % (guid,))
                 )
 
+
         # Examine cookies for wiki auth token; if there, ask the paired wiki
         # server for the corresponding record name.  If that maps to a
         # principal, assign that to authnuser.
 
+        # Also, certain non-browser clients send along the wiki auth token
+        # sometimes, so we now also look for the presence of x-requested-with
+        # header that the webclient sends.  However, in the case of a GET on
+        # /webcal that header won't be sent so therefore we allow wiki auth
+        # for any path in the authServiceMap even if that header is missing.
+        allowWikiAuth = False
+        topLevel = request.path.strip("/").split("/")[0]
+        if self.authServiceMap.get(topLevel, False):
+            allowWikiAuth = True
+
         if not hasattr(request, "checkedWiki"):
             # Only do this once per request
             request.checkedWiki = True
 
             wikiConfig = config.Authentication.Wiki
             cookies = request.headers.getHeader("cookie")
-            if wikiConfig["Enabled"] and cookies is not None:
+            requestedWith = request.headers.hasHeader("x-requested-with")
+            if (
+                wikiConfig["Enabled"] and
+                (requestedWith or allowWikiAuth) and
+                cookies is not None
+            ):
                 for cookie in cookies:
                     if cookie.name == wikiConfig["Cookie"]:
                         token = cookie.value
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110506/b29f913b/attachment-0001.html>

More information about the calendarserver-changes mailing list