[CalendarServer-changes] [7419] CalendarServer/trunk/calendarserver/provision/root.py
source_changes at macosforge.org
source_changes at macosforge.org
Fri May 6 13:25:32 PDT 2011
Revision: 7419
http://trac.macosforge.org/projects/calendarserver/changeset/7419
Author: sagen at apple.com
Date: 2011-05-06 13:25:30 -0700 (Fri, 06 May 2011)
Log Message:
-----------
Ignore wiki auth cookies from non web clients.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/provision/root.py
Modified: CalendarServer/trunk/calendarserver/provision/root.py
===================================================================
--- CalendarServer/trunk/calendarserver/provision/root.py 2011-05-06 19:49:39 UTC (rev 7418)
+++ CalendarServer/trunk/calendarserver/provision/root.py 2011-05-06 20:25:30 UTC (rev 7419)
@@ -225,17 +225,33 @@
davxml.HRef.fromString("/principals/__uids__/%s/" % (guid,))
)
+
# Examine cookies for wiki auth token; if there, ask the paired wiki
# server for the corresponding record name. If that maps to a
# principal, assign that to authnuser.
+ # Also, certain non-browser clients send along the wiki auth token
+ # sometimes, so we now also look for the presence of x-requested-with
+ # header that the webclient sends. However, in the case of a GET on
+ # /webcal that header won't be sent so therefore we allow wiki auth
+ # for any path in the authServiceMap even if that header is missing.
+ allowWikiAuth = False
+ topLevel = request.path.strip("/").split("/")[0]
+ if self.authServiceMap.get(topLevel, False):
+ allowWikiAuth = True
+
if not hasattr(request, "checkedWiki"):
# Only do this once per request
request.checkedWiki = True
wikiConfig = config.Authentication.Wiki
cookies = request.headers.getHeader("cookie")
- if wikiConfig["Enabled"] and cookies is not None:
+ requestedWith = request.headers.hasHeader("x-requested-with")
+ if (
+ wikiConfig["Enabled"] and
+ (requestedWith or allowWikiAuth) and
+ cookies is not None
+ ):
for cookie in cookies:
if cookie.name == wikiConfig["Cookie"]:
token = cookie.value
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110506/b29f913b/attachment-0001.html>
More information about the calendarserver-changes
mailing list