[PYTHON-CRYPTO] Info on using the AuthCookie in M2Crypto
Marco Bizzarri
m.bizzarri at ICUBE.IT
Wed Aug 18 09:47:59 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all.
I'm trying to integrate M2Crypto AuthCookies in a Zope application.
Up to now, I've been successful in integrating the AuthCookie. Here is
the code. For those of you which could ask, it is a modified version of
CookieCrumbler. I hope the formatting will not be such an issue...
~ def modifyRequest(self, REQUEST, RESPONSE):
~ if REQUEST.cookies.has_key(self.auth_cookie) and
REQUEST.cookies.has_key('wscookie'):
~ cookie_str = REQUEST.cookies[self.auth_cookie]
~ assert cookie_jar.isGoodCookieString('Set-Cookie:
_M2AUTH_="%s";' % cookie_str)
~ expiry, data, digest = unmix3(cookie_str)
~ REQUEST.environ['REMOTE_USER'] = data
~ return ATTEMPT_RESUME
~ if REQUEST.environ.has_key('REMOTE_USER'):
~ data = REQUEST.environ['REMOTE_USER']
~ expiry = time() + 1800
~ cookie = cookie_jar.makeCookie(expiry=expiry, data=data)
~ RESPONSE.setCookie(self.auth_cookie, cookie.value(),
~ path=self.getCookiePath(),
~ expires=cookie.expiry())
~ return ATTEMPT_LOGIN
~ return ATTEMPT_NONE
Now, my questions are regarding how much the AuthCookie are pyhton
cookies. Digging into the code, I can see they use the a Cookie
(actually, a SmartCookie) inside.
However, the SmartCookie interface is not available. Therefore, if you
want a cookie sent only on a secure connection, you have to access the
_cookie field. Of course this is possible, but I feel it should be
better integrated inside the AuthCookie class...
Just a few thought for discussions, however. I think M2Crypto is a great
python package.
Regards
Marco
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBIwmvXhfyAQQVoaIRAkHNAJ9vI7u3Gzw5INxik0iTNKb8umzlRQCfcjPK
9B8V/jXTJtOjwNceAS+BHlM=
=wHxJ
-----END PGP SIGNATURE-----
More information about the python-crypto
mailing list