[Pypi-checkins] r977 - trunk/pypi
richard
python-checkins at python.org
Mon Sep 5 07:39:14 CEST 2011
Author: richard
Date: Mon Sep 5 07:39:14 2011
New Revision: 977
Modified:
trunk/pypi/webui.py
Log:
argh the /id* URLs are not authenticated so break... must have /pypi URLs... reverting to further test
Modified: trunk/pypi/webui.py
==============================================================================
--- trunk/pypi/webui.py (original)
+++ trunk/pypi/webui.py Mon Sep 5 07:39:14 2011
@@ -218,8 +218,8 @@
self.loggedin = False # was a valid cookie sent?
self.usercookie = None
self.failed = None # error message if initialization already produced a failure
- self.op_endpoint = "%s?:action=openid_endpoint" % (self.config.url,)
- self.oid_server = OpenIDServer.Server(FileOpenIDStore(OPENID_FILESTORE), op_endpoint=self.op_endpoint)
+ op_endpoint = "%s?:action=openid_endpoint" % (self.config.url,)
+ self.oid_server = OpenIDServer.Server(FileOpenIDStore(OPENID_FILESTORE), op_endpoint=op_endpoint)
# XMLRPC request or not?
if self.env.get('CONTENT_TYPE') != 'text/xml':
@@ -463,13 +463,6 @@
return self.mirrors()
if script_name == '/daytime':
return self.daytime()
- if script_name == '/id':
- action = 'openid_discovery'
- elif script_name.startswith('/id/'):
- # the username argument is ignored...
- action = 'openid_user'
- else:
- action = ''
# see if the user has provided a username/password
auth = self.env.get('HTTP_CGI_AUTHORIZATION', '').strip()
@@ -529,10 +522,7 @@
# now handle the request
path = self.env.get('PATH_INFO', '')
- if action:
- # we've already been set an action
- pass
- elif self.form.has_key(':action'):
+ if self.form.has_key(':action'):
action = self.form[':action']
if isinstance(action, list):
raise RuntimeError("Multiple actions: %r" % action)
@@ -1976,7 +1966,8 @@
raise Unauthorised, \
"You must be identified to edit package information"
- self.csrf_check()
+ # this is used to render the form as well as edit it... UGH
+ #self.csrf_check()
name = self.form['name']
@@ -3050,6 +3041,7 @@
raise OpenIDError, "OpenID request must be a POST"
from openid.message import Message
+ del self.form[':action']
message = Message.fromPostArgs(self.form)
orequest = OpenIDServer.CheckIDRequest.fromMessage(message, self.oid_server.op_endpoint)
@@ -3092,7 +3084,8 @@
return False
if identity == 'http://specs.openid.net/auth/2.0/identifier_select':
return False
- username = urlparse.urlparse(identity).path.split('/')[-1]
+ qs = urlparse.urlparse(identity).query
+ username = urlparse.parse_qs(qs).get("username",[None])[0]
if username != self.username:
# identity is not owned by user so decline the request
False
@@ -3101,7 +3094,7 @@
def openid_user_url(self):
if self.authenticated:
- return "%s/%s" % (self.config.openid_url, self.username)
+ return "%s?:action=openid_user&username=%s" % (self.config.url, self.username)
else:
return None
-
+
More information about the Pypi-checkins
mailing list