'EXPIRED': 'session timed out',
'BADTAG': 'incorrect tag',
'NOUSER': 'unknown user name',
+ 'LOGOUT': 'explicitly logged out',
None: None
}
global NONCE
+ ## If the token has been explicitly clobbered, then we're logged out.
+ if token == 'logged-out': raise AuthenticationFailed, 'LOGOUT'
+
## Parse the token.
bits = token.split('.', 3)
if len(bits) != 4: raise AuthenticationFailed, 'BADTOKEN'
## Done.
return user
+def bake_cookie(value):
+ """
+ Return a properly baked authentication-token cookie with the given VALUE.
+ """
+ return CGI.cookie('chpwd-token', value,
+ httponly = True,
+ secure = CGI.SSLP,
+ path = CFG.SCRIPT_NAME,
+ max_age = (CFG.SECRETLIFE - CFG.SECRETFRESH))
+
###--------------------------------------------------------------------------
### Authentication commands.
CGI.redirect(CGI.action('login', why = 'AUTHFAIL'))
else:
t = mint_token(u)
- CGI.redirect(CGI.action('list'),
- set_cookie = CGI.cookie('chpwd-token', t,
- httponly = True,
- path = CFG.SCRIPT_NAME,
- max_age = (CFG.SECRETLIFE -
- CFG.SECRETFRESH)))
+ CGI.redirect(CGI.action('list', u),
+ set_cookie = bake_cookie(t))
###----- That's all, folks --------------------------------------------------