Put the user's name in post-authentication requests.

In GET requests, it goes in the path; for POST requests, it can go in
`%user'.  This is to prevent caches from returning the wrong pages.  I
feel a bit stupid about not fixing this earlier.

diff --git a/chpwd b/chpwd
index 1e4248b..5925ddd 100755 (executable)
--- a/chpwd
+++ b/chpwd
@@ -87,6 +87,7 @@ for short, long, props in [
 ## The special variables, to be picked out by `cgiparse'.
 CGI.SPECIAL['%act'] = None
 CGI.SPECIAL['%nonce'] = None
+CGI.SPECIAL['%user'] = None
 
 ## We don't want to parse arguments until we've settled on a context; but
 ## issuing redirects in the early setup phase fails because we don't know
@@ -143,6 +144,14 @@ def dispatch_cgi():
   ## `cgi-noauth'.
   if ctx != 'cgi-noauth':
 
+    ## The next part of the URL should be the user name, so that caches don't
+    ## cross things over.
+    expuser = CGI.SPECIAL['%user']
+    if expuser is None:
+      if i >= np: raise U.ExpectedError, (404, 'Missing user name')
+      expuser = CGI.PATH[i]
+      i += 1
+
     ## If there's no token cookie, then we have to bail.
     try: token = CGI.COOKIE['chpwd-token']
     except KeyError:
@@ -166,6 +175,8 @@ def dispatch_cgi():
     except HA.AuthenticationFailed, e:
       CGI.redirect(CGI.action('login', why = e.why))
       return
+    if CU.USER != expuser: raise U.ExpectedError, (401, 'User mismatch')
+    CGI.STATE.kw['user'] = CU.USER
 
   ## Invoke the subcommand handler.
   c.cgi(CGI.PARAM, CGI.PATH[i:])

diff --git a/list.fhtml b/list.fhtml
index a1b3f2c..3753313 100644 (file)
--- a/list.fhtml
+++ b/list.fhtml
@@ -121,6 +121,7 @@
 </div>
 </div>
 
+<input type=hidden name=%user value="~={user}H">
 <input type=hidden name=%nonce value="~={nonce}H">
 </form>