PARAM = []
PARAMDICT = {}
PATH = []
+SSLP = False
## Regular expressions for splitting apart query and cookie strings.
R_QSPLIT = RX.compile('[;&]')
`PATH'
The trailing `PATH_INFO' path, split at `/' markers, with any
trailing empty component removed.
+
+ `SSLP'
+ True if the client connection is carried over SSL or TLS.
"""
+ global SSLP
+
def getenv(var):
try: return ENV[var]
except KeyError: raise U.ExpectedError, (500, "No `%s' supplied" % var)
if pp and not pp[-1]: pp.pop()
PATH[:] = pp
+ ## Check the crypto for the connection.
+ if ENV.get('SSL_PROTOCOL'):
+ SSLP = True
+
###--------------------------------------------------------------------------
### CGI subcommands.
'metavar': 'FILE', 'dest': 'config',
'default': OS.path.join(HOME, 'chpwd.conf'),
'help': 'read configuration from FILE.' }),
+ ('-s', '--ssl', {
+ 'dest': 'sslp', 'action': 'store_true',
+ 'help': 'pretend CGI connection is carried over SSL/TLS' }),
('-u', '--user', {
'metavar': 'USER', 'dest': 'user', 'default': None,
'help': "impersonate USER, and default context to `userv'." })]:
with cli_errors():
OPTS, args = OPTPARSE.parse_args()
CONF.loadconfig(OPTS.config)
+ CGI.SSLP = OPTS.sslp
ctx = OPTS.context
if OPTS.user:
CU.set_user(OPTS.user)
CGI.redirect(CGI.action('login', why = 'AUTHFAIL'))
else:
t = mint_token(u)
- CGI.redirect(CGI.action('list'),
+ CGI.redirect(CGI.action('list', u),
set_cookie = CGI.cookie('chpwd-token', t,
httponly = True,
+ secure = CGI.SSLP,
path = CFG.SCRIPT_NAME,
max_age = (CFG.SECRETLIFE -
CFG.SECRETFRESH)))
~mdw / chopwood / commitdiff