[kforge-dev] Authentication bug: not finding the cookie
John Bywater
john.bywater at appropriatesoftwarefoundation.org
Thu Nov 2 14:51:10 UTC 2006
Rufus Pollock wrote:
> Looking at the code this implies that there **are** cookies in the
> request but that there is no kui session cookie:
>
>
> ............
> kui_auth_cookie = cookies.get('kui_auth')
That's the problem: the cookie isn't called 'kui_auth' anymore, but
'kforge_auth'.
I've fixed the cookie name up by using the kforge.dicitonarywords
constant, so we don't suffer from the same word mismatch in the furture.
I'm also just finishing refactoring the (very long) procedural
mod_python handlers we have into an OO style [1], and in the process
putting those objects under unit test. I've also reviewed the mod_python
manual, and improved the way a few things are done. I hope the redirect
to login is also sorted out. I also rewrote the apache config fragment,
to be clearer about what happens [2] (search for 'Satisfy Any') . But I
didn't check everything in yet.
The only reason we were thinking this code was difficult to test is
because we needed to import apache, which you can't do from the unit
test suite. But we only need to import apache for apache return codes
(apache.OK, etc). So I've written the handlers to return more human
readable string codes ('ALLOW', 'DENY', 'DEFER', 'REDIRECT'), and then
configured apache to register functions to wrap these unit-tested
handler objects, and to return apache codes instead of the strings.
For the unit tests I wrote some mock mod_python request objects. So we
should be able to pin everything down now.
I will leave room for the tests to be refined and extended.
John.
PS Hope to commit things shortly......
[1]
http://project.knowledgeforge.net/kforge/trac/browser/trunk/src/kforge/handlers/base.py
[2]
http://project.knowledgeforge.net/kforge/trac/browser/trunk/src/kforge/apache/apacheconfig.py
More information about the kforge-dev
mailing list