Permalink
Browse files

Allow explicit cookie domain setting.

This is useful as an escape hatch when dealing with enviroments where
no normal rules apply.
  • Loading branch information...
1 parent c65b850 commit a1f768cc766516e81f295c7ad507305e526a740e @wichert wichert committed Aug 12, 2013
Showing with 49 additions and 10 deletions.
  1. +7 −3 CHANGES.txt
  2. +22 −7 pyramid/authentication.py
  3. +20 −0 pyramid/tests/test_authentication.py
View
@@ -49,9 +49,13 @@ Features
``pyramid.config.Configurator.add_static_view``. This allows
externally-hosted static URLs to be generated based on the current protocol.
-- The ``AuthTktAuthenticationPolicy`` has a new ``parent_domain`` option to
- set the authentication cookie as a wildcard cookie on the parent domain. This
- is useful if you have multiple sites sharing the same domain.
+- The ``AuthTktAuthenticationPolicy`` has two new options to configure its
+ domain usage:
+ * ``parent_domain``: if set the authentication cookie is set on
+ the parent domain. This is useful if you have multiple sites sharing the
+ same domain.
+ * ``domain``: if provided the cookie is always set for this domain, bypassing
+ all usual logic.
- The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using
the ``include_ip=True`` option. This is possibly incompatible with
View
@@ -528,6 +528,15 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
This option is available as of :app:`Pyramid` 1.5.
+ ``domain``
+
+ Default: ``None``. If provided the auth_tkt cookie will only be
+ set for this domain. This option is not compatible with ``wild_domain``
+ and ``parent_domain``.
+ Optional.
+
+ This option is available as of :app:`Pyramid` 1.5.
+
``hashalg``
Default: ``md5`` (the literal string).
@@ -581,6 +590,7 @@ def __init__(self,
debug=False,
hashalg=_marker,
parent_domain=False,
+ domain=None,
):
if hashalg is _marker:
hashalg = 'md5'
@@ -619,6 +629,7 @@ def __init__(self,
wild_domain=wild_domain,
hashalg=hashalg,
parent_domain=parent_domain,
+ domain=domain,
)
self.callback = callback
self.debug = debug
@@ -816,7 +827,7 @@ class AuthTktCookieHelper(object):
def __init__(self, secret, cookie_name='auth_tkt', secure=False,
include_ip=False, timeout=None, reissue_time=None,
max_age=None, http_only=False, path="/", wild_domain=True,
- hashalg='md5', parent_domain=False):
+ hashalg='md5', parent_domain=False, domain=None):
self.secret = secret
self.cookie_name = cookie_name
self.include_ip = include_ip
@@ -828,6 +839,7 @@ def __init__(self, secret, cookie_name='auth_tkt', secure=False,
self.path = path
self.wild_domain = wild_domain
self.parent_domain = parent_domain
+ self.domain = domain
self.hashalg = hashalg
static_flags = []
@@ -867,13 +879,16 @@ def _get_cookies(self, environ, value, max_age=None):
domains = []
- if self.parent_domain and cur_domain.count('.') > 1:
- domains.append('.' + cur_domain.split('.', 1)[1])
+ if self.domain:
+ domains.append(self.domain)
else:
- domains.append(None)
- domains.append(cur_domain)
- if self.wild_domain:
- domains.append('.' + cur_domain)
+ if self.parent_domain and cur_domain.count('.') > 1:
+ domains.append('.' + cur_domain.split('.', 1)[1])
+ else:
+ domains.append(None)
+ domains.append(cur_domain)
+ if self.wild_domain:
+ domains.append('.' + cur_domain)
cookies = []
base_cookie = '%s="%s"; Path=%s%s%s' % (self.cookie_name, value,
@@ -966,6 +966,26 @@ def test_remember_parent_domain_supercedes_wild_domain(self):
self.assertEqual(len(result), 1)
self.assertTrue(result[0][1].endswith('; Domain=.example.com'))
+ def test_remember_explicit_domain(self):
+ helper = self._makeOne('secret', domain='pyramid.bazinga')
+ request = self._makeRequest()
+ request.environ['HTTP_HOST'] = 'www.example.com'
+ result = helper.remember(request, 'other')
+ self.assertEqual(len(result), 1)
+
+ self.assertEqual(result[0][0], 'Set-Cookie')
+ self.assertTrue(result[0][1].endswith('; Path=/; Domain=pyramid.bazinga'))
+ self.assertTrue(result[0][1].startswith('auth_tkt='))
+
+ def test_remember_domain_supercedes_parent_and_wild_domain(self):
+ helper = self._makeOne('secret', domain='pyramid.bazinga',
+ parent_domain=True, wild_domain=True)
+ request = self._makeRequest()
+ request.environ['HTTP_HOST'] = 'www.example.com'
+ result = helper.remember(request, 'other')
+ self.assertEqual(len(result), 1)
+ self.assertTrue(result[0][1].endswith('; Path=/; Domain=pyramid.bazinga'))
+
def test_remember_domain_has_port(self):
helper = self._makeOne('secret', wild_domain=False)
request = self._makeRequest()

0 comments on commit a1f768c

Please sign in to comment.