/usr/share/pyshared/repoze/who/plugins/cookie.py is in python-repoze.who 1.0.18-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | import binascii
from paste.request import get_cookies
from zope.interface import implements
from repoze.who.interfaces import IIdentifier
class InsecureCookiePlugin(object):
implements(IIdentifier)
def __init__(self, cookie_name, cookie_path='/'):
self.cookie_name = cookie_name
self.cookie_path = cookie_path
# IIdentifier
def identify(self, environ):
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
if cookie is None:
return None
try:
auth = cookie.value.decode('base64')
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
return {'login':login, 'password':password}
except ValueError: # not enough values to unpack
return None
# IIdentifier
def forget(self, environ, identity):
# return a expires Set-Cookie header
expired = ('%s=""; Path=%s; Expires=Sun, 10-May-1971 11:59:00 GMT' %
(self.cookie_name, self.cookie_path))
return [('Set-Cookie', expired)]
# IIdentifier
def remember(self, environ, identity):
cookie_value = '%(login)s:%(password)s' % identity
cookie_value = cookie_value.encode('base64').rstrip()
cookies = get_cookies(environ)
existing = cookies.get(self.cookie_name)
value = getattr(existing, 'value', None)
if value != cookie_value:
# return a Set-Cookie header
set_cookie = '%s=%s; Path=%s;' % (self.cookie_name, cookie_value,
self.cookie_path)
return [('Set-Cookie', set_cookie)]
def __repr__(self):
return '<%s %s>' % (self.__class__.__name__,
id(self)) #pragma NO COVERAGE
def make_plugin(cookie_name='repoze.who.plugins.cookie', cookie_path='/'):
plugin = InsecureCookiePlugin(cookie_name, cookie_path)
return plugin
|