1.1 --- a/examples/Common/LoginRedirect/__init__.py Sat May 29 21:08:48 2004 +0000
1.2 +++ b/examples/Common/LoginRedirect/__init__.py Sat May 29 21:09:25 2004 +0000
1.3 @@ -42,9 +42,15 @@
1.4 else:
1.5 # Redirect to the login URL.
1.6
1.7 - trans.set_header_value("Location", "%s?redirect=%s%s" % (self.login_url, self.app_url, trans.get_path()))
1.8 + trans.set_header_value("Location", "%s?redirect=%s%s" % (self.login_url, self.app_url, self._encode(trans.get_path())))
1.9 trans.set_response_code(307)
1.10
1.11 + def _encode(self, url):
1.12 +
1.13 + "Encode the given 'url' for redirection purposes."
1.14 +
1.15 + return url.replace("?", "%3f").replace("&", "%26")
1.16 +
1.17 class LoginRedirectAuthenticator:
1.18
1.19 """
1.20 @@ -63,7 +69,7 @@
1.21 "Authenticate the originator of 'trans', updating the object if successful."
1.22
1.23 cookie = trans.get_cookie(self.cookie_name)
1.24 - if cookie is None:
1.25 + if cookie is None or cookie.value is None:
1.26 return 0
1.27
1.28 # Test the token from the cookie against a recreated token using the
1.29 @@ -71,7 +77,6 @@
1.30 # NOTE: This should be moved into a common library.
1.31
1.32 username, code = cookie.value.split(":")
1.33 - print "*", username, code
1.34 if code == md5.md5(username + self.secret_key).hexdigest():
1.35
1.36 # Update the transaction with the user details.