Webware for Python

Author: chrisz
Date: Fri Jan 13 04:07:21 2006
New Revision: 4508

Modified:
   Webware/trunk/WebKit/Admin/AdminPage.py
   Webware/trunk/WebKit/Admin/AdminSecurity.py
   Webware/trunk/WebKit/Admin/LoginPage.py
   Webware/trunk/WebKit/Docs/RelNotes-0.9.phtml
Log:
Changed login mechanism for the Admin pages: The login id is now only created once in order to avoid problems with prefetching browsers (e.g. Firefox with Fasterfox extension). Also, a logout link has been added to the sidebar menu.

Modified: Webware/trunk/WebKit/Admin/AdminPage.py
==============================================================================
--- Webware/trunk/WebKit/Admin/AdminPage.py	(original)
+++ Webware/trunk/WebKit/Admin/AdminPage.py	Fri Jan 13 04:07:21 2006
@@ -30,6 +30,7 @@
 		self.menuItem('Plug-ins', 'PlugIns')
 		self.menuItem('Servlet cache', 'ServletCache')
 		self.menuItem('Application Control','AppControl')
+		self.menuItem('Logout', 'Main?logout=yes')
 
 	def fileSize(self, filename):
 		"""Utility method for writeMenu() to get the size of a configuration file.

Modified: Webware/trunk/WebKit/Admin/AdminSecurity.py
==============================================================================
--- Webware/trunk/WebKit/Admin/AdminSecurity.py	(original)
+++ Webware/trunk/WebKit/Admin/AdminSecurity.py	Fri Jan 13 04:07:21 2006
@@ -24,20 +24,12 @@
 			request = self.request()
 			trans = self.transaction()
 			app = self.application()
-			# Get login id and clear it from the session
-			loginid = session.value('loginid', None)
-			if loginid: session.delValue('loginid')
-			# Are they logging out?
-			if request.hasField('logout'):
-				# They are logging out. Clear all session variables:
-				session.values().clear()
-				request.fields()['extra'] = 'You have been logged out.'
-				app.forward(trans, 'LoginPage')
-				return
-			elif request.hasField('login') \
+			# Are they logging in?
+			if request.hasField('login') \
 					and request.hasField('username') \
 					and request.hasField('password'):
-				# They are logging in. Clear session:
+				# They are logging in. Get login id and clear session:
+				loginid = session.value('loginid', None)
 				session.values().clear()
 				# Check if this is a valid user/password
 				username = request.field('username')
@@ -54,13 +46,19 @@
 						' (And make sure cookies are enabled.)'
 					app.forward(trans, 'LoginPage')
 					return
-			# They aren't logging in; are they already logged in?
+			# Are they logging out?
+			elif request.hasField('logout'):
+				# They are logging out. Clear all session variables:
+				session.values().clear()
+				request.fields()['extra'] = 'You have been logged out.'
+				app.forward(trans, 'LoginPage')
+				return
+			# Are they already logged in?
 			elif session.value('authenticated_user_admin', None):
 				# They are already logged in; write the HTML for this page:
 				AdminPage.writeHTML(self)
 			else:
 				# They need to log in.
-				session.values().clear()
 				app.forward(trans, 'LoginPage')
 				return
 

Modified: Webware/trunk/WebKit/Admin/LoginPage.py
==============================================================================
--- Webware/trunk/WebKit/Admin/LoginPage.py	(original)
+++ Webware/trunk/WebKit/Admin/LoginPage.py	Fri Jan 13 04:07:21 2006
@@ -29,10 +29,13 @@
 			if name.lower() not in ('username', 'password', 'login', 'logout', 'loginid'):
 				for v in list(value):
 					self.writeln('<input type="hidden" name="%s" value="%s">' % (name, v))
-		# Create a "unique" login id and put it in the form as well as in the session.
-		# Login will only be allowed if they match.
-		loginid = ''.join(map(lambda x: '%02d' % x,
-				localtime(time())[:6])) + str(randint(10000, 99999))
+		if self.session().hasValue('loginid'):
+			loginid = self.session().value('loginid')
+		else:
+			# Create a "unique" login id and put it in the form as well as in the session.
+			# Login will only be allowed if they match.
+			loginid = ''.join(map(lambda x: '%02d' % x,
+					localtime(time())[:6])) + str(randint(10000, 99999))
+			self.session().setValue('loginid', loginid)
 		self.writeln('<input type="hidden" name="loginid" value="%s">' % loginid)
-		self.session().setValue('loginid', loginid)
 		self.writeln('</form>\n<p>&nbsp;</p></div>')

Modified: Webware/trunk/WebKit/Docs/RelNotes-0.9.phtml
==============================================================================
--- Webware/trunk/WebKit/Docs/RelNotes-0.9.phtml	(original)
+++ Webware/trunk/WebKit/Docs/RelNotes-0.9.phtml	Fri Jan 13 04:07:21 2006
@@ -202,7 +202,7 @@
 	prevent customers and administrators from messing around with the source
 	code and give a certain level of protection as closed source (this feature
 	had been requested several times). Before, <tt>.pyc</tt> and <tt>.pyo</tt>
-	had not been executed, but delivered as unknown file tyes which does not
+	had not been executed, but delivered as unknown file types which does not
 	make much sense and can be a security problem, for instance when database
 	passwords and other information is stored in the servlets. By using
 	<tt>ExtensionCascadeOrder</tt>, you can also determine a priority, such as