From 7663cc596c1fff107ea216527bee8ea11d4d29b0 Mon Sep 17 00:00:00 2001
From: Vincent Pelletier <vincent@nexedi.com>
Date: Tue, 7 Jun 2016 10:32:49 +0200
Subject: [PATCH] erp5_auto_logout: Do not depend on __ac_name cookie presence.
---
.../Base_getAutoLogoutSessionKey.py | 2 +-
.../Base_getAutoLogoutSessionKey.xml | 2 +-
...ase_getUsernameFromAuthenticationCookie.py | 2 +
...se_getUsernameFromAuthenticationCookie.xml | 62 +++++++++++++++++++
.../portal_skins/erp5_auto_logout/logout.py | 7 ++-
.../erp5_auto_logout/setAuthCookie.py | 8 ++-
.../erp5_auto_logout/twiddleAuthCookie.py | 8 ++-
7 files changed, 86 insertions(+), 5 deletions(-)
create mode 100644 product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.py
create mode 100644 product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.xml
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.py b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.py
index 563108e9c5..de5a5a947b 100644
--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.py
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.py
@@ -2,4 +2,4 @@ from AccessControl import getSecurityManager
from zExceptions import Unauthorized
if REQUEST is not None: # Cheap "do not call from URL" protection - not that the session key is secret
raise Unauthorized
-return 'ac_cookie_%s' % context.REQUEST.get('__ac_name', 'Anonymous User')
+return 'ac_cookie_' + username
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.xml
index 0530478adb..f589aec1bc 100644
--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.xml
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getAutoLogoutSessionKey.xml
@@ -50,7 +50,7 @@
</item>
<item>
<key> <string>_params</string> </key>
- <value> <string>REQUEST=None</string> </value>
+ <value> <string>username, REQUEST=None</string> </value>
</item>
<item>
<key> <string>id</string> </key>
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.py b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.py
new file mode 100644
index 0000000000..4628e29c5c
--- /dev/null
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.py
@@ -0,0 +1,2 @@
+from urllib import unquote
+return unquote(value).decode('base64').split(':', 1)[0]
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.xml b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.xml
new file mode 100644
index 0000000000..d50869a4e3
--- /dev/null
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/Base_getUsernameFromAuthenticationCookie.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<ZopeData>
+ <record id="1" aka="AAAAAAAAAAE=">
+ <pickle>
+ <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+ </pickle>
+ <pickle>
+ <dictionary>
+ <item>
+ <key> <string>Script_magic</string> </key>
+ <value> <int>3</int> </value>
+ </item>
+ <item>
+ <key> <string>_bind_names</string> </key>
+ <value>
+ <object>
+ <klass>
+ <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+ </klass>
+ <tuple/>
+ <state>
+ <dictionary>
+ <item>
+ <key> <string>_asgns</string> </key>
+ <value>
+ <dictionary>
+ <item>
+ <key> <string>name_container</string> </key>
+ <value> <string>container</string> </value>
+ </item>
+ <item>
+ <key> <string>name_context</string> </key>
+ <value> <string>context</string> </value>
+ </item>
+ <item>
+ <key> <string>name_m_self</string> </key>
+ <value> <string>script</string> </value>
+ </item>
+ <item>
+ <key> <string>name_subpath</string> </key>
+ <value> <string>traverse_subpath</string> </value>
+ </item>
+ </dictionary>
+ </value>
+ </item>
+ </dictionary>
+ </state>
+ </object>
+ </value>
+ </item>
+ <item>
+ <key> <string>_params</string> </key>
+ <value> <string>value</string> </value>
+ </item>
+ <item>
+ <key> <string>id</string> </key>
+ <value> <string>Base_getUsernameFromAuthenticationCookie</string> </value>
+ </item>
+ </dictionary>
+ </pickle>
+ </record>
+</ZopeData>
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/logout.py b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/logout.py
index 383c203468..562258fbf9 100644
--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/logout.py
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/logout.py
@@ -1,5 +1,10 @@
+from AccessControl import getSecurityManager
portal = context.getPortalObject()
-portal.portal_sessions.manage_delObjects(portal.Base_getAutoLogoutSessionKey())
+portal.portal_sessions.manage_delObjects(
+ portal.Base_getAutoLogoutSessionKey(
+ username=getSecurityManager().getUser().getUserName(),
+ )
+)
REQUEST = portal.REQUEST
if REQUEST.has_key('portal_skin'):
portal.portal_skins.clearSkinCookie()
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/setAuthCookie.py b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/setAuthCookie.py
index 53e8abc671..8e0d73867e 100644
--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/setAuthCookie.py
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/setAuthCookie.py
@@ -8,7 +8,13 @@ else:
now = DateTime()
kw['expires'] = (now + expire_interval).toZone('GMT').rfc822()
ac_renew = (now + expire_interval / 2).millis()
-portal.portal_sessions[portal.Base_getAutoLogoutSessionKey()]['ac_renew'] = ac_renew
+portal.portal_sessions[
+ portal.Base_getAutoLogoutSessionKey(
+ username=portal.Base_getUsernameFromAuthenticationCookie(
+ cookie_value,
+ )
+ )
+]['ac_renew'] = ac_renew
resp.setCookie(
name=cookie_name,
value=cookie_value,
diff --git a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/twiddleAuthCookie.py b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/twiddleAuthCookie.py
index 696eddee4f..6cc18e8a51 100644
--- a/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/twiddleAuthCookie.py
+++ b/product/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_auto_logout/twiddleAuthCookie.py
@@ -1,3 +1,9 @@
portal = context.getPortalObject()
-if DateTime().millis() >= portal.portal_sessions[portal.Base_getAutoLogoutSessionKey()].get('ac_renew', 0):
+if DateTime().millis() >= portal.portal_sessions[
+ portal.Base_getAutoLogoutSessionKey(
+ username=portal.Base_getUsernameFromAuthenticationCookie(
+ cookie_value,
+ )
+ )
+ ].get('ac_renew', 0):
portal.setAuthCookie(resp, cookie_name, cookie_value)
--
2.30.9