Ticket #351 (defect)
Opened 3 years ago
Last modified 3 years ago
Patch to allow sessionauthenticatefilter preserve query string in URLs during login
Status: closed (fixed)
| Reported by: | Vágvölgyi Attila | Assigned to: | rdelon |
|---|---|---|---|
| Priority: | normal | Milestone: | 2.2-beta |
| Component: | CherryPy code | Keywords: | authentication fromPage query string |
| Cc: |
When SessionAuthenticateFilter.beforeMain creates the URL to return to after login, it forgets to append cherrypy.request.queryString to it, so after a successful login you could only land to exposed methods requiring no arguments, others could complain about missing arguments.
The attached patch solves this issue and allows arguments to pass through the login process.
I also feel, that beforeMain should bailout with return after calling notLoggedIn(), but since I have not used notLoggedIn in practise, I just advise to unindent the return before the call to loadUserByUsername() by one level.
Index: cherrypy/lib/filter/sessionauthenticatefilter.py
===================================================================
--- cherrypy/lib/filter/sessionauthenticatefilter.py (revision 739)
+++ cherrypy/lib/filter/sessionauthenticatefilter.py (working copy)
@@ -86,13 +86,17 @@
return
# Check if user is logged in
- if (not cherrypy.session.get(sessionKey)) and notLoggedIn:
- # Call notLoggedIn so that applications where anynymous user
- # is OK can handle it
- notLoggedIn()
- if not cherrypy.session.get(sessionKey):
- cherrypy.response.body = loginScreen(cherrypy.request.browserUrl)
- return
+ if not cherrypy.session.get(sessionKey):
+ # Call notLoggedIn so that applications where anonymous user
+ # is OK can handle it
+ if notLoggedIn:
+ notLoggedIn()
+ else:
+ fromPage = cherrypy.request.browserUrl
+ if cherrypy.request.queryString:
+ fromPage += '?' + cherrypy.request.queryString
+ cherrypy.response.body = loginScreen(fromPage)
+ return
# Everything is OK: user is logged in
if loadUserByUsername:
Change History
10/19/05 06:01:32: Modified by Vágvölgyi Attila
10/19/05 06:13:42: Modified by rdelon
- status changed from new to closed.
- resolution set to fixed.
Like the comment says, this is fixed in [737]
Sorry, I ported the patch from tags/2.1-rc1 and haven't noticed, that [737] solved the problem already in trunk.
By the way, the documentation should mention now, that cherrypy.request.browserUrl contains the queryString.
So please ignore the patch, because it would make a double queryString when applied after [737].