changeset 1930:3b25f0f60ede

remove per-wiki cookie_secret since it's no longer useful
author Johannes Berg <johannes AT sipsolutions DOT net>
date Tue, 03 Apr 2007 18:19:48 +0200
parents aa6aa944246b
children 7f87f9d0159e
files MoinMoin/auth/__init__.py MoinMoin/config/multiconfig.py
diffstat 2 files changed, 5 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py	Tue Apr 03 18:19:24 2007 +0200
+++ b/MoinMoin/auth/__init__.py	Tue Apr 03 18:19:48 2007 +0200
@@ -140,11 +140,10 @@
     safe = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-'
     return ''.join([random.choice(safe) for i in range(random_length)])
 
-def sign_cookie_data(request, data, securitystring=''):
-    """ generate a hash string based on site configuration's cfg.cookie_secret,
-        securitystring and the data.
+def sign_cookie_data(request, data, securitystring):
+    """ generate a hash string based the securitystring and the data.
     """
-    return hmac.new(request.cfg.cookie_secret + securitystring, data).hexdigest()
+    return hmac.new(securitystring, data).hexdigest()
 
 def makeCookie(request, cookie_name, cookie_string, maxage, expires):
     """ create an appropriate cookie """
@@ -216,7 +215,7 @@
     else:
         secidx = securitystringcache.insert(secret)
     cookie_body = "username=%s:id=%s:expires=%d:secidx=%d" % (enc_username, enc_id, expires, secidx)
-    cookie_hash = sign_cookie_data(request, cookie_body, securitystring=secret)
+    cookie_hash = sign_cookie_data(request, cookie_body, secret)
     cookie_string = ':'.join([cookie_hash, cookie_body])
     setCookie(request, u, MOIN_SESSION, cookie_string, maxage, expires)
 
@@ -346,7 +345,7 @@
 
     ussc = UserSecurityStringCache(request, params['id'])
     secstring = ussc.getsecret(secidx)
-    if cookie_hash != sign_cookie_data(request, cookie_body, securitystring=secstring):
+    if cookie_hash != sign_cookie_data(request, cookie_body, secstring):
         # XXX Cookie clear here???
         if verbose: request.log("cookie recovered had invalid hash")
         return user_obj, True
--- a/MoinMoin/config/multiconfig.py	Tue Apr 03 18:19:24 2007 +0200
+++ b/MoinMoin/config/multiconfig.py	Tue Apr 03 18:19:48 2007 +0200
@@ -225,7 +225,6 @@
     cookie_domain = None # use '.domain.tld" for a farm with hosts in that domain
     cookie_path = None   # use '/wikifarm" for a farm with pathes below that path
     cookie_lifetime = 12 # 12 hours from now
-    cookie_secret = '1234' # secret value for crypting session cookie - you should change this :)
 
     data_dir = './data/'
     data_underlay_dir = './underlay/'