changeset 3880:85cd05b8af42

refactor ticket secret calculation (only done once, written to cfg.secrets if it is None)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 19 Jul 2008 16:07:54 +0200
parents b13a58a18dac
children 15bd8dae9003 c8ffd029ab1f
files MoinMoin/config/multiconfig.py MoinMoin/wikiutil.py
diffstat 2 files changed, 20 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Sat Jul 19 14:36:38 2008 +0200
+++ b/MoinMoin/config/multiconfig.py	Sat Jul 19 16:07:54 2008 +0200
@@ -533,6 +533,8 @@
     session_handler = session.DefaultSessionHandler()
     session_id_handler = session.MoinCookieSessionIDHandler()
 
+    secrets = None  # if wiki admin does not set it, will get calculated from some cfg values
+
     shared_intermap = None # can be string or list of strings (filenames)
 
     show_hosts = True # show hostnames on RecentChanges / info/history action
@@ -828,6 +830,10 @@
             from xmlrpclib import Server
             self.notification_server = Server(self.notification_bot_uri, )
 
+        if self.secrets is None:  # Note: this is 'secrets' (with s at the end), not 'secret' (as above)
+                                  # This stuff is already cleaned up in 1.8 repo...
+            self.secrets = self.calc_secrets()
+
         # Cache variables for the properties below
         self._iwid = self._iwid_full = self._meta_dict = None
 
@@ -846,6 +852,19 @@
             self.url_prefix_local = self.url_prefix_static
 
 
+    def calc_secrets(self):
+        """ make up some 'secret' using some config values """
+        varnames = ['data_dir', 'data_underlay_dir', 'language_default',
+                    'mail_smarthost', 'mail_from', 'page_front_page',
+                    'theme_default', 'sitename', 'logo_string',
+                    'interwikiname', 'user_homewiki', 'acl_rights_before', ]
+        secret = ''
+        for varname in varnames:
+            var = getattr(self, varname, None)
+            if isinstance(var, (str, unicode)):
+                secret += repr(var)
+        return secret
+
     def load_meta_dict(self):
         """ The meta_dict contains meta data about the wiki instance. """
         if getattr(self, "_meta_dict", None) is None:
--- a/MoinMoin/wikiutil.py	Sat Jul 19 14:36:38 2008 +0200
+++ b/MoinMoin/wikiutil.py	Sat Jul 19 16:07:54 2008 +0200
@@ -2449,21 +2449,11 @@
 
 
     ticket = "%s.%s.%s" % (tm, pagename, action)
-    digest = sha.new()
+    digest = sha.new(request.cfg.secrets)
     digest.update(ticket)
 
-    varnames = ['data_dir', 'data_underlay_dir', 'language_default',
-                'mail_smarthost', 'mail_from', 'page_front_page',
-                'theme_default', 'sitename', 'logo_string',
-                'interwikiname', 'user_homewiki', 'acl_rights_before', ]
-    for varname in varnames:
-        var = getattr(request.cfg, varname, None)
-        if isinstance(var, (str, unicode)):
-            digest.update(repr(var))
-
     return "%s.%s" % (ticket, digest.hexdigest())
 
-
 def checkTicket(request, ticket):
     """Check validity of a previously created ticket"""
     try: