github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-05 03:00:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

authentication: Don't depend on RedditController cookie objects.

Browse Source 
This enables code reuse outside of the RedditController timeline (such
as in the beta mode plugin).
This commit is contained in:
Max Goodman
2013-05-10 16:37:58 -07:00
parent f78ffab2e6
commit fb9a4f5b47
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
r2/r2/lib/authentication.py
View File

@@ -30,6 +30,7 @@ single website.)
import bcrypt
from pylons import g, c, request
from urllib import unquote
from r2.models import Account, NotFound
from r2.lib.utils import constant_time_compare, parse_http_basic
@@ -55,13 +56,14 @@ def authentication_provider(allow_logout):
@authentication_provider(allow_logout=True)
def cookie():
"""Authenticate the user given a session cookie."""
session_cookie = c.cookies.get(g.login_cookie)
if not session_cookie:
session_cookie = request.cookies.get(g.login_cookie)
if session_cookie:
session_cookie = unquote(session_cookie)
else:
return None
cookie = session_cookie.value
try:
uid, timestr, hash = cookie.split(",")
uid, timestr, hash = session_cookie.split(",")
uid = int(uid)
except:
return None
@@ -71,7 +73,7 @@ def cookie():
except NotFound:
return None
if not constant_time_compare(cookie, account.make_cookie(timestr)):
if not constant_time_compare(session_cookie, account.make_cookie(timestr)):
return None
return account