Mercurial > p > roundup > code

diff roundup/cgi/client.py @ 8412:0663a7bcef6c reauth-confirm_id

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
feat: finish reauth docs, enhance code. Decided to keep name Reauth for now. admin_guide.txt: add reference mark to roundup admin help. Used for template command reference in upgrading.txt. customizing.txt: added worked example of adding a reauth auditor for address and password. Also links to OWASP recommendations. Added link to example code in design.doc on detectors. glossary.txt: reference using roundup-admin template command in def for tracker templates. pydoc.txt: Added methods for Client class. Added class and methods for (cgi) Action, LoginAction and ReauthAction. reference.txt Edited and restructured detector section. Added section on registering a detector and priority use/execution order. (reference to design doc was used before). Added/enhanced description of exception an auditor can raise (includes Reauth). Added section on Reauth implementation and use (Confirming the User). Also has paragraph on future ideas. upgrading.txt Stripped down the original section. Moved a lot to reference.txt. Referenced customizing example, mention installation of _generic.reauth.html and reference reference.txt. cgi/actions.py: fixed bad ReST that was breaking pydoc.txt processing changed doc on limitations of Reauth code. added docstring for Reauth::verifyPassword cgi/client.py: fix ReST for a method breaking pydoc.py processing cgi/templating.py: fix docstring on embed_form_fields templates/*/html/_generic.reauth.html disable spelling for password field add timing info to the javascript function that processes file data. reformat javascript IIFE templates/jinja2/html/_generic.reauth.html create a valid jinja2 template. Looks like my original jinja template got overwritten and committed. feature parity with the other reauth templates. test/test_liveserver.py add test case for Reauth workflow. Makefile add doc.
author John Rouillard <rouilj@ieee.org>
date Wed, 13 Aug 2025 23:52:49 -0400
parents ef1ea918b07a
children 14c7c07b32d8
line wrap: on
line diff
--- a/roundup/cgi/client.py	Mon Aug 11 14:01:12 2025 -0400
+++ b/roundup/cgi/client.py	Wed Aug 13 23:52:49 2025 -0400
@@ -1406,10 +1406,12 @@
 
            Header is ok (return True) if ORIGIN is missing and it is a GET.
            Header is ok if ORIGIN matches the base url.
-           If this is a API call:
-             Header is ok if ORIGIN matches an element of allowed_api_origins.
-             Header is ok if allowed_api_origins includes '*' as first
-               element and credentials is False.
+           If this is an API call:
+
+           * Header is ok if ORIGIN matches an element of allowed_api_origins.
+           * Header is ok if allowed_api_origins includes '*' as first
+             element and credentials is False.
+
            Otherwise header is not ok.
 
            In a credentials context, if we match * we will return
Roundup Issue Tracker: http://roundup-tracker.org/