[Mailman-Users] Modify options-login page

Mark Sapiro mark at msapiro.net
Fri Jan 27 18:59:43 CET 2012 

Michele Federle wrote:

>I've done it, but now there is a problem!!! In the options-page appears an
>error:
>
>Bug in Mailman version 2.1.13
>We're sorry, we hit a bug!


You have made a mistake in modifying options.py. There will be an entry
in Mailman's 'error' log from the above including a traceback and a
Python error.

If you can't figure out your mistake, post the traceback and error and
your modified code.

I suggest you copy/paste the code fragment directly from
<http://mail.python.org/pipermail/mailman-users/2012-January/072811.html>.


>2012/1/27 Mark Sapiro <mark at msapiro.net>
>>
>> If you really mean you would like an authentication failure from the
>> options login page to return the list's listinfo page with an error
>> message, that would be difficult to do because the listinfo page
>> doesn't have a mechanism for reporting errors when invoked with an
>> HTTP GET. And why would you want to take the user away from the login
>> page just because of a simple typo in email address or password?
>
>
>Just because I modified the html and I have both email and password inputs
>for login in the listinfo page :)
>So it would be better if users don't see the login form on the options-page,
>it doesn't suit with the rest!!


OK, but the web UI wasn't designed to work that way, so it's not easy
to do.


>>If you just want to replace the "Authentication failed." error message
>> with something more specific, you could do that, but you would have to
>> modify the code to first validate the member address, because the
>> existing code calls the SecurityManager WebAuthenticate() method to
>> authenticate the entry and it's context (list member, list owner, site
>> owner) and receives onle a True or False return.
>
>
>Oh, such a shame!! And make a simple redirect in case of login-error??


If you want to have an options login failure go back to the listinfo
page, you can make a similar modification to this code:

        if cgidata.has_key('password'):
            doc.addError(_('Authentication failed.'))
            # So as not to allow membership leakage, prompt for the
email
            # address and the password here.
            if mlist.private_roster <> 0:
                syslog('mischief',
                       'Login failure with private rosters: %s',
                       user)
                user = None
            # give an HTTP 401 for authentication failure
            print 'Status: 401 Unauthorized'
        loginpage(mlist, doc, user, language)
        print doc.Format()
        return

changing it to something like:

        if cgidata.has_key('password'):
            doc.addError(_('Authentication failed.'))
            # So as not to allow membership leakage, prompt for the
email
            # address and the password here.
            if mlist.private_roster <> 0:
                syslog('mischief',
                       'Login failure with private rosters: %s',
                       user)
                user = None
        listinfo_url = '%slistinfo%s/%s' % (mlist.web_page_url,
                                            mm_cfg.CGIEXT,
                                            mlist.internal_name(),
                                           )
        print """Status: 303 See Other
Location: %s

If you see this, <a href=%s>Click to redirect</a>.
""" % (listinfo_url, listinfo_url)
        return


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list