middleware: improve condition to automatically determine a common domain (fixes #15548)

It works if: - HTTP Host is a domain name and not an IP address (IPv6 address will not pass this test, they lack dots), - domain contains at least three components.
2017-09-27 14:34:57 +02:00 · 2017-09-27 14:34:57 +02:00 · 688067f270
parent cb3e18c8ba
commit 688067f270
1 changed files with 5 additions and 1 deletions
--- a/mellon/middleware.py
+++ b/mellon/middleware.py
@ -35,8 +35,12 @@ class PassiveAuthenticationMiddleware(object):
            # get the common domain or guess
            common_domain = app_settings.OPENED_SESSION_COOKIE_DOMAIN
            if not common_domain:
+                host = request.get_host()
+                # accept automatic common domain selection if domain has at least three components
+                # and is not an IP address
+                if not host.count('.') > 1 or host.replace('.', '').isdigit():
+                    return
                common_domain = request.get_host().split('.', 1)[1]
-                assert '.' in common_domain  # if domain is xxx.com explode !
            params = {
                'next': request.build_absolute_uri(),
                'passive': '',