[web] kill https-deny-anonymous option (closes #5193687)
It doesn't make much sense to prevent people from using https.
--- a/web/application.py Thu Jan 29 10:54:41 2015 +0100
+++ b/web/application.py Tue Mar 31 10:22:05 2015 +0200
@@ -365,12 +365,6 @@
# several cubes like registration or forgotten password rely on
# this principle.
- # DENY https acces for anonymous_user
- if (req.https
- and req.session.anonymous_session
- and self.vreg.config['https-deny-anonymous']):
- # don't allow anonymous on https connection
- raise AuthenticationError()
# nested try to allow LogOut to delegate logic to AuthenticationError
# handler
try:
--- a/web/views/basetemplates.py Thu Jan 29 10:54:41 2015 +0100
+++ b/web/views/basetemplates.py Tue Mar 31 10:22:05 2015 +0200
@@ -514,10 +514,6 @@
if config['auth-mode'] != 'http':
self.login_form(id) # Cookie authentication
w(u'</div>')
- if self._cw.https and config.anonymous_user()[0] and config['https-deny-anonymous']:
- path = xml_escape(config['base-url'] + self._cw.relative_path())
- w(u'<div class="loginMessage"><a href="%s">%s</a></div>\n'
- % (path, self._cw._('No account? Try public access at %s') % path))
w(u'</div>\n')
def login_form(self, id):
--- a/web/webconfig.py Thu Jan 29 10:54:41 2015 +0100
+++ b/web/webconfig.py Tue Mar 31 10:22:05 2015 +0200
@@ -124,16 +124,6 @@
'where the cubicweb web server is listening on port 8080.',
'group': 'main', 'level': 3,
}),
- ('https-deny-anonymous',
- {'type': 'yn',
- 'default': False,
- 'help': 'Prevent anonymous user to browse through https version of '
- 'the site (https-url). Login form will then be displayed '
- 'until logged',
- 'group': 'web',
- 'level': 2
- }
- ),
('auth-mode',
{'type' : 'choice',
'choices' : ('cookie', 'http'),