cgi.py: No, `QUERY_STRING' is not mandatory in GET requests.

[chopwood] / httpauth.py

diff --git a/httpauth.py b/httpauth.py
index 383bdb1cca18a305b4930a43d8db215effbad13c..0fdad7666346e82e83407b492cf929d5a8905000 100644 (file)
--- a/httpauth.py
+++ b/httpauth.py
@@ -230,16 +230,16 @@ def mint_token(user):
 ## Long messages for reasons why one might have been redirected back to the
 ## login page.
 LOGIN_REASONS = {
-  'AUTHFAIL': 'incorrect user name or password',
-  'NOAUTH': 'not authenticated',
-  'NONONCE': 'missing nonce',
-  'BADTOKEN': 'malformed token',
-  'BADTIME': 'invalid timestamp',
-  'BADNONCE': 'nonce mismatch',
-  'EXPIRED': 'session timed out',
-  'BADTAG': 'incorrect tag',
-  'NOUSER': 'unknown user name',
-  'LOGOUT': 'explicitly logged out',
+  'AUTHFAIL': 'Incorrect user name or password',
+  'NOAUTH': 'Not authenticated',
+  'NONONCE': 'Missing nonce',
+  'BADTOKEN': 'Malformed token',
+  'BADTIME': 'Invalid timestamp',
+  'BADNONCE': 'Nonce mismatch',
+  'EXPIRED': 'Session timed out',
+  'BADTAG': 'Incorrect tag',
+  'NOUSER': 'Unknown user name',
+  'LOGOUT': 'Explicitly logged out',
   None: None
 }
 
@@ -332,6 +332,7 @@ def cmd_login(why = None):
 @CGI.subcommand(
   'auth', ['cgi-noauth'],
   'Verify a user name and password',
+  methods = ['POST'],
   params = [SC.Arg('u'), SC.Arg('pw')])
 def cmd_auth(u, pw):
   svc = S.SERVICES['master']