From 337e18141e9e711d03c19313392904623ccc244b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 27 Sep 2017 14:34:57 +0200
Subject: [PATCH] middleware: improve condition to automatically determine a
 common domain (fixes #15548)

It works if:
- HTTP Host is a domain name and not an IP address (IPv6 address will not passe
  this test, they lack dots),
- domain contains at least three components.
---
 mellon/middleware.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mellon/middleware.py b/mellon/middleware.py
index 2c1d3fd..a0b814a 100644
--- a/mellon/middleware.py
+++ b/mellon/middleware.py
@@ -35,8 +35,12 @@ class PassiveAuthenticationMiddleware(object):
             # get the common domain or guess
             common_domain = app_settings.OPENED_SESSION_COOKIE_DOMAIN
             if not common_domain:
+                host = request.get_host()
+                # accept automatic common domain selection if domain has at least three components
+                # and is not an IP address
+                if not host.count('.') > 1 or host.replace('.', '').isdigit():
+                    return
                 common_domain = request.get_host().split('.', 1)[1]
-                assert '.' in common_domain  # if domain is xxx.com explode !
             params = {
                 'next': request.build_absolute_uri(),
                 'passive': '',
-- 
2.1.4