On Mon, Jul 24, 2000 at 08:56:54PM +0100, Steve Alexander wrote:
I've attached a patch to lib/python/AccessControl/User.py. If there are no suggestions of improvements, or complaints :-) I'll stick it into the Collector.
I looked over the RFC, and Bad Request seems to be the best response code.
Agreed.
*** lib/python/AccessControl/User.py.original Mon Jul 24 20:31:40 2000 --- lib/python/AccessControl/User.py Mon Jul 24 20:51:33 2000 *************** *** 438,444 **** # Only do basic authentication if lower(auth[:6])!='basic ': return None ! name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))
# Check for superuser super=self._super --- 438,451 ---- # Only do basic authentication if lower(auth[:6])!='basic ': return None ! try: ! name,password=\ ! tuple(split(decodestring(split(auth)[-1]), ':', 1)) ! except: # not a proper basic auth string ! request.response.setStatus(400) ! raise 'InternalError', request.response._error_html( ! "Internal Error", ! "Zope could not understand the Basic Authentication supplied.")
# Check for superuser super=self._super
Would it be a good idea to add the header? And let's make that a less generic except clause, we don't want to mask Zope bugs =) -- Martijn Pieters | Software Engineer mailto:mj@digicool.com | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ | ZopeStudio: http://www.zope.org/Products/ZopeStudio -----------------------------------------------------