Re: [Zope-dev] Incorrect Padding?

24 Jul 2000

      Martijn Pieters wrote:
...
On Mon, Jul 24, 2000 at 08:56:54PM +0100, Steve Alexander wrote:
...
I've attached a patch to lib/python/AccessControl/User.py. If there are
no suggestions of improvements, or complaints :-)  I'll stick it into
the Collector.
I looked over the RFC, and Bad Request seems to be the best response
code.
Agreed.
...
*** lib/python/AccessControl/User.py.original Mon Jul 24 20:31:40 2000
--- lib/python/AccessControl/User.py  Mon Jul 24 20:51:33 2000
***************
*** 438,444 ****
          # Only do basic authentication
          if lower(auth[:6])!='basic ':
              return None
!         name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))
# Check for superuser
          super=self._super
--- 438,451 ----
          # Only do basic authentication
          if lower(auth[:6])!='basic ':
              return None
!         try:
!             name,password=\
!                 tuple(split(decodestring(split(auth)[-1]), ':', 1))
!         except: # not a proper basic auth string
!             request.response.setStatus(400)
!             raise 'InternalError', request.response._error_html(
!                 "Internal Error",
!                 "Zope could not understand the Basic Authentication supplied.")
# Check for superuser
          super=self._super
Would it be a good idea to add the header?
I don't quite follow.
...
And let's make that a less generic
except clause, we don't want to mask Zope bugs =)
Ok.

I was thinking of just using HTTPResponse.badRequestError().
However, it has a "name" argument, and I don't quite understand how it
is meant to be used.

    def badRequestError(self,name):
        self.setStatus(400)
        if regex.match('^[A-Z_0-9]+$',name) >= 0:
            raise 'InternalError', self._error_html(
                "Internal Error",
                "Sorry, an internal error occurred in this Zope
resource.")

        raise 'BadRequest',self._error_html(
            "Invalid request",
            "The parameter, <em>%s</em>, " % name +
            "was omitted from the request.<p>" + 
            "Make sure to specify all required parameters, " +
            "and try the request again."
            )

So, any of name="FOO", name="123", name="FOO123", name="" produces an
internal error; name="foo", name="Foo", name="foo123" produces a bad
request.

What's the rationale?

Should I just use this, then?

  request.response.badRequestError(name="0") # internal error

--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net