[Checkins] SVN: Products.PluggableAuthService/trunk/ Trap "swallowable" exceptions from ``IRoles`` plugins.
Tres Seaver
tseaver at palladion.com
Thu Aug 12 15:08:53 EDT 2010
Log message for revision 115656:
Trap "swallowable" exceptions from ``IRoles`` plugins.
Thanks to + Willi Langenburger for the patch.
Fixes https://bugs.launchpad.net/zope-pas/+bug/615474
Changed:
U Products.PluggableAuthService/trunk/CHANGES.txt
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py
-=-
Modified: Products.PluggableAuthService/trunk/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt 2010-08-12 18:16:32 UTC (rev 115655)
+++ Products.PluggableAuthService/trunk/CHANGES.txt 2010-08-12 19:08:53 UTC (rev 115656)
@@ -4,8 +4,12 @@
1.7.2 (unreleased)
------------------
-- Fixed possible TypeError in extractCredentials of CookieAuthHelper
- when the __ac cookie is not ours (but e.g. from plone.session,
+- Trap "swallowable" exceptions from ``IRoles`` plugins. Thanks to
+ Willi Langenburger for the patch. Fixes
+ https://bugs.launchpad.net/zope-pas/+bug/615474 .
+
+- Fixed possible TypeError in ``extractCredentials`` of CookieAuthHelper
+ when the ``__ac`` cookie is not ours (but e.g. from plone.session,
though even then only in a corner case).
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py 2010-08-12 18:16:32 UTC (rev 115655)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py 2010-08-12 19:08:53 UTC (rev 115656)
@@ -737,12 +737,16 @@
rolemakers = plugins.listPlugins( IRolesPlugin )
for rolemaker_id, rolemaker in rolemakers:
+ try:
+ roles = rolemaker.getRolesForPrincipal( user, request )
+ except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
+ logger.debug( 'IRolesPlugin %s error' % rolemaker_id
+ , exc_info=True
+ )
+ else:
+ if roles:
+ user._addRoles( roles )
- roles = rolemaker.getRolesForPrincipal( user, request )
-
- if roles:
- user._addRoles( roles )
-
user._addRoles( ['Authenticated'] )
# Cache the user if caching is enabled
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py 2010-08-12 18:16:32 UTC (rev 115655)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py 2010-08-12 19:08:53 UTC (rev 115656)
@@ -28,6 +28,11 @@
class DummyPlugin(Implicit):
pass
+class FaultyRolesPlugin(DummyPlugin):
+
+ def getRolesForPrincipal(self, principal, request=None):
+ raise KeyError("intentional KeyError from FaultyRolesPlugin")
+
class DummyUserEnumerator( DummyPlugin ):
def __init__( self, user_id, login=None ):
@@ -445,6 +450,16 @@
return rc, root, folder, object
+ def _makeFaultyRolemaker( self ):
+
+ from Products.PluggableAuthService.interfaces.plugins \
+ import IRolesPlugin
+
+ rolemaker = FaultyRolesPlugin()
+ directlyProvides( rolemaker, IRolesPlugin )
+
+ return rolemaker
+
def _makeUserEnumerator( self, user_id, login=None ):
from Products.PluggableAuthService.interfaces.plugins \
@@ -1007,6 +1022,30 @@
self.assertEqual( v, published )
+ def test__faultyRolemaker( self ):
+
+ from Products.PluggableAuthService.interfaces.plugins \
+ import IUserEnumerationPlugin, IRolesPlugin
+
+ plugins = self._makePlugins()
+ zcuf = self._makeOne( plugins )
+
+ ue = self._makeUserEnumerator( 'foo' )
+ zcuf._setObject( 'ue', ue )
+
+ rm = self._makeFaultyRolemaker()
+ zcuf._setObject( 'rm', rm )
+
+ plugins = zcuf._getOb( 'plugins' )
+
+ plugins.activatePlugin( IUserEnumerationPlugin, 'ue' )
+ plugins.activatePlugin( IRolesPlugin, 'rm' )
+
+ try:
+ zcuf.getUser('foo')
+ except KeyError, e:
+ self.fail('exception should be caught by PAS: %s' % e)
+
def test__verifyUser_no_plugins( self ):
plugins = self._makePlugins()
More information about the checkins
mailing list