[Checkins] SVN: Products.PluggableAuthService/trunk/ Fixed an issue where a bad cookie value would raise an inappropriate exception.
Malthe Borch
mborch at gmail.com
Thu Dec 2 12:32:24 EST 2010
Log message for revision 118672:
Fixed an issue where a bad cookie value would raise an inappropriate exception.
Changed:
U Products.PluggableAuthService/trunk/CHANGES.txt
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
-=-
Modified: Products.PluggableAuthService/trunk/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt 2010-12-02 15:54:36 UTC (rev 118671)
+++ Products.PluggableAuthService/trunk/CHANGES.txt 2010-12-02 17:32:23 UTC (rev 118672)
@@ -4,6 +4,9 @@
1.7.3 (unreleased)
------------------
+- Fixed possible ``binascii.Error`` in ``extractCredentials`` of
+ CookieAuthHelper. This is a corner case that might happen after
+ a browser upgrade.
1.7.2 (2010-11-11)
------------------
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py 2010-12-02 15:54:36 UTC (rev 118671)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py 2010-12-02 17:32:23 UTC (rev 118672)
@@ -17,6 +17,7 @@
"""
from base64 import encodestring, decodestring
+from binascii import Error
from urllib import quote, unquote
from AccessControl.SecurityInfo import ClassSecurityInfo
@@ -117,8 +118,14 @@
creds['password'] = request.form.get('__ac_password', '')
elif cookie and cookie != 'deleted':
- cookie_val = decodestring(unquote(cookie))
+ raw = unquote(cookie)
try:
+ cookie_val = decodestring(raw)
+ except Error:
+ # Cookie is in a different format, so it is not ours
+ return creds
+
+ try:
login, password = cookie_val.split(':')
except ValueError:
# Cookie is in a different format, so it is not ours
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py 2010-12-02 15:54:36 UTC (rev 118671)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py 2010-12-02 17:32:23 UTC (rev 118672)
@@ -202,7 +202,21 @@
self.assertEqual(helper.extractCredentials(request),
{})
+ def test_extractCredentials_from_cookie_with_bad_binascii(self):
+ # this might happen between browser implementations
+ from base64 import encodestring
+ helper = self._makeOne()
+ response = FauxCookieResponse()
+ request = FauxSettableRequest(RESPONSE=response)
+
+ cookie_val = 'NjE2NDZkNjk2ZTo3MDZjNmY2ZTY1MzQ3NQ%3D%3D'[:-1]
+ request.set(helper.cookie_name, cookie_val)
+
+ self.assertEqual(helper.extractCredentials(request),
+ {})
+
+
if __name__ == "__main__":
unittest.main()
More information about the checkins
mailing list