[Checkins] SVN: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ Fixed an issue where a bad cookie value would raise an inappropriate exception.
Malthe Borch
mborch at gmail.com
Thu Dec 2 12:34:48 EST 2010
Log message for revision 118673:
Fixed an issue where a bad cookie value would raise an inappropriate exception.
Changed:
U Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
U Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
-=-
Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py 2010-12-02 17:32:23 UTC (rev 118672)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py 2010-12-02 17:34:48 UTC (rev 118673)
@@ -18,6 +18,7 @@
"""
from base64 import encodestring, decodestring
+from binascii import Error
from urllib import quote, unquote
from AccessControl.SecurityInfo import ClassSecurityInfo
@@ -118,8 +119,14 @@
creds['password'] = request.form.get('__ac_password', '')
elif cookie and cookie != 'deleted':
- cookie_val = decodestring(unquote(cookie))
+ raw = unquote(cookie)
try:
+ cookie_val = decodestring(raw)
+ except Error:
+ # Cookie is in a different format, so it is not ours
+ return creds
+
+ try:
login, password = cookie_val.split(':')
except ValueError:
# Cookie is in a different format, so it is not ours
Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py 2010-12-02 17:32:23 UTC (rev 118672)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py 2010-12-02 17:34:48 UTC (rev 118673)
@@ -203,7 +203,22 @@
self.assertEqual(helper.extractCredentials(request),
{})
+ def test_extractCredentials_from_cookie_with_bad_binascii(self):
+ # this might happen between browser implementations
+ from base64 import encodestring
+ helper = self._makeOne()
+ response = FauxCookieResponse()
+ request = FauxSettableRequest(RESPONSE=response)
+
+ cookie_val = 'NjE2NDZkNjk2ZTo3MDZjNmY2ZTY1MzQ3NQ%3D%3D'[:-1]
+ request.set(helper.cookie_name, cookie_val)
+
+ self.assertEqual(helper.extractCredentials(request),
+ {})
+
+
+
if __name__ == "__main__":
unittest.main()
More information about the checkins
mailing list