[Checkins] SVN: z3c.authenticator/branches/adamg-0.7.2/s fixing a bug
Adam Groszer
agroszer at gmail.com
Tue Jan 26 11:04:11 EST 2010
Log message for revision 108521:
fixing a bug
Changed:
U z3c.authenticator/branches/adamg-0.7.2/setup.py
U z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py
A z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt
U z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py
-=-
Modified: z3c.authenticator/branches/adamg-0.7.2/setup.py
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/setup.py 2010-01-26 16:02:43 UTC (rev 108520)
+++ z3c.authenticator/branches/adamg-0.7.2/setup.py 2010-01-26 16:04:10 UTC (rev 108521)
@@ -88,6 +88,7 @@
'zope.session',
'zope.site',
'zope.traversing',
+ 'zope.deferredimport',
],
zip_safe = False,
)
Modified: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py 2010-01-26 16:02:43 UTC (rev 108520)
+++ z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py 2010-01-26 16:04:10 UTC (rev 108521)
@@ -20,6 +20,7 @@
import transaction
import persistent
from urllib import urlencode
+from urllib import quote
import zope.interface
from zope.publisher.interfaces.http import IHTTPRequest
@@ -31,6 +32,7 @@
from z3c.authenticator import interfaces
+_safe = '@+' # Characters that we don't want to have quoted
class HTTPBasicAuthCredentialsPlugin(persistent.Persistent,
contained.Contained):
@@ -242,7 +244,7 @@
>>> plugin.extractCredentials(request)
{'login': 'luke', 'password': 'the_force'}
- We can also set prefixes for the fields from which the credentials are
+ We can also set prefixes for the fields from which the credentials are
extracted:
>>> plugin.loginfield = "login"
@@ -398,9 +400,18 @@
camefrom = '/'.join([request.getURL(path_only=True)] + stack)
if query:
camefrom = camefrom + '?' + query
+
+ try:
+ camefrom = str(camefrom)
+ query = urlencode({'camefrom': camefrom})
+ except UnicodeEncodeError:
+ #urlencode does just too much
+ camefrom = quote(camefrom.encode('utf-8'), _safe)
+ query = "camefrom=%s" % camefrom
+
url = '%s/@@%s?%s' % (absoluteURL(site, request),
self.loginpagename,
- urlencode({'camefrom': camefrom}))
+ query)
request.response.redirect(url)
return True
Added: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt (rev 0)
+++ z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt 2010-01-26 16:04:10 UTC (rev 108521)
@@ -0,0 +1,44 @@
+The redirect failed in case of a non-ASCII page name
+====================================================
+
+Challenges by redirecting to a login form.
+
+To illustrate, we'll create a test request:
+
+ >>> from zope.publisher.browser import TestRequest
+ >>> request = TestRequest()
+
+and confirm its response's initial status and 'location' header:
+
+ >>> request.response.getStatus()
+ 599
+ >>> request.response.getHeader('location')
+
+When we issue a challenge using a session plugin:
+
+ >>> from z3c.authenticator.credential import SessionCredentialsPlugin
+ >>> plugin = SessionCredentialsPlugin()
+
+The redirect failed in case of a non-ASCII page name:
+(REQUEST_URI is utf-8, _traversal_stack is unicode)
+
+ >>> env = {
+ ... 'REQUEST_URI': '/foo/bar/folder/page%C3%BC.html?q=value',
+ ... 'QUERY_STRING': 'q=value'
+ ... }
+ >>> request = TestRequest(environ=env)
+ >>> request._traversed_names = [u'foo', u'bar']
+ >>> request._traversal_stack = [u'page\xfc.html', u'folder']
+ >>> request['REQUEST_URI']
+ '/foo/bar/folder/page%C3%BC.html?q=value'
+
+When we challenge:
+
+ >>> plugin.challenge(request)
+ True
+
+We see the 'camefrom' points to the requested URL:
+
+ >>> request.response.getHeader('location') # doctest: +ELLIPSIS
+ '.../@@loginForm.html?camefrom=%2Ffoo%2Fbar%2Ffolder%2Fpage%C3%BC.html%3Fq%3Dvalue'
+
Property changes on: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt
___________________________________________________________________
Added: svn:keywords
+ Date Author Id Revision
Added: svn:eol-style
+ native
Modified: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py 2010-01-26 16:02:43 UTC (rev 108520)
+++ z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py 2010-01-26 16:04:10 UTC (rev 108521)
@@ -154,6 +154,9 @@
optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
doctest.DocTestSuite('z3c.authenticator.credential',
setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown),
+ doctest.DocFileSuite('credential_bugs.txt',
+ setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
doctest.DocTestSuite('z3c.authenticator.group',
setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown),
doctest.DocFileSuite('vocabulary.txt',
More information about the checkins
mailing list