[Checkins] SVN: z3c.authenticator/branches/0.6.2/ backport fixes of 0.7.2
Adam Groszer
agroszer at gmail.com
Tue Jan 26 11:48:25 EST 2010
Log message for revision 108530:
backport fixes of 0.7.2
Changed:
U z3c.authenticator/branches/0.6.2/CHANGES.txt
U z3c.authenticator/branches/0.6.2/setup.py
U z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential.py
A z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential_bugs.txt
U z3c.authenticator/branches/0.6.2/src/z3c/authenticator/tests.py
-=-
Modified: z3c.authenticator/branches/0.6.2/CHANGES.txt
===================================================================
--- z3c.authenticator/branches/0.6.2/CHANGES.txt 2010-01-26 16:41:32 UTC (rev 108529)
+++ z3c.authenticator/branches/0.6.2/CHANGES.txt 2010-01-26 16:48:25 UTC (rev 108530)
@@ -2,6 +2,12 @@
CHANGES
=======
+0.6.2 (2010-01-26)
+------------------
+
+- Bugfix: Failed miserably on challenge on pages having non-ASCII names.
+ (Backport from 0.7.2)
+
0.6.1 (2009-08-19)
------------------
Modified: z3c.authenticator/branches/0.6.2/setup.py
===================================================================
--- z3c.authenticator/branches/0.6.2/setup.py 2010-01-26 16:41:32 UTC (rev 108529)
+++ z3c.authenticator/branches/0.6.2/setup.py 2010-01-26 16:48:25 UTC (rev 108530)
@@ -23,7 +23,7 @@
setup (
name='z3c.authenticator',
- version='0.6.1',
+ version='0.6.2',
author = "Roger Ineichen and the Zope Community",
author_email = "zope-dev at zope.org",
description = "IAuthentication implementation for for Zope3",
@@ -89,6 +89,7 @@
'zope.security',
'zope.session',
'zope.traversing',
+ 'zope.deferredimport',
],
zip_safe = False,
)
Modified: z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential.py
===================================================================
--- z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential.py 2010-01-26 16:41:32 UTC (rev 108529)
+++ z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential.py 2010-01-26 16:48:25 UTC (rev 108530)
@@ -20,6 +20,7 @@
import transaction
import persistent
from urllib import urlencode
+from urllib import quote
import zope.interface
from zope.publisher.interfaces.http import IHTTPRequest
@@ -31,6 +32,7 @@
from z3c.authenticator import interfaces
+_safe = '@+' # Characters that we don't want to have quoted
class HTTPBasicAuthCredentialsPlugin(persistent.Persistent,
contained.Contained):
@@ -242,7 +244,7 @@
>>> plugin.extractCredentials(request)
{'login': 'luke', 'password': 'the_force'}
- We can also set prefixes for the fields from which the credentials are
+ We can also set prefixes for the fields from which the credentials are
extracted:
>>> plugin.loginfield = "login"
@@ -398,9 +400,18 @@
camefrom = '/'.join([request.getURL(path_only=True)] + stack)
if query:
camefrom = camefrom + '?' + query
+
+ try:
+ camefrom = str(camefrom)
+ query = urlencode({'camefrom': camefrom})
+ except UnicodeEncodeError:
+ #urlencode does just too much
+ camefrom = quote(camefrom.encode('utf-8'), _safe)
+ query = "camefrom=%s" % camefrom
+
url = '%s/@@%s?%s' % (absoluteURL(site, request),
self.loginpagename,
- urlencode({'camefrom': camefrom}))
+ query)
request.response.redirect(url)
return True
Copied: z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential_bugs.txt (from rev 108525, z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt)
===================================================================
--- z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential_bugs.txt (rev 0)
+++ z3c.authenticator/branches/0.6.2/src/z3c/authenticator/credential_bugs.txt 2010-01-26 16:48:25 UTC (rev 108530)
@@ -0,0 +1,44 @@
+The redirect failed in case of a non-ASCII page name
+====================================================
+
+Challenges by redirecting to a login form.
+
+To illustrate, we'll create a test request:
+
+ >>> from zope.publisher.browser import TestRequest
+ >>> request = TestRequest()
+
+and confirm its response's initial status and 'location' header:
+
+ >>> request.response.getStatus()
+ 599
+ >>> request.response.getHeader('location')
+
+When we issue a challenge using a session plugin:
+
+ >>> from z3c.authenticator.credential import SessionCredentialsPlugin
+ >>> plugin = SessionCredentialsPlugin()
+
+The redirect failed in case of a non-ASCII page name:
+(REQUEST_URI is utf-8, _traversal_stack is unicode)
+
+ >>> env = {
+ ... 'REQUEST_URI': '/foo/bar/folder/page%C3%BC.html?q=value',
+ ... 'QUERY_STRING': 'q=value'
+ ... }
+ >>> request = TestRequest(environ=env)
+ >>> request._traversed_names = [u'foo', u'bar']
+ >>> request._traversal_stack = [u'page\xfc.html', u'folder']
+ >>> request['REQUEST_URI']
+ '/foo/bar/folder/page%C3%BC.html?q=value'
+
+When we challenge:
+
+ >>> plugin.challenge(request)
+ True
+
+We see the 'camefrom' points to the requested URL:
+
+ >>> request.response.getHeader('location') # doctest: +ELLIPSIS
+ '.../@@loginForm.html?camefrom=%2Ffoo%2Fbar%2Ffolder%2Fpage%C3%BC.html%3Fq%3Dvalue'
+
Modified: z3c.authenticator/branches/0.6.2/src/z3c/authenticator/tests.py
===================================================================
--- z3c.authenticator/branches/0.6.2/src/z3c/authenticator/tests.py 2010-01-26 16:41:32 UTC (rev 108529)
+++ z3c.authenticator/branches/0.6.2/src/z3c/authenticator/tests.py 2010-01-26 16:48:25 UTC (rev 108530)
@@ -154,6 +154,9 @@
optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
doctest.DocTestSuite('z3c.authenticator.credential',
setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown),
+ doctest.DocFileSuite('credential_bugs.txt',
+ setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
doctest.DocTestSuite('z3c.authenticator.group',
setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown),
doctest.DocFileSuite('vocabulary.txt',
More information about the checkins
mailing list