[Zope-Coders] [webmaster@zope.com: [ZWEB(157)[1] request] Invalid Auth. Token for too long login+passwd]
Martijn Pieters
mj@zope.com
Mon, 22 Oct 2001 10:34:47 -0400
--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Bug filed on Zope.org tracker. Seems valid to me.
--
Martijn Pieters
| Software Engineer mailto:mj@zope.com
| Zope Corporation http://www.zope.com/
| Creators of Zope http://www.zope.org/
---------------------------------------------
--r5Pyd7+fXNt84Ff3
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <webmaster@zope.com>
Received: from smtp.zope.com ([63.100.190.10] verified)
by digicool.com (CommuniGate Pro SMTP 3.4)
with ESMTP id 2859561; Mon, 22 Oct 2001 10:24:57 -0400
Received: from mail.python.org (mail.python.org [63.102.49.29])
by smtp.zope.com (8.11.2/8.11.2) with ESMTP id f9MEKx103803;
Mon, 22 Oct 2001 10:20:59 -0400
Received: from [63.102.49.33] (helo=app1)
by mail.python.org with esmtp (Exim 3.21 #1)
id 15vfwp-00037t-00; Mon, 22 Oct 2001 10:20:59 -0400
Subject: [ZWEB(157)[1] request] Invalid Auth. Token for too long login+passwd
Sender: <webmaster@zope.com>
Errors-To: <webmaster@zope.com>
From: "Sébastien Bigaret - Issue Requester, by Tracker - admin:" <webmaster@zope.com>
To: "Candidate Supporters, via Tracker http://www.zope.org/Tracker" <>
Cc: "Requester Courtesy CC, via Tracker http://www.zope.org/Tracker" <>
Date: Mon, 22 Oct 2001 10:20:59 GMT-4
X-Tracker-debug: To: ['mj', 'mattb', 'ensane', 'klm'], Cc: ['Big']
Message-Id: <E15vfwp-00037t-00@mail.python.org>
X-ECS-MailScanner: Found to be clean
Mime-Version: 1.0
Content-Type: text/plain; charset=-iso8859-1
Content-Disposition: inline; filename=mutt-viper-24158-6
Content-Transfer-Encoding: quoted-printable
Tracker Item ZWEB(157)[1] - to followup, visit
http://www.zope.org/Tracker/157/1
Attachments:
http://www.zope.org/Tracker/157/1/User.py.patch
-=3D- -=3D- -=3D-
There is a bug in the BasicUserFolder.identify() method,
causing Invalid Authentification Token to be raised against
too long string (login+password).
Verified on: Zope2.3.3 to CVS Head (User.py Rev.1.160)
reason: basic64.encode() returns a set of '\n'-separated
lines. If the login+password is too long, the split
also splits newlines... then calls [-1] which is
just the last line returned by encode, not the whole
encoded string.
Attached is a small patch solving the issue
[patch=3D=3Dsplit(auth, ' ') instead of split(auth)]
S=E9bastien Bigaret -- aka Big.
-=3D- -=3D- -=3D-
Issue Characteristics:
Title: Invalid Auth. Token for too long login+passwd
Requester: Big=20
Stage: Pending
Traits:
Type: bug report, Area: Products, Urgency: normal,=20
Deadline: soon
--r5Pyd7+fXNt84Ff3--