[Zope-dev] Incorrect Padding?
Martijn Pieters
mj@digicool.com
Mon, 24 Jul 2000 22:10:42 +0200
On Mon, Jul 24, 2000 at 08:56:54PM +0100, Steve Alexander wrote:
> I've attached a patch to lib/python/AccessControl/User.py. If there are
> no suggestions of improvements, or complaints :-) I'll stick it into
> the Collector.
>
> I looked over the RFC, and Bad Request seems to be the best response
> code.
Agreed.
> *** lib/python/AccessControl/User.py.original Mon Jul 24 20:31:40 2000
> --- lib/python/AccessControl/User.py Mon Jul 24 20:51:33 2000
> ***************
> *** 438,444 ****
> # Only do basic authentication
> if lower(auth[:6])!='basic ':
> return None
> ! name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))
>
> # Check for superuser
> super=self._super
> --- 438,451 ----
> # Only do basic authentication
> if lower(auth[:6])!='basic ':
> return None
> ! try:
> ! name,password=\
> ! tuple(split(decodestring(split(auth)[-1]), ':', 1))
> ! except: # not a proper basic auth string
> ! request.response.setStatus(400)
> ! raise 'InternalError', request.response._error_html(
> ! "Internal Error",
> ! "Zope could not understand the Basic Authentication supplied.")
>
> # Check for superuser
> super=self._super
Would it be a good idea to add the header? And let's make that a less generic
except clause, we don't want to mask Zope bugs =)
--
Martijn Pieters
| Software Engineer mailto:mj@digicool.com
| Digital Creations http://www.digicool.com/
| Creators of Zope http://www.zope.org/
| ZopeStudio: http://www.zope.org/Products/ZopeStudio
-----------------------------------------------------