[Zope-dev] Incorrect Padding?

Steve Alexander steve@cat-box.net
Mon, 24 Jul 2000 21:36:53 +0100 

Martijn Pieters wrote:
> 
> On Mon, Jul 24, 2000 at 08:56:54PM +0100, Steve Alexander wrote:
> > I've attached a patch to lib/python/AccessControl/User.py. If there are
> > no suggestions of improvements, or complaints :-)  I'll stick it into
> > the Collector.
> >
> > I looked over the RFC, and Bad Request seems to be the best response
> > code.
> 
> Agreed.
> 
> > *** lib/python/AccessControl/User.py.original Mon Jul 24 20:31:40 2000
> > --- lib/python/AccessControl/User.py  Mon Jul 24 20:51:33 2000
> > ***************
> > *** 438,444 ****
> >           # Only do basic authentication
> >           if lower(auth[:6])!='basic ':
> >               return None
> > !         name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))
> >
> >           # Check for superuser
> >           super=self._super
> > --- 438,451 ----
> >           # Only do basic authentication
> >           if lower(auth[:6])!='basic ':
> >               return None
> > !         try:
> > !             name,password=\
> > !                 tuple(split(decodestring(split(auth)[-1]), ':', 1))
> > !         except: # not a proper basic auth string
> > !             request.response.setStatus(400)
> > !             raise 'InternalError', request.response._error_html(
> > !                 "Internal Error",
> > !                 "Zope could not understand the Basic Authentication supplied.")
> >
> >           # Check for superuser
> >           super=self._super
> 
> Would it be a good idea to add the header?

I don't quite follow.

> And let's make that a less generic
> except clause, we don't want to mask Zope bugs =)

Ok.

I was thinking of just using HTTPResponse.badRequestError().
However, it has a "name" argument, and I don't quite understand how it
is meant to be used.

    def badRequestError(self,name):
        self.setStatus(400)
        if regex.match('^[A-Z_0-9]+$',name) >= 0:
            raise 'InternalError', self._error_html(
                "Internal Error",
                "Sorry, an internal error occurred in this Zope
resource.")

        raise 'BadRequest',self._error_html(
            "Invalid request",
            "The parameter, <em>%s</em>, " % name +
            "was omitted from the request.<p>" + 
            "Make sure to specify all required parameters, " +
            "and try the request again."
            )

So, any of name="FOO", name="123", name="FOO123", name="" produces an
internal error; name="foo", name="Foo", name="foo123" produces a bad
request.

What's the rationale?


Should I just use this, then?

  request.response.badRequestError(name="0") # internal error


--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net