[Checkins] SVN: Products.PluggableAuthService/trunk/ Merge r115650 from branches/1.6:
Maurits van Rees
m.van.rees at zestsoftware.nl
Thu Aug 12 10:51:45 EDT 2010
Log message for revision 115651:
Merge r115650 from branches/1.6:
Fixed possible TypeError in extractCredentials of CookieAuthHelper when the __ac cookie is not ours
(but e.g. from plone.session, though even then only in a corner case).
Changed:
U Products.PluggableAuthService/trunk/CHANGES.txt
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
-=-
Modified: Products.PluggableAuthService/trunk/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt 2010-08-12 14:43:10 UTC (rev 115650)
+++ Products.PluggableAuthService/trunk/CHANGES.txt 2010-08-12 14:51:44 UTC (rev 115651)
@@ -4,6 +4,10 @@
1.7.1 (2010-07-01)
------------------
+- Fixed possible TypeError in extractCredentials of CookieAuthHelper
+ when the __ac cookie is not ours (but e.g. from plone.session,
+ though even then only in a corner case).
+
- Made ``ZODBRoleManager.assignRoleToPrincipal`` raise and log a more
informative error when detecting a duplicate principal.
https://bugs.launchpad.net/zope-pas/+bug/348795
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py 2010-08-12 14:43:10 UTC (rev 115650)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py 2010-08-12 14:51:44 UTC (rev 115651)
@@ -124,8 +124,12 @@
# Cookie is in a different format, so it is not ours
return creds
- creds['login'] = login.decode('hex')
- creds['password'] = password.decode('hex')
+ try:
+ creds['login'] = login.decode('hex')
+ creds['password'] = password.decode('hex')
+ except TypeError:
+ # Cookie is in a different format, so it is not ours
+ return creds
if creds:
creds['remote_host'] = request.get('REMOTE_HOST', '')
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py 2010-08-12 14:43:10 UTC (rev 115650)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py 2010-08-12 14:51:44 UTC (rev 115651)
@@ -186,7 +186,23 @@
'remote_host': '',
'remote_address': ''})
+ def test_extractCredentials_from_cookie_with_colon_that_is_not_ours(self):
+ # http://article.gmane.org/gmane.comp.web.zope.plone.product-developers/5145
+ from base64 import encodestring
+ helper = self._makeOne()
+ response = FauxCookieResponse()
+ request = FauxSettableRequest(RESPONSE=response)
+
+ cookie_str = 'cookie:from_other_plugin'
+ cookie_val = encodestring(cookie_str)
+ cookie_val = cookie_val.rstrip()
+ request.set(helper.cookie_name, cookie_val)
+
+ self.assertEqual(helper.extractCredentials(request),
+ {})
+
+
if __name__ == "__main__":
unittest.main()
More information about the checkins
mailing list