[Checkins] SVN: PluggableAuthService/trunk/ - CookieAuthHelper: If
expireCookie was called and extractCredentials
Jens Vagelpohl
jens at dataflake.org
Sat Jun 24 05:46:40 EDT 2006
Log message for revision 68820:
- CookieAuthHelper: If expireCookie was called and extractCredentials
was hit in the same request, the CookieAuthHelper would throw an
exception (http://www.zope.org/Collectors/PAS/43)
Changed:
U PluggableAuthService/trunk/doc/CHANGES.txt
U PluggableAuthService/trunk/plugins/CookieAuthHelper.py
U PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py
-=-
Modified: PluggableAuthService/trunk/doc/CHANGES.txt
===================================================================
--- PluggableAuthService/trunk/doc/CHANGES.txt 2006-06-24 09:21:07 UTC (rev 68819)
+++ PluggableAuthService/trunk/doc/CHANGES.txt 2006-06-24 09:46:39 UTC (rev 68820)
@@ -1,5 +1,14 @@
PluggableAuthService changelog
+ PluggableAuthService 1.4-beta (unreleased)
+
+ Bugs Fixed
+
+ - CookieAuthHelper: If expireCookie was called and extractCredentials
+ was hit in the same request, the CookieAuthHelper would throw an
+ exception (http://www.zope.org/Collectors/PAS/43)
+
+
PluggableAuthService 1.3 (2006/06/09)
No changes from version 1.3-beta
Modified: PluggableAuthService/trunk/plugins/CookieAuthHelper.py
===================================================================
--- PluggableAuthService/trunk/plugins/CookieAuthHelper.py 2006-06-24 09:21:07 UTC (rev 68819)
+++ PluggableAuthService/trunk/plugins/CookieAuthHelper.py 2006-06-24 09:46:39 UTC (rev 68820)
@@ -118,7 +118,7 @@
if login:
creds['login'] = login
creds['password'] = password
- elif cookie:
+ elif cookie and cookie != 'deleted':
cookie_val = decodestring(unquote(cookie))
login, password = cookie_val.split(':')
Modified: PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py 2006-06-24 09:21:07 UTC (rev 68819)
+++ PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py 2006-06-24 09:46:39 UTC (rev 68820)
@@ -100,6 +100,22 @@
'remote_address': ''})
self.assertEqual(len(response.cookies), 0)
+ def test_extractCredentials_with_deleted_cookie(self):
+ # http://www.zope.org/Collectors/PAS/43
+ # Edge case: The ZPublisher sets a cookie's value to "deleted"
+ # in the current request if expireCookie is called. If we hit
+ # extractCredentials in the same request after this, it would
+ # blow up trying to deal with the invalid cookie value.
+ helper = self._makeOne()
+ response = FauxCookieResponse()
+ req_data = { helper.cookie_name : 'deleted'
+ , 'RESPONSE' : response
+ }
+ request = FauxSettableRequest(**req_data)
+ self.assertEqual(len(response.cookies), 0)
+
+ self.assertEqual(helper.extractCredentials(request), {})
+
def test_challenge( self ):
from zExceptions import Unauthorized
rc, root, folder, object = self._makeTree()
More information about the Checkins
mailing list