[Checkins] SVN: PluggableAuthService/trunk/ - CookieAuthHelper: If expireCookie was called and extractCredentials

Sat Jun 24 05:46:40 EDT 2006

Log message for revision 68820:
  - CookieAuthHelper: If expireCookie was called and extractCredentials
    was hit in the same request, the CookieAuthHelper would throw an 
    exception (http://www.zope.org/Collectors/PAS/43)
  

Changed:
  U   PluggableAuthService/trunk/doc/CHANGES.txt
  U   PluggableAuthService/trunk/plugins/CookieAuthHelper.py
  U   PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py

-=-
Modified: PluggableAuthService/trunk/doc/CHANGES.txt
===================================================================

--- PluggableAuthService/trunk/doc/CHANGES.txt	2006-06-24 09:21:07 UTC (rev 68819)
+++ PluggableAuthService/trunk/doc/CHANGES.txt	2006-06-24 09:46:39 UTC (rev 68820)
@@ -1,5 +1,14 @@
 PluggableAuthService changelog
 
+  PluggableAuthService 1.4-beta (unreleased)
+
+    Bugs Fixed
+
+      - CookieAuthHelper: If expireCookie was called and extractCredentials
+        was hit in the same request, the CookieAuthHelper would throw an
+        exception (http://www.zope.org/Collectors/PAS/43)
+
+
   PluggableAuthService 1.3 (2006/06/09)
 
     No changes from version 1.3-beta

Modified: PluggableAuthService/trunk/plugins/CookieAuthHelper.py
===================================================================
--- PluggableAuthService/trunk/plugins/CookieAuthHelper.py	2006-06-24 09:21:07 UTC (rev 68819)
+++ PluggableAuthService/trunk/plugins/CookieAuthHelper.py	2006-06-24 09:46:39 UTC (rev 68820)
@@ -118,7 +118,7 @@
             if login:
                 creds['login'] = login
                 creds['password'] = password
-        elif cookie:
+        elif cookie and cookie != 'deleted':
             cookie_val = decodestring(unquote(cookie))
             login, password = cookie_val.split(':')
 

Modified: PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py	2006-06-24 09:21:07 UTC (rev 68819)
+++ PluggableAuthService/trunk/plugins/tests/test_CookieAuthHelper.py	2006-06-24 09:46:39 UTC (rev 68820)
@@ -100,6 +100,22 @@
                          'remote_address': ''})
         self.assertEqual(len(response.cookies), 0)
 
+    def test_extractCredentials_with_deleted_cookie(self):
+        # http://www.zope.org/Collectors/PAS/43
+        # Edge case: The ZPublisher sets a cookie's value to "deleted"
+        # in the current request if expireCookie is called. If we hit
+        # extractCredentials in the same request after this, it would 
+        # blow up trying to deal with the invalid cookie value.
+        helper = self._makeOne()
+        response = FauxCookieResponse()
+        req_data = { helper.cookie_name : 'deleted'
+                   , 'RESPONSE' : response
+                   }
+        request = FauxSettableRequest(**req_data)
+        self.assertEqual(len(response.cookies), 0)
+
+        self.assertEqual(helper.extractCredentials(request), {})
+
     def test_challenge( self ):
         from zExceptions import Unauthorized
         rc, root, folder, object = self._makeTree()

