[Checkins] SVN: Zope/trunk/src/Z fixed regression in Unauthorized handling:

Yvo Schubbe y.2010 at wcm-solutions.de
Fri Apr 16 10:48:19 EDT 2010


Log message for revision 110976:
  fixed regression in Unauthorized handling:
  
  In previous Zope versions string exceptions were used and all exceptions
  re-raised. This doesn't work with each kind of exception, but we can still do
  it with Unauthorized exceptions. This way the special handling for Unauthorized
  exceptions works again, HTTPResponse._unauthorized is called again. This is now
  done after rendering to make sure we don't break logging and custom views.

Changed:
  U   Zope/trunk/src/ZPublisher/tests/exception_handling.txt
  UU  Zope/trunk/src/Zope2/App/startup.py
  UU  Zope/trunk/src/Zope2/App/tests/testExceptionHook.py

-=-
Modified: Zope/trunk/src/ZPublisher/tests/exception_handling.txt
===================================================================
--- Zope/trunk/src/ZPublisher/tests/exception_handling.txt	2010-04-16 14:47:52 UTC (rev 110975)
+++ Zope/trunk/src/ZPublisher/tests/exception_handling.txt	2010-04-16 14:48:19 UTC (rev 110976)
@@ -121,7 +121,8 @@
     Redirect: LOCATION
     >>> browser.contents
 
-Handle zExceptions.Unauthorized.
+Handle zExceptions.Unauthorized. We take the 'WWW-Authenticate' header as a
+sign that HTTPResponse._unauthorized was called.
 
     >>> from zExceptions import Unauthorized
     >>> app.test_folder_1_.foo.exception = Unauthorized('ERROR VALUE')
@@ -135,6 +136,8 @@
     True
     >>> 'Error Value: ERROR VALUE' in browser.contents
     True
+    >>> browser.headers['WWW-Authenticate']
+    'basic realm="Zope2"'
 
     >>> browser.handleErrors = False
     >>> browser.open('http://localhost/test_folder_1_/foo')

Modified: Zope/trunk/src/Zope2/App/startup.py
===================================================================
--- Zope/trunk/src/Zope2/App/startup.py	2010-04-16 14:47:52 UTC (rev 110975)
+++ Zope/trunk/src/Zope2/App/startup.py	2010-04-16 14:48:19 UTC (rev 110976)
@@ -7,7 +7,7 @@
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE
+# FOR A PARTICULAR PURPOSE.
 #
 ##############################################################################
 """Initialize the Zope2 Package and provide a published module
@@ -29,10 +29,10 @@
 from time import asctime
 from zExceptions import upgradeException
 from zExceptions import Redirect
+from zExceptions import Unauthorized
 from ZODB.POSException import ConflictError
 import transaction
 import AccessControl.User
-import App.FindHomes
 import ExtensionClass
 import imp
 import logging
@@ -224,6 +224,12 @@
                 else:
                     view.__parent__ = published
                 v = view()
+                if issubclass(t, Unauthorized):
+                    # Re-raise Unauthorized to make sure it is handled
+                    # correctly. We can't do that with all exceptions
+                    # because some don't work with the rendered v as
+                    # argument.
+                    raise t, v, traceback
                 response = REQUEST.RESPONSE
                 response.setStatus(t)
                 response.setBody(v)
@@ -264,12 +270,18 @@
                            error_log_url=error_log_url)
                 if result is not None:
                     t, v, traceback = result
+                    if issubclass(t, Unauthorized):
+                        # Re-raise Unauthorized to make sure it is handled
+                        # correctly. We can't do that with all exceptions
+                        # because some don't work with the rendered v as
+                        # argument.
+                        raise t, v, traceback
                     response = REQUEST.RESPONSE
                     response.setStatus(t)
                     response.setBody(v)
                     return response
             except TypeError:
-                # Pre 2.6 call signature
+                # BBB: Pre Zope 2.6 call signature
                 f(client, REQUEST, t, v, traceback)
 
         finally:


Property changes on: Zope/trunk/src/Zope2/App/startup.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.15
Added: svn:keywords
   + Id

Modified: Zope/trunk/src/Zope2/App/tests/testExceptionHook.py
===================================================================
--- Zope/trunk/src/Zope2/App/tests/testExceptionHook.py	2010-04-16 14:47:52 UTC (rev 110975)
+++ Zope/trunk/src/Zope2/App/tests/testExceptionHook.py	2010-04-16 14:48:19 UTC (rev 110976)
@@ -347,7 +347,6 @@
 class ExceptionViewsTest(PlacelessSetup, ExceptionHookTestCase):
 
     def testCustomExceptionViewUnauthorized(self):
-        from ZPublisher.HTTPResponse import HTTPResponse
         from AccessControl import Unauthorized
         registerExceptionView(IUnauthorized)
         def f():
@@ -355,8 +354,7 @@
         request = self._makeRequest()
         client = StandardClient()
         v = self.call_exc_value(client, request, f)
-        self.failUnless(isinstance(v, HTTPResponse), v)
-        self.failUnless(v.status == 401, (v.status, 401))
+        self.failUnless(isinstance(v, Unauthorized), v)
         self.failUnless("Exception View: Unauthorized" in str(v))
         self.failUnless("Context: StandardClient" in str(v))
 


Property changes on: Zope/trunk/src/Zope2/App/tests/testExceptionHook.py
___________________________________________________________________
Added: svn:keywords
   + Id
Added: svn:eol-style
   + native



More information about the checkins mailing list