[Checkins] SVN: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/ Fixed possible TypeError in extractCredentials of CookieAuthHelper when the __ac cookie is not ours (but e.g. from plone.session, though even then only in a corner case).

Maurits van Rees m.van.rees at zestsoftware.nl
Thu Aug 12 10:43:11 EDT 2010


Log message for revision 115650:
  Fixed possible TypeError in extractCredentials of CookieAuthHelper when the __ac cookie is not ours (but e.g. from plone.session, though even then only in a corner case).

Changed:
  U   Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
  U   Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py

-=-
Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py	2010-08-12 09:03:42 UTC (rev 115649)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py	2010-08-12 14:43:10 UTC (rev 115650)
@@ -125,8 +125,12 @@
                 # Cookie is in a different format, so it is not ours
                 return creds
 
-            creds['login'] = login.decode('hex')
-            creds['password'] = password.decode('hex')
+            try:
+                creds['login'] = login.decode('hex')
+                creds['password'] = password.decode('hex')
+            except TypeError:
+                # Cookie is in a different format, so it is not ours
+                return creds
 
         if creds:
             creds['remote_host'] = request.get('REMOTE_HOST', '')

Modified: Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
===================================================================
--- Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py	2010-08-12 09:03:42 UTC (rev 115649)
+++ Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py	2010-08-12 14:43:10 UTC (rev 115650)
@@ -187,7 +187,23 @@
                          'remote_host': '', 
                          'remote_address': ''}) 
 
+    def test_extractCredentials_from_cookie_with_colon_that_is_not_ours(self): 
+        # http://article.gmane.org/gmane.comp.web.zope.plone.product-developers/5145
+        from base64 import encodestring
 
+        helper = self._makeOne()
+        response = FauxCookieResponse()
+        request = FauxSettableRequest(RESPONSE=response)
+
+        cookie_str = 'cookie:from_other_plugin'
+        cookie_val = encodestring(cookie_str)
+        cookie_val = cookie_val.rstrip()
+        request.set(helper.cookie_name, cookie_val)
+
+        self.assertEqual(helper.extractCredentials(request),
+                        {})
+
+
 if __name__ == "__main__":
     unittest.main()
 



More information about the checkins mailing list