[Checkins] SVN: Products.PluggableAuthService/trunk/ Trap "swallowable" exceptions from ``IRoles`` plugins.

Tres Seaver tseaver at palladion.com
Thu Aug 12 15:08:53 EDT 2010


Log message for revision 115656:
  Trap "swallowable" exceptions from ``IRoles`` plugins.
  
  Thanks to +  Willi Langenburger for the patch.
  
  Fixes https://bugs.launchpad.net/zope-pas/+bug/615474 
  

Changed:
  U   Products.PluggableAuthService/trunk/CHANGES.txt
  U   Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py
  U   Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py

-=-
Modified: Products.PluggableAuthService/trunk/CHANGES.txt
===================================================================
--- Products.PluggableAuthService/trunk/CHANGES.txt	2010-08-12 18:16:32 UTC (rev 115655)
+++ Products.PluggableAuthService/trunk/CHANGES.txt	2010-08-12 19:08:53 UTC (rev 115656)
@@ -4,8 +4,12 @@
 1.7.2 (unreleased)
 ------------------
 
-- Fixed possible TypeError in extractCredentials of CookieAuthHelper
-  when the __ac cookie is not ours (but e.g. from plone.session,
+- Trap "swallowable" exceptions from ``IRoles`` plugins.  Thanks to
+  Willi Langenburger for the patch.  Fixes
+  https://bugs.launchpad.net/zope-pas/+bug/615474 .
+
+- Fixed possible TypeError in ``extractCredentials`` of CookieAuthHelper
+  when the ``__ac`` cookie is not ours (but e.g. from plone.session,
   though even then only in a corner case).
 
 

Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py	2010-08-12 18:16:32 UTC (rev 115655)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/PluggableAuthService.py	2010-08-12 19:08:53 UTC (rev 115656)
@@ -737,12 +737,16 @@
             rolemakers = plugins.listPlugins( IRolesPlugin )
 
             for rolemaker_id, rolemaker in rolemakers:
+                try:
+                    roles = rolemaker.getRolesForPrincipal( user, request )
+                except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
+                    logger.debug( 'IRolesPlugin %s error' % rolemaker_id
+                                , exc_info=True
+                                )
+                else:
+                    if roles:
+                        user._addRoles( roles )
 
-                roles = rolemaker.getRolesForPrincipal( user, request )
-
-                if roles:
-                    user._addRoles( roles )
-
             user._addRoles( ['Authenticated'] )
 
             # Cache the user if caching is enabled

Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py	2010-08-12 18:16:32 UTC (rev 115655)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/tests/test_PluggableAuthService.py	2010-08-12 19:08:53 UTC (rev 115656)
@@ -28,6 +28,11 @@
 class DummyPlugin(Implicit):
     pass
 
+class FaultyRolesPlugin(DummyPlugin):
+
+    def getRolesForPrincipal(self, principal, request=None):
+        raise KeyError("intentional KeyError from FaultyRolesPlugin")
+
 class DummyUserEnumerator( DummyPlugin ):
 
     def __init__( self, user_id, login=None ):
@@ -445,6 +450,16 @@
 
         return rc, root, folder, object
 
+    def _makeFaultyRolemaker( self ):
+
+        from Products.PluggableAuthService.interfaces.plugins \
+             import IRolesPlugin
+
+        rolemaker = FaultyRolesPlugin()
+        directlyProvides( rolemaker, IRolesPlugin )
+
+        return rolemaker
+
     def _makeUserEnumerator( self, user_id, login=None ):
 
         from Products.PluggableAuthService.interfaces.plugins \
@@ -1007,6 +1022,30 @@
         self.assertEqual( v, published )
 
 
+    def test__faultyRolemaker( self ):
+
+        from Products.PluggableAuthService.interfaces.plugins \
+             import IUserEnumerationPlugin, IRolesPlugin
+
+        plugins = self._makePlugins()
+        zcuf = self._makeOne( plugins )
+
+        ue = self._makeUserEnumerator( 'foo' )
+        zcuf._setObject( 'ue', ue )
+
+        rm = self._makeFaultyRolemaker()
+        zcuf._setObject( 'rm', rm )
+
+        plugins = zcuf._getOb( 'plugins' )
+
+        plugins.activatePlugin( IUserEnumerationPlugin, 'ue' )
+        plugins.activatePlugin( IRolesPlugin, 'rm' )
+
+        try:
+            zcuf.getUser('foo')
+        except KeyError, e:
+            self.fail('exception should be caught by PAS: %s' % e)
+
     def test__verifyUser_no_plugins( self ):
 
         plugins = self._makePlugins()



More information about the checkins mailing list