[Checkins] SVN: z3c.authenticator/branches/adamg-0.7.2/s fixing a bug

Adam Groszer agroszer at gmail.com
Tue Jan 26 11:04:11 EST 2010 

Log message for revision 108521:
  fixing a bug

Changed:
  U   z3c.authenticator/branches/adamg-0.7.2/setup.py
  U   z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py
  A   z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt
  U   z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py

-=-
Modified: z3c.authenticator/branches/adamg-0.7.2/setup.py
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/setup.py	2010-01-26 16:02:43 UTC (rev 108520)
+++ z3c.authenticator/branches/adamg-0.7.2/setup.py	2010-01-26 16:04:10 UTC (rev 108521)
@@ -88,6 +88,7 @@
         'zope.session',
         'zope.site',
         'zope.traversing',
+        'zope.deferredimport',
         ],
     zip_safe = False,
 )

Modified: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py	2010-01-26 16:02:43 UTC (rev 108520)
+++ z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential.py	2010-01-26 16:04:10 UTC (rev 108521)
@@ -20,6 +20,7 @@
 import transaction
 import persistent
 from urllib import urlencode
+from urllib import quote
 
 import zope.interface
 from zope.publisher.interfaces.http import IHTTPRequest
@@ -31,6 +32,7 @@
 
 from z3c.authenticator import interfaces
 
+_safe = '@+' # Characters that we don't want to have quoted
 
 class HTTPBasicAuthCredentialsPlugin(persistent.Persistent,
     contained.Contained):
@@ -242,7 +244,7 @@
       >>> plugin.extractCredentials(request)
       {'login': 'luke', 'password': 'the_force'}
 
-    We can also set prefixes for the fields from which the credentials are 
+    We can also set prefixes for the fields from which the credentials are
     extracted:
 
       >>> plugin.loginfield = "login"
@@ -398,9 +400,18 @@
         camefrom = '/'.join([request.getURL(path_only=True)] + stack)
         if query:
             camefrom = camefrom + '?' + query
+
+        try:
+            camefrom = str(camefrom)
+            query = urlencode({'camefrom': camefrom})
+        except UnicodeEncodeError:
+            #urlencode does just too much
+            camefrom = quote(camefrom.encode('utf-8'), _safe)
+            query = "camefrom=%s" % camefrom
+
         url = '%s/@@%s?%s' % (absoluteURL(site, request),
                               self.loginpagename,
-                              urlencode({'camefrom': camefrom}))
+                              query)
         request.response.redirect(url)
         return True
 

Added: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt	                        (rev 0)
+++ z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt	2010-01-26 16:04:10 UTC (rev 108521)
@@ -0,0 +1,44 @@
+The redirect failed in case of a non-ASCII page name
+====================================================
+
+Challenges by redirecting to a login form.
+
+To illustrate, we'll create a test request:
+
+  >>> from zope.publisher.browser import TestRequest
+  >>> request = TestRequest()
+
+and confirm its response's initial status and 'location' header:
+
+  >>> request.response.getStatus()
+  599
+  >>> request.response.getHeader('location')
+
+When we issue a challenge using a session plugin:
+
+  >>> from z3c.authenticator.credential import SessionCredentialsPlugin
+  >>> plugin = SessionCredentialsPlugin()
+
+The redirect failed in case of a non-ASCII page name:
+(REQUEST_URI is utf-8, _traversal_stack is unicode)
+
+  >>> env = {
+  ...     'REQUEST_URI': '/foo/bar/folder/page%C3%BC.html?q=value',
+  ...     'QUERY_STRING': 'q=value'
+  ...     }
+  >>> request = TestRequest(environ=env)
+  >>> request._traversed_names = [u'foo', u'bar']
+  >>> request._traversal_stack = [u'page\xfc.html', u'folder']
+  >>> request['REQUEST_URI']
+  '/foo/bar/folder/page%C3%BC.html?q=value'
+
+When we challenge:
+
+  >>> plugin.challenge(request)
+  True
+
+We see the 'camefrom' points to the requested URL:
+
+  >>> request.response.getHeader('location') # doctest: +ELLIPSIS
+  '.../@@loginForm.html?camefrom=%2Ffoo%2Fbar%2Ffolder%2Fpage%C3%BC.html%3Fq%3Dvalue'
+


Property changes on: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/credential_bugs.txt
___________________________________________________________________
Added: svn:keywords
   + Date Author Id Revision
Added: svn:eol-style
   + native

Modified: z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py
===================================================================
--- z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py	2010-01-26 16:02:43 UTC (rev 108520)
+++ z3c.authenticator/branches/adamg-0.7.2/src/z3c/authenticator/tests.py	2010-01-26 16:04:10 UTC (rev 108521)
@@ -154,6 +154,9 @@
             optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
         doctest.DocTestSuite('z3c.authenticator.credential',
             setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown),
+        doctest.DocFileSuite('credential_bugs.txt',
+            setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown,
+            optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
         doctest.DocTestSuite('z3c.authenticator.group',
             setUp=placelesssetup.setUp, tearDown=placelesssetup.tearDown),
         doctest.DocFileSuite('vocabulary.txt',

More information about the checkins mailing list