[Zope-Checkins] SVN: Zope/branches/2.12/ fixed regression in Unauthorized handling:

Yvo Schubbe y.2010 at wcm-solutions.de
Fri Apr 16 10:47:34 EDT 2010 

Log message for revision 110974:
  fixed regression in Unauthorized handling:
  
  In previous Zope versions string exceptions were used and all exceptions
  re-raised. This doesn't work with each kind of exception, but we can still do
  it with Unauthorized exceptions. This way the special handling for Unauthorized
  exceptions works again, HTTPResponse._unauthorized is called again. This is now
  done after rendering to make sure we don't break logging and custom views.

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt
  UU  Zope/branches/2.12/src/Zope2/App/startup.py
  UU  Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst	2010-04-16 14:34:54 UTC (rev 110973)
+++ Zope/branches/2.12/doc/CHANGES.rst	2010-04-16 14:47:34 UTC (rev 110974)
@@ -11,6 +11,8 @@
 Bugs Fixed
 ++++++++++
 
+- LP #372632, comments #15ff.: Fixed regression in Unauthorized handling.
+
 - LP #563229:  Process "evil" JSON cookies which contain double quotes in
   violation of RFC 2965 / 2616.
 

Modified: Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt
===================================================================
--- Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt	2010-04-16 14:34:54 UTC (rev 110973)
+++ Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt	2010-04-16 14:47:34 UTC (rev 110974)
@@ -115,7 +115,8 @@
     ...
     Redirect: LOCATION
 
-Handle zExceptions.Unauthorized.
+Handle zExceptions.Unauthorized. We take the 'WWW-Authenticate' header as a
+sign that HTTPResponse._unauthorized was called.
 
     >>> from zExceptions import Unauthorized
     >>> app.test_folder_1_.foo.exception = Unauthorized('ERROR VALUE')
@@ -129,6 +130,8 @@
     True
     >>> 'Error Value: ERROR VALUE' in browser.contents
     True
+    >>> browser.headers['WWW-Authenticate']
+    'basic realm="Zope2"'
 
     >>> browser.handleErrors = False
     >>> browser.open('http://localhost/test_folder_1_/foo')

Modified: Zope/branches/2.12/src/Zope2/App/startup.py
===================================================================
--- Zope/branches/2.12/src/Zope2/App/startup.py	2010-04-16 14:34:54 UTC (rev 110973)
+++ Zope/branches/2.12/src/Zope2/App/startup.py	2010-04-16 14:47:34 UTC (rev 110974)
@@ -7,7 +7,7 @@
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE
+# FOR A PARTICULAR PURPOSE.
 #
 ##############################################################################
 """Initialize the Zope2 Package and provide a published module
@@ -23,14 +23,12 @@
 from Acquisition.interfaces import IAcquirer
 from App.config import getConfiguration
 from time import asctime
-from types import StringType, ListType
 from zExceptions import upgradeException
 from zExceptions import Redirect
 from zExceptions import Unauthorized
 from ZODB.POSException import ConflictError
 import transaction
 import AccessControl.User
-import App.FindHomes
 import ExtensionClass
 import imp
 import logging
@@ -206,7 +204,7 @@
             # raise the rendered value as the exception value
             # (basically the same that 'raise_standardErrorMessage'
             # does. The view is named 'index.html' because that's what
-            # Zope 3 uses as well.
+            # zope.publisher uses as well.
             view = queryMultiAdapter((v, REQUEST), name=u'index.html')
             if view is not None:
                 if IAcquirer.providedBy(view) and IAcquirer.providedBy(published):
@@ -214,13 +212,19 @@
                 else:
                     view.__parent__ = published
                 v = view()
+                if issubclass(t, Unauthorized):
+                    # Re-raise Unauthorized to make sure it is handled
+                    # correctly. We can't do that with all exceptions
+                    # because some don't work with the rendered v as
+                    # argument.
+                    raise t, v, traceback
                 response = REQUEST.RESPONSE
                 response.setStatus(t)
                 response.setBody(v)
                 return response
 
             if (published is None or published is app or
-                type(published) is ListType):
+                isinstance(published, list)):
                 # At least get the top-level object
                 published=app.__bobo_traverse__(REQUEST).__of__(
                     RequestContainer(REQUEST))
@@ -254,12 +258,18 @@
                            error_log_url=error_log_url)
                 if result is not None:
                     t, v, traceback = result
+                    if issubclass(t, Unauthorized):
+                        # Re-raise Unauthorized to make sure it is handled
+                        # correctly. We can't do that with all exceptions
+                        # because some don't work with the rendered v as
+                        # argument.
+                        raise t, v, traceback
                     response = REQUEST.RESPONSE
                     response.setStatus(t)
                     response.setBody(v)
                     return response
             except TypeError:
-                # Pre 2.6 call signature
+                # BBB: Pre Zope 2.6 call signature
                 f(client, REQUEST, t, v, traceback)
 
         finally:


Property changes on: Zope/branches/2.12/src/Zope2/App/startup.py
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
   - 1.15
Added: svn:keywords
   + Id

Modified: Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py
===================================================================
--- Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py	2010-04-16 14:34:54 UTC (rev 110973)
+++ Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py	2010-04-16 14:47:34 UTC (rev 110974)
@@ -347,7 +347,6 @@
 class ExceptionViewsTest(PlacelessSetup, ExceptionHookTestCase):
 
     def testCustomExceptionViewUnauthorized(self):
-        from ZPublisher.HTTPResponse import HTTPResponse
         from AccessControl import Unauthorized
         registerExceptionView(IUnauthorized)
         def f():
@@ -355,8 +354,7 @@
         request = self._makeRequest()
         client = StandardClient()
         v = self.call_exc_value(client, request, f)
-        self.failUnless(isinstance(v, HTTPResponse), v)
-        self.failUnless(v.status == 401, (v.status, 401))
+        self.failUnless(isinstance(v, Unauthorized), v)
         self.failUnless("Exception View: Unauthorized" in str(v))
         self.failUnless("Context: StandardClient" in str(v))
 


Property changes on: Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py
___________________________________________________________________
Added: svn:keywords
   + Id
Added: svn:eol-style
   + native

More information about the Zope-Checkins mailing list