[Zope] [zope-dev] zope.app.authentication / zope.pluggableauth problem

[Thierry Florac]

Hi,

I've built an XML-RPC application built on Zope3 (3.4.1) components.
I noticed that when a user is having one or more colons in his
password, an exception is raised :

File '/var/local/eggs/zope.app.wsgi-3.4.3-py2.5.egg/zope/app/wsgi/__init__.py', line 55 in __call__
  request = publish(request, handle_errors=handle_errors)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/publish.py', line 130 in publish
  obj = request.traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/http.py', line 464 in traverse
  ob = super(HTTPRequest, self).traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/base.py', line 252 in traverse
  publication.callTraversalHooks(self, obj)
File '/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py', line 129 in callTraversalHooks
  self._maybePlacefullyAuthenticate(request, ob)
File '/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py', line 116 in _maybePlacefullyAuthenticate
  principal = auth.authenticate(request)
File '/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/authentication.py', line 72 in authenticate
  credentials = credplugin.extractCredentials(request)
File '/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/httpplugins.py', line 89 in extractCredentials
  login, password = base64.decodestring(credentials).split(':')
ValueError: too many values to unpack


So maybe I'm wrong, but shouldn't the last instruction be replaced
with :

  login, password = base64.decodestring(credentials).split(':', 1)


Regards,

Thierry Florac
-- 
Chef de projets intranet/internet
Office National des Forêts - Département Informatique
2, Avenue de Saint-Mandé
75570 Paris Cedex 12
Tél. : 01 40 19 59 64
Fax. : 01 40 19 58 85
Mél. : thierry.florac at onf.fr
Web. : http://www.onf.fr