[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/authentication/idpicker.py Merged from 3.2 branch:

Jim Fulton jim at zope.com
Sat Dec 24 11:41:17 EST 2005 

Log message for revision 41020:
  Merged from 3.2 branch:
  
  ------------------------------------------------------------------------
    r40889 | jim | 2005-12-19 18:03:14 -0500 (Mon, 19 Dec 2005) | 7 lines
  
  Updated the name chooser for principal and group folders to disallow
    picking ids wih characters that are not printable non-space 7-but
    ascii.
  
  This is to resolve http://www.zope.org/Collectors/Zope3-dev/516
    for now.
  

Changed:
  U   Zope3/trunk/src/zope/app/authentication/idpicker.py

-=-
Modified: Zope3/trunk/src/zope/app/authentication/idpicker.py
===================================================================
--- Zope3/trunk/src/zope/app/authentication/idpicker.py	2005-12-24 16:38:57 UTC (rev 41019)
+++ Zope3/trunk/src/zope/app/authentication/idpicker.py	2005-12-24 16:41:17 UTC (rev 41020)
@@ -17,8 +17,11 @@
 """
 
 from zope.app.container.contained import NameChooser
+from zope.app.exception.interfaces import UserError
+from zope.app.i18n import ZopeMessageFactory as _
+import re
 
-
+ok = re.compile('[!-~]+$').match
 class IdPicker(NameChooser):
     """Helper base class that picks principal ids.
 
@@ -54,3 +57,52 @@
 
         self.checkName(name, object)
         return name
+
+    def checkName(self, name, object):
+        """Limit ids
+
+        Ids can only contain printable, non-space, 7-bit ASCII strings:
+
+        >>> from zope.app.authentication.idpicker import IdPicker
+        >>> IdPicker({}).checkName(u'1', None)
+        True
+
+        >>> IdPicker({}).checkName(u'bob', None)
+        True
+
+        >>> IdPicker({}).checkName(u'bob\xfa', None)
+        ... # doctest: +NORMALIZE_WHITESPACE
+        Traceback (most recent call last):
+        ...
+        UserError: Ids must contain only printable
+        7-bit non-space ASCII characters
+
+        >>> IdPicker({}).checkName(u'big bob', None)
+        ... # doctest: +NORMALIZE_WHITESPACE
+        Traceback (most recent call last):
+        ...
+        UserError: Ids must contain only printable
+        7-bit non-space ASCII characters
+
+        Ids also can't be over 100 characters long:
+
+        >>> IdPicker({}).checkName(u'x' * 100, None)
+        True
+
+        >>> IdPicker({}).checkName(u'x' * 101, None)
+        Traceback (most recent call last):
+        ...
+        UserError: Ids can't be more than 100 characters long.
+
+        """
+        NameChooser.checkName(self, name, object)
+        if not ok(name):
+            raise UserError(
+                _("Ids must contain only printable 7-bit non-space"
+                  " ASCII characters")
+                )
+        if len(name) > 100:
+            raise UserError(
+                _("Ids can't be more than 100 characters long.")
+                )
+        return True

More information about the Zope3-Checkins mailing list