from:"Michael Pedersen"

[Repoze-dev] [issue98] repoze.who Identifier Issue

2009-09-07 Thread Michael Pedersen


New submission from Michael Pedersen rep...@icelus.org:

Stumbled across an odd issue last night: If a username has an exclamation in it,
and that username is returned as is from an IIdentifier, then the auth_tkt
cookie will be invalid. For instance, if my login were Pedersen!, the auth_tkt
cookie would look like this:

1234567890123456789012345678901234567890Pedersen!!

When the ticket is parsed later, the username returned from the auth_tkt will be
Pedersen (since it splits on !). It would be much nicer if the code were to
use urllib.quote and urllib.unquote on the returned username to ensure that such
oddball characters do not pose a problem ever.

I'll probably try to fix this myself this week, but if I don't get the chance, I
figured at least having the bug listed here would be a good thing.

--
messages: 266
nosy: pedersen
priority: bug
status: unread
title: repoze.who Identifier Issue

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue98
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue98] repoze.who Identifier Issue

2009-09-07 Thread Michael Pedersen


Michael Pedersen rep...@icelus.org added the comment:

Sorry about that. Reporting this to the paste team. If you wish to use this to
track the upstream issue, go ahead and leave it open. Close it if not.

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue98
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue98] repoze.who Identifier Issue

2009-09-07 Thread Michael Pedersen


Michael Pedersen rep...@icelus.org added the comment:

Filed bug with python paste: http://trac.pythonpaste.org/pythonpaste/ticket/380

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue98
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces

2009-04-10 Thread Michael Pedersen


Michael Pedersen rep...@icelus.org added the comment:

Attaching a patch that was made by mcdonc. I just updated the test cases. This
patch should clear up the issue with the spaces pretty well entirely. I know it
did for my  use, anyway.

__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue60
__Index: repoze/who/plugins/auth_tkt.py
===
--- repoze/who/plugins/auth_tkt.py  (revision 4111)
+++ repoze/who/plugins/auth_tkt.py  (working copy)
@@ -75,11 +75,11 @@
 cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
 wild_domain = '.' + cur_domain
 cookies = [
-('Set-Cookie', '%s=%s; Path=/' % (
+('Set-Cookie', '%s=%s; Path=/' % (
 self.cookie_name, value)),
-('Set-Cookie', '%s=%s; Path=/; Domain=%s' % (
+('Set-Cookie', '%s=%s; Path=/; Domain=%s' % (
 self.cookie_name, value, cur_domain)),
-('Set-Cookie', '%s=%s; Path=/; Domain=%s' % (
+('Set-Cookie', '%s=%s; Path=/; Domain=%s' % (
 self.cookie_name, value, wild_domain))
 ]
 return cookies
Index: repoze/who/tests.py
===
--- repoze/who/tests.py (revision 4111)
+++ repoze/who/tests.py (working copy)
@@ -1627,13 +1627,13 @@
 self.assertEqual(len(result), 3)
 self.assertEqual(result[0],
  ('Set-Cookie',
-  'auth_tkt=%s; Path=/' % new_val))
+  'auth_tkt=%s; Path=/' % new_val))
 self.assertEqual(result[1],
  ('Set-Cookie',
-   'auth_tkt=%s; Path=/; Domain=localhost' % new_val))
+   'auth_tkt=%s; Path=/; Domain=localhost' % 
new_val))
 self.assertEqual(result[2],
  ('Set-Cookie',
-   'auth_tkt=%s; Path=/; Domain=.localhost' % new_val))
+   'auth_tkt=%s; Path=/; Domain=.localhost' % 
new_val))
 
 def test_remember_creds_different_int_userid(self):
 plugin = self._makeOne('secret')
@@ -1646,7 +1646,7 @@
 self.assertEqual(len(result), 3)
 self.assertEqual(result[0],
  ('Set-Cookie',
-  'auth_tkt=%s; Path=/' % new_val))
+  'auth_tkt=%s; Path=/' % new_val))
 
 def test_remember_creds_different_long_userid(self):
 plugin = self._makeOne('secret')
@@ -1658,7 +1658,7 @@
 self.assertEqual(len(result), 3)
 self.assertEqual(result[0],
  ('Set-Cookie',
-  'auth_tkt=%s; Path=/' % new_val))
+  'auth_tkt=%s; Path=/' % new_val))
 
 def test_remember_creds_different_unicode_userid(self):
 plugin = self._makeOne('secret')
@@ -1673,7 +1673,7 @@
 self.assertEqual(len(result), 3)
 self.assertEqual(result[0],
  ('Set-Cookie',
-  'auth_tkt=%s; Path=/' % new_val))
+  'auth_tkt=%s; Path=/' % new_val))
 
 def test_forget(self):
 plugin = self._makeOne('secret')
@@ -1683,7 +1683,7 @@
 header = headers[0]
 name, value = header
 self.assertEqual(name, 'Set-Cookie')
-self.assertEqual(value, 'auth_tkt=; Path=/')
+self.assertEqual(value, 'auth_tkt=; Path=/')
 header = headers[1]
 name, value = header
 self.assertEqual(name, 'Set-Cookie')
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

[Repoze-dev] [issue98] repoze.who Identifier Issue

[Repoze-dev] [issue98] repoze.who Identifier Issue

[Repoze-dev] [issue98] repoze.who Identifier Issue

[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces

4 matches

Site Navigation

Mail list logo

Footer information