On Mon, Jul 24, 2000 at 09:36:53PM +0100, Steve Alexander wrote:
> Martijn Pieters wrote:
> > Would it be a good idea to add the header?
>
> I don't quite follow.
Add the non-compliant Basic Auth header to the error message, to aid in
debugging the client.
> > And let's make that a less generic
Steve Alexander wrote:
> > > ! raise 'InternalError', request.response._error_html(
Can someone enlighten me as to what this does?
Does it reset the HTTP response code?
Is _error_html something that gets the acquired standard_error_message?
If not, it should do ;-)
Has anyone made
Martijn Pieters wrote:
>
> On Mon, Jul 24, 2000 at 08:56:54PM +0100, Steve Alexander wrote:
> > I've attached a patch to lib/python/AccessControl/User.py. If there are
> > no suggestions of improvements, or complaints :-) I'll stick it into
> > the Collector.
> >
> > I looked over the RFC, and B
Steve Alexander wrote:
>
> Chris Withers wrote:
> >
> > So what was causing the original error then?
>
> string.split('basic')[-1] was returning 'basic'.
>
> base64.decodestring('basic') causes an "Incorrect padding" error.
>
> base64.decodestring('basic ') causes an "Incorrect padding" error
On Mon, Jul 24, 2000 at 08:56:54PM +0100, Steve Alexander wrote:
> I've attached a patch to lib/python/AccessControl/User.py. If there are
> no suggestions of improvements, or complaints :-) I'll stick it into
> the Collector.
>
> I looked over the RFC, and Bad Request seems to be the best respo
Chris Withers wrote:
>
> So what was causing the original error then?
string.split('basic')[-1] was returning 'basic'.
base64.decodestring('basic') causes an "Incorrect padding" error.
base64.decodestring('basic ') causes an "Incorrect padding" error too.
Martijn Pieters wrote:
> We partly ag
On Mon, Jul 24, 2000 at 07:57:00PM +0100, Chris Withers wrote:
> Martijn Pieters wrote:
> > > So what was causing the original error then?
> >
> > Buggy client?
>
> If so, surely Zope should just return an Unauthorized error rather than
> exposing its internals?!
>
> If you're a server and the
On Mon, Jul 24, 2000 at 07:57:00PM +0100, Chris Withers wrote:
> Martijn Pieters wrote:
> > > So what was causing the original error then?
> >
> > Buggy client?
>
> If so, surely Zope should just return an Unauthorized error rather than
> exposing its internals?!
>
> If you're a server and the
Martijn Pieters wrote:
> > So what was causing the original error then?
>
> Buggy client?
If so, surely Zope should just return an Unauthorized error rather than
exposing its internals?!
If you're a server and the client is buggy, tell it so, but don't look
like you just screwed up really badly
On Mon, Jul 24, 2000 at 07:49:34PM +0100, Chris Withers wrote:
> Steve Alexander wrote:
> > Martijn Pieters wrote:
> > >
> > > Oops. You took out the strip. But IIRC, base64 does a strip as well.
> >
> > So it does!
> >
> > >>> from base64 import *
> > >>> s = encodestring('foo')
> > >>> decodes
Steve Alexander wrote:
> Martijn Pieters wrote:
> >
> > Oops. You took out the strip. But IIRC, base64 does a strip as well.
>
> So it does!
>
> >>> from base64 import *
> >>> s = encodestring('foo')
> >>> decodestring(s)
> 'foo'
> >>> decodestring(s+' ')
> 'foo'
> >>> decodestring(' '+s)
> 'foo
Martijn Pieters wrote:
>
> Oops. You took out the strip. But IIRC, base64 does a strip as well.
Not according to the original error which started this thread :(
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/
On Mon, Jul 24, 2000 at 08:36:26PM +0200, Martijn Pieters wrote:
> > I also checked, and this version of the patch *should* work:
> >
> > # Only do basic authentication
> > if lower(auth[:6])!='basic ':
> > return None
> > name,password=tuple(split(decodestring
Martijn Pieters wrote:
>
> Oops. You took out the strip. But IIRC, base64 does a strip as well.
So it does!
>>> from base64 import *
>>> s = encodestring('foo')
>>> decodestring(s)
'foo'
>>> decodestring(s+' ')
'foo'
>>> decodestring(' '+s)
'foo'
--
Steve Alexander
Software Engineer
Cat-Box l
Martijn Pieters wrote:
>
> RFC 1945 says one paragraph before that that the header should be matched
> case-insensitively. That was what the Moz bug was all about.
Thanks for the clarification.
> > # Only do basic authentication
> > if lower(auth[:6])!='basic ':
> >
On Mon, Jul 24, 2000 at 05:22:25PM +0100, Steve Alexander wrote:
> Chris Withers wrote:
> > A string.upper wouldn't go amiss either, then earlier versions of
> > Mozilla that send an incorrectly capitalised 'Basic' might also be
> > allowed to authenticate with Zope :-)
Heh, and allow Mozilla to
Steve Alexander wrote:
Well, I think Brian Lloyd'd have to make the call...
Nice work though, 2 for 2 on the day, that's pretty good going, are DC
paying you yet? ;-)
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/m
Chris Withers wrote:
>
> Chris Withers wrote:
> >
> > Steve Alexander wrote:
> > > My guess is that the argument "auth" passed to validate() has some
> > > trailing characters. Either that, or WebWhacker passed just "Basic " as
> > > an auth string.
> >
> > Yuk, that sounds like a Zope bug. Colle
Chris Withers wrote:
>
> Steve Alexander wrote:
> > My guess is that the argument "auth" passed to validate() has some
> > trailing characters. Either that, or WebWhacker passed just "Basic " as
> > an auth string.
>
> Yuk, that sounds like a Zope bug. Collector time with patch? A judicious
> st
Chris Withers wrote:
>
> Steve Alexander wrote:
> > My guess is that the argument "auth" passed to validate() has some
> > trailing characters. Either that, or WebWhacker passed just "Basic " as
> > an auth string.
>
> Yuk, that sounds like a Zope bug. Collector time with patch? A judicious
> st
Steve Alexander wrote:
> My guess is that the argument "auth" passed to validate() has some
> trailing characters. Either that, or WebWhacker passed just "Basic " as
> an auth string.
Yuk, that sounds like a Zope bug. Collector time with patch? A judicious
string.strip should solve the problem, s
Chris Withers wrote:
>
> Does anyone know what this means?
>
> The page views fine for me and this is the first error of this type I've
> seen since we launched the archives. I wonder what WebWhacker is doing
> to cause this?
Well... you can get an incorect padding error like this:
>>> import
22 matches
Mail list logo
