Log message for revision 110974: fixed regression in Unauthorized handling: In previous Zope versions string exceptions were used and all exceptions re-raised. This doesn't work with each kind of exception, but we can still do it with Unauthorized exceptions. This way the special handling for Unauthorized exceptions works again, HTTPResponse._unauthorized is called again. This is now done after rendering to make sure we don't break logging and custom views.
Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt UU Zope/branches/2.12/src/Zope2/App/startup.py UU Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py -=- Modified: Zope/branches/2.12/doc/CHANGES.rst =================================================================== --- Zope/branches/2.12/doc/CHANGES.rst 2010-04-16 14:34:54 UTC (rev 110973) +++ Zope/branches/2.12/doc/CHANGES.rst 2010-04-16 14:47:34 UTC (rev 110974) @@ -11,6 +11,8 @@ Bugs Fixed ++++++++++ +- LP #372632, comments #15ff.: Fixed regression in Unauthorized handling. + - LP #563229: Process "evil" JSON cookies which contain double quotes in violation of RFC 2965 / 2616. Modified: Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt =================================================================== --- Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt 2010-04-16 14:34:54 UTC (rev 110973) +++ Zope/branches/2.12/src/ZPublisher/tests/exception_handling.txt 2010-04-16 14:47:34 UTC (rev 110974) @@ -115,7 +115,8 @@ ... Redirect: LOCATION -Handle zExceptions.Unauthorized. +Handle zExceptions.Unauthorized. We take the 'WWW-Authenticate' header as a +sign that HTTPResponse._unauthorized was called. >>> from zExceptions import Unauthorized >>> app.test_folder_1_.foo.exception = Unauthorized('ERROR VALUE') @@ -129,6 +130,8 @@ True >>> 'Error Value: ERROR VALUE' in browser.contents True + >>> browser.headers['WWW-Authenticate'] + 'basic realm="Zope2"' >>> browser.handleErrors = False >>> browser.open('http://localhost/test_folder_1_/foo') Modified: Zope/branches/2.12/src/Zope2/App/startup.py =================================================================== --- Zope/branches/2.12/src/Zope2/App/startup.py 2010-04-16 14:34:54 UTC (rev 110973) +++ Zope/branches/2.12/src/Zope2/App/startup.py 2010-04-16 14:47:34 UTC (rev 110974) @@ -7,7 +7,7 @@ # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS -# FOR A PARTICULAR PURPOSE +# FOR A PARTICULAR PURPOSE. # ############################################################################## """Initialize the Zope2 Package and provide a published module @@ -23,14 +23,12 @@ from Acquisition.interfaces import IAcquirer from App.config import getConfiguration from time import asctime -from types import StringType, ListType from zExceptions import upgradeException from zExceptions import Redirect from zExceptions import Unauthorized from ZODB.POSException import ConflictError import transaction import AccessControl.User -import App.FindHomes import ExtensionClass import imp import logging @@ -206,7 +204,7 @@ # raise the rendered value as the exception value # (basically the same that 'raise_standardErrorMessage' # does. The view is named 'index.html' because that's what - # Zope 3 uses as well. + # zope.publisher uses as well. view = queryMultiAdapter((v, REQUEST), name=u'index.html') if view is not None: if IAcquirer.providedBy(view) and IAcquirer.providedBy(published): @@ -214,13 +212,19 @@ else: view.__parent__ = published v = view() + if issubclass(t, Unauthorized): + # Re-raise Unauthorized to make sure it is handled + # correctly. We can't do that with all exceptions + # because some don't work with the rendered v as + # argument. + raise t, v, traceback response = REQUEST.RESPONSE response.setStatus(t) response.setBody(v) return response if (published is None or published is app or - type(published) is ListType): + isinstance(published, list)): # At least get the top-level object published=app.__bobo_traverse__(REQUEST).__of__( RequestContainer(REQUEST)) @@ -254,12 +258,18 @@ error_log_url=error_log_url) if result is not None: t, v, traceback = result + if issubclass(t, Unauthorized): + # Re-raise Unauthorized to make sure it is handled + # correctly. We can't do that with all exceptions + # because some don't work with the rendered v as + # argument. + raise t, v, traceback response = REQUEST.RESPONSE response.setStatus(t) response.setBody(v) return response except TypeError: - # Pre 2.6 call signature + # BBB: Pre Zope 2.6 call signature f(client, REQUEST, t, v, traceback) finally: Property changes on: Zope/branches/2.12/src/Zope2/App/startup.py ___________________________________________________________________ Deleted: cvs2svn:cvs-rev - 1.15 Added: svn:keywords + Id Modified: Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py =================================================================== --- Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py 2010-04-16 14:34:54 UTC (rev 110973) +++ Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py 2010-04-16 14:47:34 UTC (rev 110974) @@ -347,7 +347,6 @@ class ExceptionViewsTest(PlacelessSetup, ExceptionHookTestCase): def testCustomExceptionViewUnauthorized(self): - from ZPublisher.HTTPResponse import HTTPResponse from AccessControl import Unauthorized registerExceptionView(IUnauthorized) def f(): @@ -355,8 +354,7 @@ request = self._makeRequest() client = StandardClient() v = self.call_exc_value(client, request, f) - self.failUnless(isinstance(v, HTTPResponse), v) - self.failUnless(v.status == 401, (v.status, 401)) + self.failUnless(isinstance(v, Unauthorized), v) self.failUnless("Exception View: Unauthorized" in str(v)) self.failUnless("Context: StandardClient" in str(v)) Property changes on: Zope/branches/2.12/src/Zope2/App/tests/testExceptionHook.py ___________________________________________________________________ Added: svn:keywords + Id Added: svn:eol-style + native _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins