Chris Withers wrote:
>
> So what was causing the original error then?
string.split('basic')[-1] was returning 'basic'.
base64.decodestring('basic') causes an "Incorrect padding" error.
base64.decodestring('basic ') causes an "Incorrect padding" error too.
Martijn Pieters wrote:
> We partly agree, and this is tricky. Unauthorised is wrong, it should return a
> Bad Request (or whatever the correct HTTP error is in this case). File a
> patch! =)
I've attached a patch to lib/python/AccessControl/User.py. If there are
no suggestions of improvements, or complaints :-) I'll stick it into
the Collector.
I looked over the RFC, and Bad Request seems to be the best response
code.
--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net
*** lib/python/AccessControl/User.py.original Mon Jul 24 20:31:40 2000
--- lib/python/AccessControl/User.py Mon Jul 24 20:51:33 2000
***************
*** 438,444 ****
# Only do basic authentication
if lower(auth[:6])!='basic ':
return None
! name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1))
# Check for superuser
super=self._super
--- 438,451 ----
# Only do basic authentication
if lower(auth[:6])!='basic ':
return None
! try:
! name,password=\
! tuple(split(decodestring(split(auth)[-1]), ':', 1))
! except: # not a proper basic auth string
! request.response.setStatus(400)
! raise 'InternalError', request.response._error_html(
! "Internal Error",
! "Zope could not understand the Basic Authentication supplied.")
# Check for superuser
super=self._super
