-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote: > Log message for revision 99858: > Changed HTTPBasicAuthHelper to not rely on two obscure features of the > HTTPResponse. > > > Changed: > U > Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/HISTORY.txt > U > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py > U > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_HTTPBasicAuthHelper.py > > -=- > Modified: > Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/HISTORY.txt > =================================================================== > --- > Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/HISTORY.txt > 2009-05-11 21:38:04 UTC (rev 99857) > +++ > Products.PluggableAuthService/trunk/Products/PluggableAuthService/doc/HISTORY.txt > 2009-05-12 00:57:46 UTC (rev 99858) > @@ -1,6 +1,8 @@ > PluggableAuthService historic changes > ===================================== > > +- Changed HTTPBasicAuthHelper to not rely on two obscure features of the > + HTTPResponse. > > PluggableAuthService 1.4 (2006-08-28) > ------------------------------------- > > Modified: > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py > =================================================================== > --- > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py > 2009-05-11 21:38:04 UTC (rev 99857) > +++ > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py > 2009-05-12 00:57:46 UTC (rev 99858) > @@ -17,8 +17,6 @@ > $Id$ > """ > > -from zExceptions import Unauthorized > - > from AccessControl.SecurityInfo import ClassSecurityInfo > from App.class_init import default__class_init__ as InitializeClass > > @@ -99,15 +97,9 @@ > """ > realm = response.realm > if realm: > - response.addHeader('WWW-Authenticate', > + response.setHeader('WWW-Authenticate', > 'basic realm="%s"' % realm) > m = "<strong>You are not authorized to access this > resource.</strong>" > - if response.debug_mode: > - if response._auth: > - m = m + '<p>\nUsername and password are not correct.' > - else: > - m = m + '<p>\nNo Authorization header found.' > - > response.setBody(m, is_error=1) > response.setStatus(401) > return 1 > > Modified: > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_HTTPBasicAuthHelper.py > =================================================================== > --- > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_HTTPBasicAuthHelper.py > 2009-05-11 21:38:04 UTC (rev 99857) > +++ > Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/tests/test_HTTPBasicAuthHelper.py > 2009-05-12 00:57:46 UTC (rev 99858) > @@ -43,7 +43,6 @@ > > _unauthorized_called = 0 > realm = 'unit test' > - debug_mode = 0 > headers = {} > > def unauthorized( self ): > @@ -58,10 +57,6 @@ > > self.headers[name] = value > > - def addHeader(self, name, value): > - > - self.headers[name] = value > - > def setBody(self, body, is_error=0): > self.body = body > > @@ -100,8 +95,6 @@ > 'remote_host': '', 'remote_address': '' } ) > > def test_challenge( self ): > - from zExceptions import Unauthorized > - > helper = self._makeOne() > request = FauxHTTPRequest() > response = FauxHTTPResponse()
Hanno, do you know *why* that feature was used? HTTP allows *multiple* challenges to be issued for a single request (e.g., one digest, one basic, or two basic challenges with different realms). Your change makes it only possible to send one (the last one). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKCOXK+gerLs4ltQ4RAukcAJ9Igt7+3N9tOrW0pWfkPaZMFAHGTACfaVj0 q1/GxwCJx2T/DGcE/Kf4s6w= =TI1O -----END PGP SIGNATURE----- _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas