Hi Maurits,
On 2010-8-12 16:43, Maurits van Rees wrote:
> Log message for revision 115650:
> Fixed possible TypeError in extractCredentials of CookieAuthHelper when
> the __ac cookie is not ours (but e.g. from plone.session, though even then
> only in a corner case).
>
> Changed:
> U
> Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
> U
> Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/tests/test_CookieAuthHelper.py
>
> -=-
> Modified:
> Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
> ===================================================================
> ---
> Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
> 2010-08-12 09:03:42 UTC (rev 115649)
> +++
> Products.PluggableAuthService/branches/1.6/Products/PluggableAuthService/plugins/CookieAuthHelper.py
> 2010-08-12 14:43:10 UTC (rev 115650)
> @@ -125,8 +125,12 @@
> # Cookie is in a different format, so it is not ours
> return creds
>
> - creds['login'] = login.decode('hex')
> - creds['password'] = password.decode('hex')
> + try:
> + creds['login'] = login.decode('hex')
> + creds['password'] = password.decode('hex')
> + except TypeError:
> + # Cookie is in a different format, so it is not ours
> + return creds
That looks incorrect: if the password.decode fails you are now returning
a half credential set with only login set, instead of an empty set.
Wichert.
--
Wichert Akkerman <[email protected]> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
_______________________________________________
Zope-PAS mailing list
[email protected]
https://mail.zope.org/mailman/listinfo/zope-pas
