Adam Groszer wrote:
Using the current trunk I experienced that using the PAU with a user
folder and users passwords stored with MD5, entering accented
characters as passwords causes an exception. That happens either at
adding the principal or at Z3's stock login form.

I think this is not my fault, but could somebody crosscheck that please?

Traceback from the login form, I entered "éá" as password:
  File "U:\zope\svn_zope34\src\zope\publisher\publish.py", line 130, in publish
  File "U:\zope\svn_zope34\src\zope\app\authentication\password.py", line 77, in
[skip]
 encodePassword
    return md5.new(password).hexdigest()
UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: ordin
al not in range(128)

Ugh, my bad I didn't notice that passwords may be Unicode strings. I think password should be encoded to UTF-8 before processing but I don't know that to do with backward compatibility. As an option we can introduce new Unicode-aware password managers. Opinions?

--
Dmitry Vasiliev <dima at hlabs.spb.ru>
http://hlabs.spb.ru
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to