[Zope] [zope-dev] zope.app.authentication / zope.pluggableauth problem

Tue, 03 May 2011 06:23:20 -0700 

Hi,

I've built an XML-RPC application built on Zope3 (3.4.1) components.
I noticed that when a user is having one or more colons in his
password, an exception is raised :

File '/var/local/eggs/zope.app.wsgi-3.4.3-py2.5.egg/zope/app/wsgi/__init__.py', 
line 55 in __call__
  request = publish(request, handle_errors=handle_errors)
File 
'/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/publish.py', 
line 130 in publish
  obj = request.traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/http.py', 
line 464 in traverse
  ob = super(HTTPRequest, self).traverse(obj)
File '/var/local/eggs/zope.publisher-3.4.10-py2.5.egg/zope/publisher/base.py', 
line 252 in traverse
  publication.callTraversalHooks(self, obj)
File 
'/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py',
 line 129 in callTraversalHooks
  self._maybePlacefullyAuthenticate(request, ob)
File 
'/var/local/eggs/zope.app.publication-3.4.4-py2.5.egg/zope/app/publication/zopepublication.py',
 line 116 in _maybePlacefullyAuthenticate
  principal = auth.authenticate(request)
File 
'/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/authentication.py',
 line 72 in authenticate
  credentials = credplugin.extractCredentials(request)
File 
'/var/local/eggs/zope.app.authentication-3.4.4-py2.5.egg/zope/app/authentication/httpplugins.py',
 line 89 in extractCredentials
  login, password = base64.decodestring(credentials).split(':')
ValueError: too many values to unpack


So maybe I'm wrong, but shouldn't the last instruction be replaced
with :

  login, password = base64.decodestring(credentials).split(':', 1)


Regards,

Thierry Florac
-- 
Chef de projets intranet/internet
Office National des Forêts - Département Informatique
2, Avenue de Saint-Mandé
75570 Paris Cedex 12
Tél. : 01 40 19 59 64
Fax. : 01 40 19 58 85
Mél. : thierry.flo...@onf.fr
Web. : http://www.onf.fr
_______________________________________________
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to