Commit 9020be4d authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki Committed by Jérome Perrin

Zope2: workaround for broken implementation of Basic auth encoding.

parent 12b7aaa0
......@@ -55,6 +55,10 @@ class ERP5DumbHTTPExtractionPlugin(BasePlugin):
security.declarePrivate('extractCredentials')
@UnrestrictedMethod
def extractCredentials(self, request):
# BBB Zope2
# Fix possibly broken _auth for very long auth
if getattr(request, '_auth', '').lower().startswith('basic '):
request._auth = request._auth.replace('\n', '')
return DumbHTTPExtractor().extractCredentials(request);
#Form for new plugin in ZMI
......
  • BaseRequest._auth is set (on the class) to None, which causes this code to raise: AttributeError: 'NoneType' object has no attribute 'lower'.

    The code used in HTTPRequest.clone to decide whether _auth is set is:

    if self._auth:

    and I think it should be used here too.

  • for this annoying AttributeError, @georgios.dagkakis pushed a fixup commit 7eb96ab7 yesterday.

    (indeed, getattr here is too verbose, as it should always have _auth.)

    Edited by Kazuhiko Shiozaki
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment