[Zope-Coders] [webmaster@zope.com: [ZWEB(157)[1] request] Invalid Auth. Token for too long login+passwd]

Martijn Pieters mj@zope.com
Mon, 22 Oct 2001 10:34:47 -0400 

--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Bug filed on Zope.org tracker. Seems valid to me.

-- 
Martijn Pieters
| Software Engineer  mailto:mj@zope.com
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/
---------------------------------------------

--r5Pyd7+fXNt84Ff3
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <webmaster@zope.com>
Received: from smtp.zope.com ([63.100.190.10] verified)
  by digicool.com (CommuniGate Pro SMTP 3.4)
  with ESMTP id 2859561; Mon, 22 Oct 2001 10:24:57 -0400
Received: from mail.python.org (mail.python.org [63.102.49.29])
	by smtp.zope.com (8.11.2/8.11.2) with ESMTP id f9MEKx103803;
	Mon, 22 Oct 2001 10:20:59 -0400
Received: from [63.102.49.33] (helo=app1)
	by mail.python.org with esmtp (Exim 3.21 #1)
	id 15vfwp-00037t-00; Mon, 22 Oct 2001 10:20:59 -0400
Subject: [ZWEB(157)[1] request] Invalid Auth. Token for too long login+passwd
Sender: <webmaster@zope.com>
Errors-To: <webmaster@zope.com>
From: "Sébastien Bigaret - Issue Requester, by Tracker - admin:" <webmaster@zope.com>
To: "Candidate Supporters, via Tracker http://www.zope.org/Tracker" <>
Cc: "Requester Courtesy CC, via Tracker http://www.zope.org/Tracker" <>
Date: Mon, 22 Oct 2001 10:20:59 GMT-4
X-Tracker-debug: To: ['mj', 'mattb', 'ensane', 'klm'], Cc: ['Big']
Message-Id: <E15vfwp-00037t-00@mail.python.org>
X-ECS-MailScanner: Found to be clean
Mime-Version: 1.0
Content-Type: text/plain; charset=-iso8859-1
Content-Disposition: inline; filename=mutt-viper-24158-6
Content-Transfer-Encoding: quoted-printable

Tracker Item ZWEB(157)[1] - to followup, visit
    http://www.zope.org/Tracker/157/1
Attachments:
    http://www.zope.org/Tracker/157/1/User.py.patch
		-=3D-		-=3D-		-=3D-
There is a bug in the BasicUserFolder.identify() method,
causing Invalid Authentification Token to be raised against
too long string (login+password).

Verified on: Zope2.3.3 to CVS Head (User.py Rev.1.160)

reason: basic64.encode() returns a set of '\n'-separated
        lines. If the login+password is too long, the split
        also splits newlines... then calls [-1] which is
        just the last line returned by encode, not the whole
        encoded string.
Attached is a small patch solving the issue
[patch=3D=3Dsplit(auth, ' ') instead of split(auth)]

S=E9bastien Bigaret -- aka Big.
		-=3D-		-=3D-		-=3D-
Issue Characteristics:

Title: Invalid Auth. Token for too long login+passwd
Requester: Big=20
Stage: Pending
Traits:
        Type: bug report, Area: Products, Urgency: normal,=20
        Deadline: soon


--r5Pyd7+fXNt84Ff3--