[Zope3-checkins] SVN: Zope3/trunk/src/zope/publisher/ Merged revision 69306 from the 3.3 branch:

Dmitry Vasiliev dima at hlabs.spb.ru
Wed Aug 2 03:20:10 EDT 2006 

Log message for revision 69335:
  Merged revision 69306 from the 3.3 branch:
  
  Now colon inside the password shouldn't shock the parser
  

Changed:
  U   Zope3/trunk/src/zope/publisher/http.py
  U   Zope3/trunk/src/zope/publisher/tests/test_http.py

-=-
Modified: Zope3/trunk/src/zope/publisher/http.py
===================================================================
--- Zope3/trunk/src/zope/publisher/http.py	2006-08-02 03:36:59 UTC (rev 69334)
+++ Zope3/trunk/src/zope/publisher/http.py	2006-08-02 07:20:09 UTC (rev 69335)
@@ -58,8 +58,6 @@
 class HeaderGetter(RequestDataGetter):
     _gettrname = 'getHeader'
 
-base64 = None
-
 def sane_environment(env):
     # return an environment mapping which has been cleaned of
     # funny business such as REDIRECT_ prefixes added by Apache
@@ -491,14 +489,10 @@
 
     def _authUserPW(self):
         'See IHTTPCredentials'
-        global base64
-        if self._auth:
-            if self._auth.lower().startswith('basic '):
-                if base64 is None:
-                    import base64
-                name, password = base64.decodestring(
-                    self._auth.split()[-1]).split(':')
-                return name, password
+        if self._auth and self._auth.lower().startswith('basic '):
+            encoded = self._auth.split(None, 1)[-1]
+            name, password = encoded.decode("base64").split(':', 1)
+            return name, password
 
     def unauthorized(self, challenge):
         'See IHTTPCredentials'

Modified: Zope3/trunk/src/zope/publisher/tests/test_http.py
===================================================================
--- Zope3/trunk/src/zope/publisher/tests/test_http.py	2006-08-02 03:36:59 UTC (rev 69334)
+++ Zope3/trunk/src/zope/publisher/tests/test_http.py	2006-08-02 07:20:09 UTC (rev 69335)
@@ -344,14 +344,13 @@
 
     def testBasicAuth(self):
         from zope.publisher.interfaces.http import IHTTPCredentials
-        import base64
         req = self._createRequest()
         verifyObject(IHTTPCredentials, req)
         lpq = req._authUserPW()
         self.assertEquals(lpq, None)
         env = {}
-        login, password = ("tim", "123")
-        s = base64.encodestring("%s:%s" % (login, password)).rstrip()
+        login, password = ("tim", "123:456")
+        s = ("%s:%s" % (login, password)).encode("base64").rstrip()
         env['HTTP_AUTHORIZATION'] = "Basic %s" % s
         req = self._createRequest(env)
         lpw = req._authUserPW()

More information about the Zope3-Checkins mailing list