[Pkg-zope-developers] Bug#357461: python2.4-schoolbell: schoolbell sends malformed HTTP header

Nicolas Evrard ne at tiny.be
Fri Mar 17 14:14:12 UTC 2006 

Package: python2.4-schoolbell
Version: 1.2.4-1
Severity: normal


Hello,

I wonder is this a zope3 bug or a urllib2, probably the former.
Anyway while trying to connect with urllib2 to a schoolbell server
with authentication every request failed.

After a while I noticed that urllib2 used this regexp to search the
realm:

	re.compile('[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I)

While zope3 sends these headers:

nicoe at purple ~ % wget -S http://192.168.1.3:7180/persons/nev/calendar.ics
--14:57:06--  http://192.168.1.3:7180/persons/nev/calendar.ics
           => `calendar.ics.1'
Connexion vers 192.168.1.3:7180...connecté.
requête HTTP transmise, en attente de la réponse...
  HTTP/1.0 401 Unauthorized
  Content-Length: 2484
  Connection: Keep-Alive
  X-Powered-By: Zope (www.zope.org), Python (www.python.org)
  Date: Fri, 17 Mar 2006 13:57:15 GMT
  Content-Type: text/html;charset=utf-8
  WWW-Authenticate: basic realm=zope
  Server: zope.server.http (HTTP)
ÉCHEC d'autorisation.

Notice the " missing around the word zope.

Well, I've read the rfc it seems the " are mandatory.

Here's a simple patch against zope/app/security/basicauthadapter.py

--- basicauthadapter.py	2006-03-17 15:11:30.000000000 +0100
+++ basicauthadapter.py.mine	2006-03-17 15:12:10.000000000 +0100
@@ -37,4 +37,4 @@
         LoginPassword.__init__(self, login, password)
 
     def needLogin(self, realm):
-        self.__request.unauthorized("basic realm=%s" % realm)
+        self.__request.unauthorized('basic realm="%s"' % realm)

I think the doctest and so on needs patches too.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-k7
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)

Versions of packages python2.4-schoolbell depends on:
ii  python2.4                2.4.2-2         An interactive high-level object-o
ii  python2.4-libxml2        2.6.23.dfsg.2-2 Python 2.4 bindings for the GNOME 
ii  python2.4-reportlab      1.20debian-3    ReportLab library to create PDF do
ii  python2.4-xml            0.8.4-2         XML tools for Python (2.4.x)
ii  zope3                    3.2.0-4         Open Source Web Application Server

python2.4-schoolbell recommends no packages.

-- no debconf information

More information about the Pkg-zope-developers mailing list