whoauth testcase test_ad_utf8_password has been failing silently



Cloud Services
Server: Core
5 years ago
5 years ago


(Reporter: rfkelly, Unassigned)


Firefox Tracking Flags

(Not tracked)



(1 attachment)



5 years ago
Created attachment 697752 [details] [diff] [review]
patch to fix unicode-handling discrepency between server-core and repoze.who

The repoze.who integration in server-core has a bug in its handling of unicode passwords, due to some bad interactions with repoze.who.

Repoze cooerces all passwords to unicode, falling back to latin1 encoding if they're not valid utf8.  By contract, server-core expects bytestring passwords and wants invalid utf8 to cause an auth failure.  This mismatch can cause encoding/decoding errors at runtime.

There were some testcases that would catch this discrepancy, but they silently fail to run if repoze.who is not installed.

Attached patch does the following:

  * Causes the repoze.who tests to raise SkipTest if repoze.who is not installed, rather than silently failing to run
  * Adds repoze.who to the requirements list, so that the tests are run by default
  * Ensures that we only try to do our own utf8-decoding if the password is not already a unicode string
  * Disables one of the standard auth tests, since it's testing behaviour that cannot be provided on top of repoze.who

(The alternative of course is to just rip out the whoauth code, since we're not using it and have no plans to start doing so - but I guess you never know what third-party deployments might have started doing in the meantime...)
Attachment #697752 - Flags: review?(rmiller)
Attachment #697752 - Flags: review?(rmiller) → review+

Comment 1

5 years ago
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.