Closed
Bug 826568
Opened 12 years ago
Closed 12 years ago
whoauth testcase test_ad_utf8_password has been failing silently
Categories
(Cloud Services :: Server: Core, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rfkelly, Unassigned)
Details
Attachments
(1 file)
|
6.80 KB,
patch
|
rmiller
:
review+
|
Details | Diff | Splinter Review |
The repoze.who integration in server-core has a bug in its handling of unicode passwords, due to some bad interactions with repoze.who. Repoze cooerces all passwords to unicode, falling back to latin1 encoding if they're not valid utf8. By contract, server-core expects bytestring passwords and wants invalid utf8 to cause an auth failure. This mismatch can cause encoding/decoding errors at runtime. There were some testcases that would catch this discrepancy, but they silently fail to run if repoze.who is not installed. Attached patch does the following: * Causes the repoze.who tests to raise SkipTest if repoze.who is not installed, rather than silently failing to run * Adds repoze.who to the requirements list, so that the tests are run by default * Ensures that we only try to do our own utf8-decoding if the password is not already a unicode string * Disables one of the standard auth tests, since it's testing behaviour that cannot be provided on top of repoze.who (The alternative of course is to just rip out the whoauth code, since we're not using it and have no plans to start doing so - but I guess you never know what third-party deployments might have started doing in the meantime...)
Attachment #697752 -
Flags: review?(rmiller)
|
||
Updated•12 years ago
|
Attachment #697752 -
Flags: review?(rmiller) → review+
|
Reporter | |
Comment 1•12 years ago
|
||
http://hg.mozilla.org/services/server-core/rev/dd29da5f688e
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•