Revision: 1595 http://trac.macosforge.org/projects/calendarserver/changeset/1595 Author: cdaboo@apple.com Date: 2007-06-06 19:25:31 -0700 (Wed, 06 Jun 2007) Log Message: ----------- Make sure missing arguments in digest auth do not cause a 500 error when using OpenDirectory authentication. Modified Paths: -------------- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py Modified: CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py =================================================================== --- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2007-06-07 02:18:02 UTC (rev 1594) +++ CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2007-06-07 02:25:31 UTC (rev 1595) @@ -582,13 +582,18 @@ # We need a special format for the "challenge" and "response" strings passed into open directory, as it is # picky about exactly what it receives. - challenge = 'Digest realm="%(realm)s", nonce="%(nonce)s", algorithm=%(algorithm)s' % credentials.fields - response = ('Digest username="%(username)s", ' - 'realm="%(realm)s", ' - 'nonce="%(nonce)s", ' - 'uri="%(uri)s", ' - 'response="%(response)s",' - 'algorithm=%(algorithm)s') % credentials.fields + try: + challenge = 'Digest realm="%(realm)s", nonce="%(nonce)s", algorithm=%(algorithm)s' % credentials.fields + response = ('Digest username="%(username)s", ' + 'realm="%(realm)s", ' + 'nonce="%(nonce)s", ' + 'uri="%(uri)s", ' + 'response="%(response)s",' + 'algorithm=%(algorithm)s') % credentials.fields + except KeyError: + log.err("Open Directory (node=%s) error while performing digest authentication for user %s: missing digest response fields: %s" + % (self.service.realmName, self.shortName, credentials.fields)) + return False return opendirectory.authenticateUserDigest( self.service.directory, Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py =================================================================== --- CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py 2007-06-07 02:18:02 UTC (rev 1594) +++ CalendarServer/trunk/twistedcaldav/directory/test/test_opendirectory.py 2007-06-07 02:25:31 UTC (rev 1595) @@ -23,6 +23,7 @@ else: from twistedcaldav.directory.directory import DirectoryService import twistedcaldav.directory.test.util + import twisted.web2.auth.digest # Wonky hack to prevent unclean reactor shutdowns class DummyReactor(object): @@ -59,3 +60,18 @@ def service(self): return self._service + def test_invalidODDigest(self): + record = twistedcaldav.directory.appleopendirectory.OpenDirectoryRecord( + self.service(), + DirectoryService.recordType_users, + "GUID-123", + "guidify", + "GUID", + set("mailtoguid@example.com",), + [] + ) + + digestFields = {} + digested = twisted.web2.auth.digest.DigestedCredentials("user", "GET", "example.com", digestFields) + + self.assertFalse(record.verifyCredentials(digested))