Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/lib-patches/Twisted/twisted.web2.auth.digest.patch (4283 => 4284)
--- CalendarServer/branches/release/CalendarServer-2.2-dev/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-05-15 23:10:57 UTC (rev 4283)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-05-15 23:14:51 UTC (rev 4284)
@@ -35,26 +35,65 @@
}
# DigestCalcHA1
-@@ -153,7 +162,18 @@
+@@ -134,11 +143,12 @@
+ implements(credentials.IUsernameHashedPassword,
+ IUsernameDigestHash)
+
+- def __init__(self, username, method, realm, fields):
++ def __init__(self, username, method, realm, fields, originalMethod):
+ self.username = username
+ self.method = method
+ self.realm = realm
+ self.fields = fields
++ self.originalMethod = originalMethod
+
+ def checkPassword(self, password):
+ response = self.fields.get('response')
+@@ -149,12 +159,29 @@
+ algo = self.fields.get('algorithm', 'md5').lower()
+ qop = self.fields.get('qop', 'auth')
+
++ if self.originalMethod:
++ method = self.originalMethod
++ else:
++ method = self.method
++
+ expected = calcResponse(
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
- algo, nonce, nc, cnonce, qop, self.method, uri, None
+- algo, nonce, nc, cnonce, qop, self.method, uri, None
++ algo, nonce, nc, cnonce, qop, method, uri, None
)
+
+ if expected == response:
+ return True
+- return expected == response
+ # IE7 sends cnonce and nc values, but auth fails if they are used.
+ # So try again without them...
+ # They can be omitted for backwards compatibility [RFC 2069].
-+ expected = calcResponse(
-+ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
-+ algo, nonce, None, None, qop, self.method, uri, None
-+ )
-+
- return expected == response
++ if nc is not None or cnonce is not None:
++ expected = calcResponse(
++ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
++ algo, nonce, None, None, qop, method, uri, None
++ )
++ if expected == response:
++ return True
def checkHash(self, digestHash):
-@@ -228,9 +248,9 @@
+ response = self.fields.get('response')
+@@ -165,6 +192,11 @@
+ algo = self.fields.get('algorithm', 'md5').lower()
+ qop = self.fields.get('qop', 'auth')
+
++ if self.originalMethod:
++ method = self.originalMethod
++ else:
++ method = self.method
++
+ expected = calcResponse(
+ calcHA1(algo, None, None, None, nonce, cnonce, preHA1=digestHash),
+ algo, nonce, nc, cnonce, qop, self.method, uri, None
+@@ -228,9 +260,9 @@
# Now, what we do is encode the nonce, client ip and a timestamp
# in the opaque value with a suitable digest
key = "%s,%s,%s" % (nonce, clientip, str(int(self._getTime())))
@@ -66,7 +105,7 @@
def verifyOpaque(self, opaque, nonce, clientip):
"""
-@@ -274,7 +294,7 @@
+@@ -274,7 +306,7 @@
'Invalid response, incompatible opaque/nonce too old')
# Verify the digest
@@ -75,7 +114,7 @@
if digest != opaqueParts[0]:
raise error.LoginFailed('Invalid response, invalid opaque value')
-@@ -293,11 +313,12 @@
+@@ -293,11 +325,12 @@
c = self.generateNonce()
o = self.generateOpaque(c, peer.host)
@@ -93,7 +132,7 @@
def decode(self, response, request):
"""
-@@ -315,18 +336,18 @@
+@@ -315,18 +348,18 @@
@raise: L{error.LoginFailed} if the response does not contain a
username, a nonce, an opaque, or if the opaque is invalid.
"""
@@ -123,7 +162,7 @@
username = auth.get('username')
if not username:
raise error.LoginFailed('Invalid response, no username given.')
-@@ -342,7 +363,7 @@
+@@ -342,7 +375,8 @@
auth.get('nonce'),
request.remoteAddr.host):
@@ -132,4 +171,5 @@
request.method,
self.realm,
- auth)
-+ auth))
++ auth,
++ request.originalMethod if hasattr(request, "originalMethod") else None))
Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/lib-patches/Twisted/twisted.web2.server.patch (4283 => 4284)
--- CalendarServer/branches/release/CalendarServer-2.2-dev/lib-patches/Twisted/twisted.web2.server.patch 2009-05-15 23:10:57 UTC (rev 4283)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/lib-patches/Twisted/twisted.web2.server.patch 2009-05-15 23:14:51 UTC (rev 4284)
@@ -68,7 +68,24 @@
d.addCallback(lambda res, req: res.renderHTTP(req), self)
d.addCallback(self._cbFinishRender)
d.addErrback(self._processingFailed)
-@@ -321,7 +345,6 @@
+@@ -280,6 +304,16 @@
+ response = http.Response(responsecode.OK)
+ response.headers.setHeader('allow', ('GET', 'HEAD', 'OPTIONS', 'TRACE'))
+ return response
++
++ elif self.method == "POST":
++ # Allow other methods to tunnel through using POST and a request header.
++ # See http://code.google.com/apis/gdata/docs/2.0/basics.html
++ if self.headers.hasHeader("X-HTTP-Method-Override"):
++ intendedMethod = self.headers.getRawHeaders("X-HTTP-Method-Override")[0];
++ if intendedMethod:
++ self.originalMethod = self.method
++ self.method = intendedMethod
++
+ # This is where CONNECT would go if we wanted it
+ return None
+
+@@ -321,7 +355,6 @@
if newpath is StopTraversal:
# We need to rethink how to do this.
#if newres is res:
@@ -76,7 +93,7 @@
return res
#else:
# raise ValueError("locateChild must not return StopTraversal with a resource other than self.")
-@@ -337,7 +360,6 @@
+@@ -337,7 +370,6 @@
self.prepath.append(self.postpath.pop(0))
child = self._getChild(None, newres, newpath, updatepaths=updatepaths)
@@ -84,7 +101,7 @@
return child
-@@ -347,6 +369,7 @@
+@@ -347,6 +379,7 @@
"""
Remember the URL of a visited resource.
"""
@@ -92,7 +109,7 @@
self._urlsByResource[resource] = url
return resource
-@@ -386,7 +409,8 @@
+@@ -386,7 +419,8 @@
The contained response will have a status code of
L{responsecode.BAD_REQUEST}.
"""
@@ -102,7 +119,7 @@
#
# Parse the URL
-@@ -407,9 +431,13 @@
+@@ -407,9 +441,13 @@
"URL is not on this site (%s://%s/): %s" % (scheme, self.headers.getHeader("host"), url)
))
@@ -118,7 +135,7 @@
def notFound(f):
f.trap(http.HTTPError)
-@@ -417,7 +445,7 @@
+@@ -417,7 +455,7 @@
return f
return None