Modified: CalendarServer/trunk/twistedcaldav/directory/digest.py (1591 => 1592)
--- CalendarServer/trunk/twistedcaldav/directory/digest.py 2007-06-06 21:38:12 UTC (rev 1591)
+++ CalendarServer/trunk/twistedcaldav/directory/digest.py 2007-06-06 22:17:51 UTC (rev 1592)
@@ -337,7 +337,7 @@
username, a nonce, an opaque, or if the opaque is invalid.
"""
def unq(s):
- if s[0] == s[-1] == '"':
+ if len(s) != 0 and s[0] == s[-1] == '"':
return s[1:-1]
return s
response = ' '.join(response.splitlines())
Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py (1591 => 1592)
--- CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py 2007-06-06 21:38:12 UTC (rev 1591)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_digest.py 2007-06-06 22:17:51 UTC (rev 1592)
@@ -60,7 +60,9 @@
namelessAuthRequest = 'realm="test realm",nonce="doesn\'t matter"'
+emtpyAttributeAuthRequest = 'realm=,nonce="doesn\'t matter"'
+
class DigestAuthTestCase(unittest.TestCase):
"""
Test the behavior of DigestCredentialFactory
@@ -233,6 +235,20 @@
_trivial_GET)
self.assertEquals(str(e), "Invalid response, no nonce given.")
+ def test_emptyAttribute(self):
+ """
+ Test that login fails when our response contains an attribute
+ with no value,
+ """
+
+ # Check for no username
+ for factory in self.credentialFactories:
+ e = self.assertRaises(error.LoginFailed,
+ factory.decode,
+ emtpyAttributeAuthRequest,
+ _trivial_GET)
+ self.assertEquals(str(e), "Invalid response, no username given.")
+
def test_checkHash(self):
"""
Check that given a hash of the form 'username:realm:password'