[CalendarServer-changes] [4392] CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource. patch
source_changes at macosforge.org
source_changes at macosforge.org
Mon Jun 29 18:17:16 PDT 2009
Revision: 4392
http://trac.macosforge.org/projects/calendarserver/changeset/4392
Author: sagen at apple.com
Date: 2009-06-29 18:17:13 -0700 (Mon, 29 Jun 2009)
Log Message:
-----------
Fix for twisted.cred.error.LoginFailed not being properly handled
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2009-06-29 22:44:20 UTC (rev 4391)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2009-06-30 01:17:13 UTC (rev 4392)
@@ -2,22 +2,95 @@
===================================================================
--- twisted/web2/dav/resource.py (revision 26969)
+++ twisted/web2/dav/resource.py (working copy)
-@@ -49,12 +49,13 @@
+@@ -49,12 +49,14 @@
if not hasattr(__builtin__, "frozenset"):
import sets.ImmutableSet as frozenset
+import urllib
+
from zope.interface import implements
++from twisted.cred.error import LoginFailed, UnauthorizedLogin
from twisted.python import log
from twisted.python.failure import Failure
- from twisted.internet.defer import Deferred, maybeDeferred, succeed
+-from twisted.internet.defer import Deferred, maybeDeferred, succeed
++from twisted.internet.defer import Deferred, maybeDeferred, succeed, inlineCallbacks
from twisted.internet.defer import waitForDeferred, deferredGenerator
-from twisted.cred.error import LoginFailed, UnauthorizedLogin
from twisted.internet import reactor
from twisted.web2 import responsecode
from twisted.web2.http import HTTPError, RedirectResponse, StatusResponse
-@@ -1880,7 +1881,7 @@
+@@ -642,41 +644,43 @@
+ # Authentication
+ ##
+
++ @inlineCallbacks
+ def authorize(self, request, privileges, recurse=False):
+ """
+ See L{IDAVResource.authorize}.
+ """
+- def onAuth(result):
+- def onErrors(failure):
+- failure.trap(AccessDeniedError)
+-
+- # If we were unauthorized to start with (no Authorization header from client) then
+- # we should return an unauthorized response instead to force the client to login if it can
+- if request.authnUser == davxml.Principal(davxml.Unauthenticated()):
+- d = UnauthorizedResponse.makeResponse(request.credentialFactories,
+- request.remoteAddr)
+- def _fail(response):
+- return Failure(HTTPError(response))
+- return d.addCallback(_fail)
+- else:
+- response = NeedPrivilegesResponse(request.uri,
+- failure.value.errors)
+- #
+- # We're not adding the headers here because this response
+- # class is supposed to be a FORBIDDEN status code and
+- # "Authorization will not help" according to RFC2616
+- #
+- raise HTTPError(response)
+
+- d = self.checkPrivileges(request, privileges, recurse)
+- d.addErrback(onErrors)
+- return d
++ try:
++ yield self.authenticate(request)
++ except (UnauthorizedLogin, LoginFailed), e:
++ log.msg("Authentication failed: %s" % (e,))
++ response = (yield UnauthorizedResponse.makeResponse(
++ request.credentialFactories,
++ request.remoteAddr
++ ))
++ raise HTTPError(response)
+
+- d = maybeDeferred(self.authenticate, request)
+- d.addCallback(onAuth)
+- return d
++ try:
++ yield self.checkPrivileges(request, privileges, recurse)
++ except AccessDeniedError, e:
++ # If we were unauthenticated to start with (no Authorization header from client) then
++ # we should return an unauthorized response instead to force the client to login if it can
++ if request.authnUser == davxml.Principal(davxml.Unauthenticated()):
++ response = (yield UnauthorizedResponse.makeResponse(
++ request.credentialFactories,
++ request.remoteAddr
++ ))
++ else:
++ response = NeedPrivilegesResponse(request.uri, e.errors)
++ #
++ # We're not adding the headers here because this response
++ # class is supposed to be a FORBIDDEN status code and
++ # "Authorization will not help" according to RFC2616
++ #
++ raise HTTPError(response)
+
+
++
+ def authenticate(self, request):
+ if not (
+ hasattr(request, 'portal') and
+@@ -1880,7 +1884,7 @@
# If this is a collection and the URI doesn't end in "/", redirect.
#
if self.isCollection() and request.path[-1:] != "/":
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090629/d260c64b/attachment.html>
More information about the calendarserver-changes
mailing list