[CalendarServer-changes] [5509] CalendarServer/trunk

[source_changes at macosforge.org]

Revision: 5509
          http://trac.macosforge.org/projects/calendarserver/changeset/5509
Author:   sagen at apple.com
Date:     2010-04-22 15:19:07 -0700 (Thu, 22 Apr 2010)
Log Message:
-----------
Don't return a 403 when the username is unknown, return a 401.

Modified Paths:
--------------
    CalendarServer/trunk/twext/web2/dav/resource.py
    CalendarServer/trunk/twistedcaldav/extensions.py

Modified: CalendarServer/trunk/twext/web2/dav/resource.py
===================================================================
--- CalendarServer/trunk/twext/web2/dav/resource.py	2010-04-22 22:17:18 UTC (rev 5508)
+++ CalendarServer/trunk/twext/web2/dav/resource.py	2010-04-22 22:19:07 UTC (rev 5509)
@@ -974,6 +974,10 @@
                 # Try to match principals in each principal collection
                 # on the resource
                 def gotDetails(details, creds):
+                    if details == (None, None):
+                        log.msg("Could not find the principal resource for user id: %s" % (creds.username,))
+                        raise HTTPError(responsecode.UNAUTHORIZED)
+
                     authnPrincipal = IDAVPrincipalResource(details[0])
                     authzPrincipal = IDAVPrincipalResource(details[1])
                     return PrincipalCredentials(
@@ -1549,9 +1553,7 @@
         authnPrincipal = self.findPrincipalForAuthID(authid)
 
         if authnPrincipal is None:
-            log.msg("Could not find the principal resource for user id: %s"
-                    % (authid,))
-            raise HTTPError(responsecode.FORBIDDEN)
+            return succeed((None, None))
 
         d = self.authorizationPrincipal(request, authid, authnPrincipal)
         d.addCallback(lambda authzPrincipal: (authnPrincipal, authzPrincipal))

Modified: CalendarServer/trunk/twistedcaldav/extensions.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/extensions.py	2010-04-22 22:17:18 UTC (rev 5508)
+++ CalendarServer/trunk/twistedcaldav/extensions.py	2010-04-22 22:19:07 UTC (rev 5509)
@@ -131,6 +131,10 @@
 
                 # Try to match principals in each principal collection on the resource
                 authnPrincipal, authzPrincipal = (yield self.principalsForAuthID(request, creds))
+                if (authnPrincipal, authzPrincipal) == (None, None):
+                    log.info("Could not find the principal resource for user id: %s" % (creds.username,))
+                    raise HTTPError(responsecode.UNAUTHORIZED)
+                    
                 authnPrincipal = IDAVPrincipalResource(authnPrincipal)
                 authzPrincipal = IDAVPrincipalResource(authzPrincipal)
 
@@ -169,9 +173,7 @@
         authnPrincipal = self.findPrincipalForAuthID(creds)
 
         if authnPrincipal is None:
-            log.info("Could not find the principal resource for user id: %s"
-                     % (creds.username,))
-            raise HTTPError(responsecode.FORBIDDEN)
+            return succeed((None, None))
 
         d = self.authorizationPrincipal(request, creds.username, authnPrincipal)
         d.addCallback(lambda authzPrincipal: (authnPrincipal, authzPrincipal))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20100422/a406e9ee/attachment-0001.html>