Zope2: workaround for broken implementation of Basic auth encoding.

product/ERP5Security/ERP5DumbHTTPExtractionPlugin.py

@@ -55,6 +55,10 @@ class ERP5DumbHTTPExtractionPlugin(BasePlugin):
   security.declarePrivate('extractCredentials')
   @UnrestrictedMethod
   def extractCredentials(self, request):
+    # BBB Zope2
+    # Fix possibly broken _auth for very long auth
+    if getattr(request, '_auth', '').lower().startswith('basic '):
+      request._auth = request._auth.replace('\n', '')
     return DumbHTTPExtractor().extractCredentials(request);
 
 #Form for new plugin in ZMI

[Vincent Pelletier]

BaseRequest._auth is set (on the class) to None, which causes this code to raise: AttributeError: 'NoneType' object has no attribute 'lower'.

The code used in HTTPRequest.clone to decide whether _auth is set is:

if self._auth:

and I think it should be used here too.

[Kazuhiko Shiozaki]

for this annoying AttributeError, @georgios.dagkakis pushed a fixup commit 7eb96ab7 yesterday.

(indeed, getattr here is too verbose, as it should always have _auth.)