Chris Withers wrote: > > So what was causing the original error then? string.split('basic')[-1] was returning 'basic'. base64.decodestring('basic') causes an "Incorrect padding" error. base64.decodestring('basic ') causes an "Incorrect padding" error too. Martijn Pieters wrote: > We partly agree, and this is tricky. Unauthorised is wrong, it should return a > Bad Request (or whatever the correct HTTP error is in this case). File a > patch! =) I've attached a patch to lib/python/AccessControl/User.py. If there are no suggestions of improvements, or complaints :-) I'll stick it into the Collector. I looked over the RFC, and Bad Request seems to be the best response code. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net
*** lib/python/AccessControl/User.py.original Mon Jul 24 20:31:40 2000 --- lib/python/AccessControl/User.py Mon Jul 24 20:51:33 2000 *************** *** 438,444 **** # Only do basic authentication if lower(auth[:6])!='basic ': return None ! name,password=tuple(split(decodestring(split(auth)[-1]), ':', 1)) # Check for superuser super=self._super --- 438,451 ---- # Only do basic authentication if lower(auth[:6])!='basic ': return None ! try: ! name,password=\ ! tuple(split(decodestring(split(auth)[-1]), ':', 1)) ! except: # not a proper basic auth string ! request.response.setStatus(400) ! raise 'InternalError', request.response._error_html( ! "Internal Error", ! "Zope could not understand the Basic Authentication supplied.") # Check for superuser super=self._super