#10683 closed defect (fixed)
AuthzPolicy does not handle non-ASCII encoded usernames
| Reported by: | Owned by: | Jun Omae | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.0 |
| Component: | general | Version: | 1.0dev |
| Severity: | normal | Keywords: | authzpolicy username encoding unicode |
| Cc: | ryano@… | Branch: | |
| Release Notes: |
Proper unicode support in AuthzPolicy. |
||
| API Changes: | |||
| Internal Changes: | |||
Description
Permissions defined in authzpolicy.conf are ignored if username contains non-ASCII characters.
TracFineGrainedPermissions says that in this case authzpolicy.conf should be in UTF8 encoding, but actually there is no encoding specification on ConfigObj invokation thus leading to mismatch when comparing usernames with following warning:
/usr/lib/python2.7/dist-packages/tracopt/perm/authz_policy.py:240: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal if who in valid_users or \
to fix this issue I suggest following change to be made on trunk/tracopt/perm/authz_policy.py
--- authz_policy.py.orig 2012-05-03 10:55:36.000000000 +0800
+++ authz_policy.py 2012-05-03 10:56:30.000000000 +0800
@@ -174,7 +174,7 @@
def parse_authz(self):
self.log.debug('Parsing authz security policy %s',
self.get_authz_file())
- self.authz = ConfigObj(self.get_authz_file())
+ self.authz = ConfigObj(self.get_authz_file(),encoding='utf8')
groups = {}
for group, users in self.authz.get('groups', {}).iteritems():
if isinstance(users, basestring):
Attachments (1)
Change History (11)
by , 12 years ago
| Attachment: | authz_policy.py.diff added |
|---|
comment:1 by , 12 years ago
| Keywords: | authzpolicy added; AuthzPolicy removed |
|---|
comment:2 by , 12 years ago
I've reproduced this defect with a username composed of random unicode chars: ñóùæᖎ⊫⏓⩍אָɌ. From reading the documentation for ConfigObj, it appears that the reporter's fix is correct:
By default ConfigObj does not decode the file/strings you pass it into Unicode [8]. If you want your config file as Unicode (keys and members) you need to provide an encoding to decode the file with. This encoding will also be used to encode the config file when writing.
Since TracFineGrainedPermissions#Configuration states:
Put a authzpolicy.conf file somewhere, preferably on a secured location on the server, not readable for others than the webuser. If the file contains non-ASCII characters, the UTF-8 encoding should be used.
it seems like this is a valid defect and should be fixed.
I've applied the patch to my BitBucket branch in b4ddeb127dd2, where I'm addressing several issues with authzpolicy. I'm hoping to have several patches pulled in together.
comment:3 by , 12 years ago
| Cc: | added |
|---|---|
| Version: | → 1.0dev |
comment:4 by , 12 years ago
We can also drop the explicit unicode conversion since the whole file is read as unicode: 18584b1c4bff.
follow-up: 7 comment:5 by , 12 years ago
Good catch! I can reproduce the issue.
I'll commit repos:jomae.git:ticket10683/0.12 to 0.12-stable later, including your patch, Ryan's patch and unit tests for tracopt.perm.authz_policy.
comment:7 by , 12 years ago
Replying to jomae:
and unit tests for
tracopt.perm.authz_policy.
Nice. Having a unit test suite wired up will help a lot with the work on #8976.
comment:8 by , 12 years ago
| Owner: | set to |
|---|
comment:9 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Applied in [11113/branches/0.12-stable] and merged [11114/trunk].
comment:10 by , 12 years ago
| Keywords: | unicode added |
|---|---|
| Release Notes: | modified (diff) |
diff file which fixes #10683