Edgewall Software

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#10683 closed defect (fixed)

AuthzPolicy does not handle non-ASCII encoded usernames

Reported by: pushkinsv@… Owned by: Jun Omae
Priority: normal Milestone: 1.0
Component: general Version: 1.0dev
Severity: normal Keywords: authzpolicy username encoding unicode
Cc: ryano@… Branch:
Release Notes:

Proper unicode support in AuthzPolicy.

API Changes:
Internal Changes:


Permissions defined in authzpolicy.conf are ignored if username contains non-ASCII characters.

TracFineGrainedPermissions says that in this case authzpolicy.conf should be in UTF8 encoding, but actually there is no encoding specification on ConfigObj invokation thus leading to mismatch when comparing usernames with following warning:

/usr/lib/python2.7/dist-packages/tracopt/perm/authz_policy.py:240: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
  if who in valid_users or \

to fix this issue I suggest following change to be made on trunk/tracopt/perm/authz_policy.py

--- authz_policy.py.orig        2012-05-03 10:55:36.000000000 +0800
+++ authz_policy.py     2012-05-03 10:56:30.000000000 +0800
@@ -174,7 +174,7 @@
     def parse_authz(self):
         self.log.debug('Parsing authz security policy %s',
-        self.authz = ConfigObj(self.get_authz_file())
+        self.authz = ConfigObj(self.get_authz_file(),encoding='utf8')
         groups = {}
         for group, users in self.authz.get('groups', {}).iteritems():
             if isinstance(users, basestring):

Attachments (1)

authz_policy.py.diff (549 bytes ) - added by pushkinsv@… 12 years ago.
diff file which fixes #10683

Download all attachments as: .zip

Change History (11)

by pushkinsv@…, 12 years ago

Attachment: authz_policy.py.diff added

diff file which fixes #10683

comment:1 by Ryan J Ollos <ryano@…>, 12 years ago

Keywords: authzpolicy added; AuthzPolicy removed

comment:2 by Ryan J Ollos <ryano@…>, 12 years ago

I've reproduced this defect with a username composed of random unicode chars: ñóùæᖎ⊫⏓⩍אָɌ. From reading the documentation for ConfigObj, it appears that the reporter's fix is correct:

By default ConfigObj does not decode the file/strings you pass it into Unicode [8]. If you want your config file as Unicode (keys and members) you need to provide an encoding to decode the file with. This encoding will also be used to encode the config file when writing.

Since TracFineGrainedPermissions#Configuration states:

Put a ​authzpolicy.conf file somewhere, preferably on a secured location on the server, not readable for others than the webuser. If the file contains non-ASCII characters, the UTF-8 encoding should be used.

it seems like this is a valid defect and should be fixed.

I've applied the patch to my BitBucket branch in b4ddeb127dd2, where I'm addressing several issues with authzpolicy. I'm hoping to have several patches pulled in together.

comment:3 by Ryan J Ollos <ryano@…>, 12 years ago

Cc: ryano@… added
Version: 1.0dev

comment:4 by Ryan J Ollos <ryano@…>, 12 years ago

We can also drop the explicit unicode conversion since the whole file is read as unicode: 18584b1c4bff.

comment:5 by Jun Omae, 12 years ago

Good catch! I can reproduce the issue.

I'll commit repos:jomae.git:ticket10683/0.12 to 0.12-stable later, including your patch, Ryan's patch and unit tests for tracopt.perm.authz_policy.

comment:6 by Christian Boos, 12 years ago

Milestone: 1.0

On 1.0 then, I assume.

in reply to:  5 comment:7 by Ryan J Ollos <ryano@…>, 12 years ago

Replying to jomae:

and unit tests for tracopt.perm.authz_policy.

Nice. Having a unit test suite wired up will help a lot with the work on #8976.

comment:8 by Remy Blank, 12 years ago

Owner: set to Jun Omae

comment:9 by Jun Omae, 12 years ago

Resolution: fixed
Status: newclosed

comment:10 by Christian Boos, 12 years ago

Keywords: unicode added
Release Notes: modified (diff)

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Jun Omae.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jun Omae to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.