Merge filepassworddb-unhandled-8028-3: Fix twisted.cred.checkers.File…

…PasswordDB when failing to open the db file. Author: d.vinella Reviewer: adiroiban Fixes: #8028 git-svn-id: svn://svn.twistedmatrix.com/svn/Twisted/trunk@45819 bbbe8e31-12d6-0310-92fd-ac37d47ddeeb
twisted · Oct 17, 2015 · ff7a05d · ff7a05d
1 parent f9530fb
commit ff7a05d
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 18 deletions.
diff --git a/twisted/cred/checkers.py b/twisted/cred/checkers.py
@@ -8,12 +8,12 @@
 
 from zope.interface import implementer, Interface, Attribute
 
+from twisted.logger import Logger
 from twisted.internet import defer
-from twisted.python import failure, log
+from twisted.python import failure
 from twisted.cred import error, credentials
 
 
-
 class ICredentialsChecker(Interface):
     """
     An object that can check sub-interfaces of ICredentials.
@@ -119,6 +119,7 @@ class FilePasswordDB:
     cache = False
     _credCache = None
     _cacheTimestamp = 0
+    _log = Logger()
 
     def __init__(self, filename, delim=b':', usernameField=0, passwordField=1,
                  caseSensitive=True, hash=None, cache=False):
@@ -197,24 +198,30 @@ def _cbPasswordMatch(self, matched, username):
 
 
     def _loadCredentials(self):
+        """
+        Loads the credentials from the configured file.
+
+        @return: An iterable of C{username, password} couples.
+        @rtype: C{iterable}
+
+        @raise UnauthorizedLogin: when failing to read the credentials from the
+            file.
+        """
         try:
-            f = open(self.filename, "rb")
-        except:
-            log.err()
+            with open(self.filename, "rb") as f:
+                for line in f:
+                    line = line.rstrip()
+                    parts = line.split(self.delim)
+
+                    if self.ufield >= len(parts) or self.pfield >= len(parts):
+                        continue
+                    if self.caseSensitive:
+                        yield parts[self.ufield], parts[self.pfield]
+                    else:
+                        yield parts[self.ufield].lower(), parts[self.pfield]
+        except IOError as e:
+            self._log.error("Unable to load credentials db: {e!r}", e=e)
             raise error.UnauthorizedLogin()
-        else:
-            for line in f:
-                line = line.rstrip()
-                parts = line.split(self.delim)
-
-                if self.ufield >= len(parts) or self.pfield >= len(parts):
-                    continue
-                if self.caseSensitive:
-                    yield parts[self.ufield], parts[self.pfield]
-                else:
-                    yield parts[self.ufield].lower(), parts[self.pfield]
-        finally:
-            f.close()
 
 
     def getUser(self, username):

diff --git a/twisted/cred/test/test_cred.py b/twisted/cred/test/test_cred.py
@@ -206,6 +206,16 @@ def setUp(self):
                 f.write(u + b":" + p + b"\n")
 
 
+    def test_getUserNonexistentDatabase(self):
+        """
+        A missing db file will cause a permanent rejection of authorization
+        attempts.
+        """
+        self.db = checkers.FilePasswordDB('test_thisbetternoteverexist.db')
+
+        self.failUnlessRaises(error.UnauthorizedLogin, self.db.getUser, 'user')
+
+
     def testUserLookup(self):
         self.db = checkers.FilePasswordDB(self.dbfile)
         for (u, p) in self.users:

diff --git a/twisted/topfiles/8028.bugfix b/twisted/topfiles/8028.bugfix
@@ -0,0 +1 @@
+twisted.cred.checkers.FilePasswordDB now logs an error if the credentials db file does not exist, no longer raises an unhandled error.