Centralize basic auth header de/encoding.

zopefoundation · May 14, 2017 · d007655 · d007655
1 parent d72b134
commit d007655
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 23 deletions.
diff --git a/src/OFS/tests/test_userfolder.py b/src/OFS/tests/test_userfolder.py
@@ -12,8 +12,11 @@
 ##############################################################################
 """ Unit tests for OFS.userfolder
 """
+
 import unittest
 
+from ZPublisher.utils import basic_auth_encode
+
 # TODO class Test_readUserAccessFile(unittest.TestCase)
 
 
@@ -68,8 +71,7 @@ def _makeApp(self):
         return app
 
     def _makeBasicAuthToken(self, creds='user1:secret'):
-        import base64
-        return 'Basic %s' % base64.encodestring(creds)
+        return basic_auth_encode(creds)
 
     def _login(self, uf, name):
         from AccessControl.SecurityManagement import newSecurityManager

diff --git a/src/Testing/ZopeTestCase/functional.py b/src/Testing/ZopeTestCase/functional.py
@@ -15,7 +15,6 @@
 After Marius Gedminas' functional.py module for Zope3.
 """
 
-import base64
 from functools import partial
 import sys
 
@@ -26,6 +25,7 @@
 from Testing.ZopeTestCase import interfaces
 from Testing.ZopeTestCase import sandbox
 from ZPublisher.httpexceptions import HTTPExceptionHandler
+from ZPublisher.utils import basic_auth_encode
 
 
 def savestate(func):
@@ -90,7 +90,7 @@ def publish(self, path, basic=None, env=None, extra=None,
             raise TypeError('')
 
         if basic:
-            env['HTTP_AUTHORIZATION'] = "Basic %s" % base64.encodestring(basic)
+            env['HTTP_AUTHORIZATION'] = basic_auth_encode(basic)
 
         if stdin is None:
             stdin = BytesIO()

diff --git a/src/Testing/ZopeTestCase/zopedoctest/functional.py b/src/Testing/ZopeTestCase/zopedoctest/functional.py
@@ -13,7 +13,6 @@
 """Support for (functional) doc tests
 """
 
-import base64
 import doctest
 from functools import partial
 import re
@@ -34,6 +33,8 @@
 from Testing.ZopeTestCase.functional import ResponseWrapper
 from Testing.ZopeTestCase.functional import savestate
 from ZPublisher.httpexceptions import HTTPExceptionHandler
+from ZPublisher.utils import basic_auth_encode
+
 
 if sys.version_info >= (3, ):
     basestring = str
@@ -106,8 +107,7 @@ def auth_header(header):
             u = ''
         if p is None:
             p = ''
-        auth = base64.encodestring('%s:%s' % (u, p))
-        return 'Basic %s' % auth[:-1]
+        return basic_auth_encode(u, p)
     return header
 
 
@@ -307,8 +307,7 @@ def setup_globs(self):
         globs['http'] = http
         globs['getRootFolder'] = getRootFolder
         globs['sync'] = sync
-        unencoded_user_auth = ('%s:%s' % (user_name, user_password)).encode('utf-8')
-        globs['user_auth'] = base64.encodestring(unencoded_user_auth)
+        globs['user_auth'] = basic_auth_encode(user_name, user_password)
 
     def setup_test_class(self):
         test_class = self._kw.get('test_class', FunctionalTestCase)

diff --git a/src/ZPublisher/HTTPRequest.py b/src/ZPublisher/HTTPRequest.py
@@ -18,6 +18,7 @@
 from cgi import escape
 from cgi import FieldStorage
 import codecs
+import collections
 from copy import deepcopy
 import os
 from os import unlink
@@ -45,7 +46,7 @@
 from ZPublisher.BaseRequest import BaseRequest
 from ZPublisher.BaseRequest import quote
 from ZPublisher.Converters import get_converter
-import collections
+from ZPublisher.utils import basic_auth_decode
 
 if sys.version_info >= (3, ):
     unicode = str
@@ -1534,12 +1535,8 @@ def text(self):
         return result
 
     def _authUserPW(self):
-        auth = self._auth
-        if auth:
-            if auth[:6].lower() == 'basic ':
-                [name, password] = \
-                    base64.decodestring(auth.split()[-1]).split(':', 1)
-                return name, password
+        # Can return None
+        return basic_auth_decode(self._auth)
 
     def taintWrapper(self, enabled=TAINTING_ENABLED):
         return enabled and TaintRequestWrapper(self) or self

diff --git a/src/ZPublisher/tests/testHTTPRequest.py b/src/ZPublisher/tests/testHTTPRequest.py
@@ -1,4 +1,16 @@
-import base64
+##############################################################################
+#
+# Copyright (c) 2002 Zope Foundation and Contributors.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+
 from io import BytesIO
 import sys
 import unittest
@@ -12,6 +24,7 @@
 from zope.testing.cleanup import cleanUp
 
 from ZPublisher.tests.testBaseRequest import TestRequestViewsBase
+from ZPublisher.utils import basic_auth_encode
 
 if sys.version_info >= (3, ):
     unicode = str
@@ -755,8 +768,7 @@ def test_processInputs_with_file_upload_gets_iterator(self):
     def test__authUserPW_simple(self):
         user_id = 'user'
         password = 'password'
-        encoded = base64.encodestring('%s:%s' % (user_id, password))
-        auth_header = 'basic %s' % encoded
+        auth_header = basic_auth_encode(user_id, password)
 
         environ = {'HTTP_AUTHORIZATION': auth_header}
         request = self._makeOne(environ=environ)
@@ -770,8 +782,7 @@ def test__authUserPW_with_embedded_colon(self):
         # http://www.zope.org/Collectors/Zope/2039
         user_id = 'user'
         password = 'embedded:colon'
-        encoded = base64.encodestring('%s:%s' % (user_id, password))
-        auth_header = 'basic %s' % encoded
+        auth_header = basic_auth_encode(user_id, password)
 
         environ = {'HTTP_AUTHORIZATION': auth_header}
         request = self._makeOne(environ=environ)

diff --git a/src/ZPublisher/utils.py b/src/ZPublisher/utils.py
@@ -11,10 +11,12 @@
 #
 ##############################################################################
 
+import base64
 import logging
 import sys
 
 from Acquisition import aq_inner, aq_parent
+from six import PY3
 import transaction
 
 if sys.version_info >= (3, ):
@@ -80,3 +82,28 @@ def safe_unicode(value):
         except UnicodeDecodeError:
             value = value.decode('utf-8', 'replace')
     return value
+
+
+def basic_auth_encode(user, password=None):
+    # user / password and the return value are of type str
+    value = user
+    if password is not None:
+        value = value + ':' + password
+    header = b'Basic ' + base64.b64encode(value.encode('latin-1'))
+    if PY3:
+        header = header.decode('latin-1')
+    return header
+
+
+def basic_auth_decode(token):
+    # token and the return values are of type str
+    if not token:
+        return None
+    if not token[:6].lower() == 'basic ':
+        return None
+    value = token.split()[-1]  # Strip 'Basic '
+    plain = base64.b64decode(value)
+    if PY3:
+        plain = plain.decode('latin-1')
+    user, password = plain.split(':', 1)  # Split at most once
+    return (user, password)
diff --git a/src/ZTUtils/Tree.py b/src/ZTUtils/Tree.py
@@ -249,12 +249,12 @@ def b2a(s):
     text = str(s).translate(a2u_map)
     if six.PY3:
         text = text.encode('utf-8')
-    return base64.encodestring(text).replace(b'\n', b'')
+    return base64.b64encode(text)
 
 
 def a2b(s):
     '''Decode a b2a-encoded string.'''
-    return base64.decodestring(s.translate(u2a_map))
+    return base64.b64decode(s.translate(u2a_map))
 
 
 def encodeExpansion(nodes, compress=1):