allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [2/2] git commit: [#7035] canonicalize URL escaping on of paths before use in token validation
Date Fri, 24 Jan 2014 16:23:03 GMT
[#7035] canonicalize URL escaping on of paths before use in token validation


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/7d932b89
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/7d932b89
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/7d932b89

Branch: refs/heads/master
Commit: 7d932b89cf516c33d4ad57a7c23df0583b31349b
Parents: 43def0d
Author: Dave Brondsema <dave@brondsema.net>
Authored: Tue Jan 14 14:39:33 2014 -0500
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Fri Jan 24 16:20:10 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/7d932b89/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 6eb12a8..6e7e452 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -19,6 +19,7 @@
 
 """REST Controller"""
 import logging
+from urllib import quote, unquote
 
 import oauth2 as oauth
 from webob import exc
@@ -56,7 +57,12 @@ class RestController(object):
                 token = M.ApiToken.get(api_key)
             else:
                 log.info('Authenticating with API ticket')
-            if token is not None and token.authenticate_request(request.path, request.params):
+            # Sometimes a path might be only partially escaped like /FAQ-Development,%20Bug%20Reporting,
+            # I don't know why.
+            path = quote(unquote(request.path))
+            if path != request.path:
+                log.info('Canonicalized %s to %s', request.path, path)
+            if token is not None and token.authenticate_request(path, request.params):
                 return token
             else:
                 log.info('API authentication failure')


Mime
View raw message