[Medusa-dev] auth_handler.py (auth_handler.handle_request) bug

Sergio Fernandez sfmunoz@teleline.es
Fri Nov 22 18:51:16 2002


I have found a bug in auth_handler.py file, class auth_handler, method
handle_request (line 51). This bug exists in 0.5.2, 0.5.3 and CVS (Nov
22, 2002) versions.

I'm using SuSE 8.0, Python 2.2.

Simple Medusa startup script where you can see the problem could be:

	#!/usr/bin/env python

	import os
	import sys
	import asyncore

	from medusa import http_server
	from medusa import filesys
	from medusa import default_handler
	from medusa import auth_handler
	from medusa import logger

	lg = logger.file_logger(sys.stdout)
	hs = http_server.http_server ('',8080,None,lg)

	fs = filesys.os_filesystem('/var/www')
	dh = default_handler.default_handler(fs)

	audh = auth_handler.auth_handler({ 'user':'pass'},dh)
	hs.install_handler (audh)


If you access medusa_host:8080, you can see it asks you for user/password.
When you write them (user is 'user' and password is 'pass' as you can see
in startup script) an error appears in the browser:

	Error response
	Error code: 500
	Message: Internal Server Error.

In medusa log you can see:

	error: Server Error: exceptions.AttributeError, group: file: /usr/lib/python2.2/site-packages/medusa/auth_handler.py line: 51

To fix this bug, I have substituted bug line. Patch is:

diff -urN medusa-0.5.3.orig/auth_handler.py medusa-0.5.3/auth_handler.py
--- medusa-0.5.3.orig/auth_handler.py	Sat Mar 23 16:00:42 2002
+++ medusa-0.5.3/auth_handler.py	Sat Nov 16 17:50:48 2002
@@ -48,7 +48,7 @@
         if scheme:
             scheme = string.lower (scheme)
             if scheme == 'basic':
-                cookie = AUTHORIZATION.group(2)
+                cookie = get_header (AUTHORIZATION, request.header, 2)
                     decoded = base64.decodestring (cookie)

This patch works fine for default_handler. But when I have proved it I have
found other problem. In order to separate things, I will e-mail it in a
different message.


More information about the Medusa-dev mailing list