Zope PluggableAuthService

Missing try/except to save PAS from faulty IRoles Plugins

Reported by Willi Langenberger on 2010-08-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope PAS
Undecided
Unassigned

Bug Description

In PluggableAuthService.py most plugin calls are surrounded with::

  try:
     ...
     SomePlugin.<method>(...)
     ...
  except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
      logger.debug( 'SomePlugin %s error' % ...)

However, this is not true for the IRoles plugin::

    rolemakers = plugins.listPlugins( IRolesPlugin )
    for rolemaker_id, rolemaker in rolemakers:
        roles = rolemaker.getRolesForPrincipal( user, request )
        if roles:
            user._addRoles( roles )

This has bitten us last week, when a faulty (and ironically not yet
needed) IRolesPlugin was the reason for a complete service loss for
half an hour.

So, is there a specific reason for the absence of the try/except?

In case it is not, i have made a patch and a (very amateurish) test case
against current PAS trunk
http://svn.zope.org/repos/main/Products.PluggableAuthService/trunk.

Thanks,

Willi Langenberger

Willi Langenberger (wlang) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 status confirmed
 assigned tseaver

Thanks very for the patch with tests -- I will check it in tomorrow, if
all goes well.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkxh+0AACgkQ+gerLs4ltQ70GwCfXWs0FlVjENZkF05k85qoSnBj
MYsAnRWUa0pkQ1onarbEYe0lomsSiH2B
=/uGt
-----END PGP SIGNATURE-----

Changed in zope-pas:
status: New → Confirmed
Tres Seaver (tseaver) wrote :

Committed to the trunk for the 1.7.2 release.

Changed in zope-pas:
status: Confirmed → Fix Committed
Tres Seaver (tseaver) on 2011-10-31
Changed in zope-pas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers