You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/01/14 20:39:52 UTC
git commit: [#7035] canonicalize URL escaping on of paths before use
in token validation
Updated Branches:
refs/heads/db/7035 [created] 942f17123
[#7035] canonicalize URL escaping on of paths before use in token validation
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/942f1712
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/942f1712
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/942f1712
Branch: refs/heads/db/7035
Commit: 942f171236fea946ae73e1eeae28a92f11dee95f
Parents: f824160
Author: Dave Brondsema <da...@brondsema.net>
Authored: Tue Jan 14 14:39:33 2014 -0500
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue Jan 14 14:39:33 2014 -0500
----------------------------------------------------------------------
Allura/allura/controllers/rest.py | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/942f1712/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 6eb12a8..6e7e452 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -19,6 +19,7 @@
"""REST Controller"""
import logging
+from urllib import quote, unquote
import oauth2 as oauth
from webob import exc
@@ -56,7 +57,12 @@ class RestController(object):
token = M.ApiToken.get(api_key)
else:
log.info('Authenticating with API ticket')
- if token is not None and token.authenticate_request(request.path, request.params):
+ # Sometimes a path might be only partially escaped like /FAQ-Development,%20Bug%20Reporting,
+ # I don't know why.
+ path = quote(unquote(request.path))
+ if path != request.path:
+ log.info('Canonicalized %s to %s', request.path, path)
+ if token is not None and token.authenticate_request(path, request.params):
return token
else:
log.info('API authentication failure')