[session] enforce coherency of login/passwd couple values when no anonymous user (closes: #1910849) stable
authorJulien Jehannet <julien.jehannet@logilab.fr>
Thu, 08 Sep 2011 10:54:25 +0200
branchstable
changeset 7770 a17145243e04
parent 7768 bd44f506ca86
child 7771 59ddc2dbe7e0
[session] enforce coherency of login/passwd couple values when no anonymous user (closes: #1910849) None may be returned for both if anonymous connection is not allowed or if an empty login is used in configuration Raise ConfigurationError is anonymous login is non-ascii (convention)
web/webconfig.py
--- a/web/webconfig.py	Wed Sep 07 17:01:32 2011 +0200
+++ b/web/webconfig.py	Thu Sep 08 10:54:25 2011 +0200
@@ -27,6 +27,7 @@
 from logilab.common.decorators import cached
 from logilab.common.deprecation import deprecated
 
+from cubicweb import ConfigurationError
 from cubicweb.toolsutils import read_config
 from cubicweb.cwconfig import CubicWebConfiguration, register_persistent_options, merge_options
 
@@ -233,16 +234,20 @@
         return self.repository().get_versions()
 
     def anonymous_user(self):
-        """return a login and password to use for anonymous users. None
-        may be returned for both if anonymous connections are not allowed
+        """return a login and password to use for anonymous users.
+        
+        None may be returned for both if anonymous connection is not
+        allowed or if an empty login is used in configuration
         """
         try:
-            user = self['anonymous-user']
+            user   = self['anonymous-user'] or None
             passwd = self['anonymous-password']
+            if user:
+                user = unicode(user)
         except KeyError:
             user, passwd = None, None
-        if user is not None:
-            user = unicode(user)
+        except UnicodeDecodeError:
+            raise ConfigurationError("anonymous information should only contains ascii")
         return user, passwd
 
     def locate_resource(self, rid):