Commit 419abc03 authored by Romain Courteaud's avatar Romain Courteaud

ERP5Site: stop displaying Basic auth popup in the browser

When a user is already authenticated (by any method) and an Unauthorized error occurs, ZPublisher returns the WWW-Authenticate HTTP header which leads to a blocking popup authentication window in user browser.

This patch just desactivate the HTTP header. Except this, error is handled as previously.
parent c064d05e
......@@ -260,6 +260,10 @@ class ERP5Site(FolderMixIn, CMFSite, CacheCookieMixin):
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
def __before_publishing_traverse__(self, self2, request):
request.RESPONSE.realm = None
return super(ERP5Site, self).__before_publishing_traverse__(self2, request)
def _createInitialSiteManager(self):
# This section of code is inspired by
# Products.CMFDefault.upgrade.to21.upgrade_root_site_manager(),
......
......@@ -29,6 +29,9 @@
import unittest
import pprint
import httplib
import urlparse
import base64
from AccessControl.SecurityManagement import newSecurityManager
from Testing import ZopeTestCase
......@@ -583,6 +586,38 @@ class TestERP5Core(ERP5TypeTestCase, ZopeTestCase.Functional):
self.abort()
setSite(old_site)
def test_BasicAuthenticateDesactivated(self):
"""Make sure Unauthorized error does not lead to Basic auth popup in browser"""
portal = self.getPortal()
# Create user account with very long login name
login_name = 'foo_login_name'
password = 'bar_password'
acl_users = portal.acl_users
acl_users._doAddUser(login_name, password, ['Member'], [])
user = acl_users.getUserById(login_name).__of__(acl_users)
# Login as the above user
newSecurityManager(None, user)
self.auth = '%s:%s' % (login_name, password)
self.commit()
self.tic()
api_scheme, api_netloc, api_path, api_query, \
api_fragment = urlparse.urlsplit(self.portal.absolute_url())
connection = httplib.HTTPConnection(api_netloc)
connection.request(
method='GET',
url='%s/Person_getPrimaryGroup' % \
self.portal.absolute_url(),
headers={
'Authorization': 'Basic %s' % \
base64.b64encode(self.auth)
}
)
response = connection.getresponse()
self.assertEqual(response.status, 401)
self.assertEqual(response.getheader('WWW-Authenticate'), None)
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestERP5Core))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment