Commit 5ea832b7 authored by Jérome Perrin's avatar Jérome Perrin

stack/erp5: backport some Zope fixes WIP

parent 7691a33a
Pipeline #29975 canceled with stage
in 0 seconds
From 1f0be881320f440cec05eb838fa42c5ddf56a57c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Tue, 19 Sep 2023 15:19:51 +0900
Subject: [PATCH 1/2] WSGIPublisher: set REMOTE_USER even in case of error
(#1156)
This fixes a problem that user name was empty in access log for error pages.
Fixes #1155
---------
Co-authored-by: Michael Howitz <icemac@gmx.net>
---
src/ZPublisher/WSGIPublisher.py | 13 +++++++------
src/ZPublisher/tests/test_WSGIPublisher.py | 9 +++++++++
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/src/ZPublisher/WSGIPublisher.py b/src/ZPublisher/WSGIPublisher.py
index bd0ae1d17..09b2c44c9 100644
--- a/src/ZPublisher/WSGIPublisher.py
+++ b/src/ZPublisher/WSGIPublisher.py
@@ -382,12 +382,13 @@ def publish_module(environ, start_response,
try:
with load_app(module_info) as new_mod_info:
with transaction_pubevents(request, response):
- response = _publish(request, new_mod_info)
-
- user = getSecurityManager().getUser()
- if user is not None and \
- user.getUserName() != 'Anonymous User':
- environ['REMOTE_USER'] = user.getUserName()
+ try:
+ response = _publish(request, new_mod_info)
+ finally:
+ user = getSecurityManager().getUser()
+ if user is not None and \
+ user.getUserName() != 'Anonymous User':
+ environ['REMOTE_USER'] = user.getUserName()
break
except TransientError:
if request.supports_retry():
diff --git a/src/ZPublisher/tests/test_WSGIPublisher.py b/src/ZPublisher/tests/test_WSGIPublisher.py
index 989970f24..38e402ab3 100644
--- a/src/ZPublisher/tests/test_WSGIPublisher.py
+++ b/src/ZPublisher/tests/test_WSGIPublisher.py
@@ -822,6 +822,15 @@ class TestPublishModule(ZopeTestCase):
self._callFUT(environ, start_response, _publish)
self.assertFalse('REMOTE_USER' in environ)
+ def test_set_REMOTE_USER_environ_error(self):
+ environ = self._makeEnviron()
+ start_response = DummyCallable()
+ _publish = DummyCallable()
+ _publish._raise = ValueError()
+ with self.assertRaises(ValueError):
+ self._callFUT(environ, start_response, _publish)
+ self.assertEqual(environ['REMOTE_USER'], user_name)
+
def test_webdav_source_port(self):
from ZPublisher import WSGIPublisher
old_webdav_source_port = WSGIPublisher._WEBDAV_SOURCE_PORT
--
2.39.2
From d439b58562670886b3247829aa9ff053b6aaf7fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Tue, 19 Sep 2023 06:28:54 +0200
Subject: [PATCH 2/2] mapply wip
---
src/ZPublisher/mapply.py | 5 ++++-
src/ZPublisher/tests/test_mapply.py | 21 ++++++++++++++++++---
2 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/src/ZPublisher/mapply.py b/src/ZPublisher/mapply.py
index 19deeacf4..41c9ed7e1 100644
--- a/src/ZPublisher/mapply.py
+++ b/src/ZPublisher/mapply.py
@@ -21,7 +21,7 @@ def default_call_object(object, args, context):
def default_missing_name(name, context):
- raise TypeError('argument %s was ommitted' % name)
+ raise TypeError('argument %s was omitted' % name)
def default_handle_class(klass, context):
@@ -61,6 +61,9 @@ def mapply(object, positional=(), keyword={},
positional.insert(0, missing_name('self', context))
if len(positional) > nargs:
raise TypeError('too many arguments')
+ for a, name in zip(positional, names):
+ if name in keyword:
+ raise TypeError('multiple values for argument %s' % name)
args = positional
else:
if bind and nargs and names[0] == 'self':
diff --git a/src/ZPublisher/tests/test_mapply.py b/src/ZPublisher/tests/test_mapply.py
index d31f6d61b..d08a5c979 100644
--- a/src/ZPublisher/tests/test_mapply.py
+++ b/src/ZPublisher/tests/test_mapply.py
@@ -28,11 +28,10 @@ class MapplyTests(unittest.TestCase):
def compute(a, b, c=4):
return '%d%d%d' % (a, b, c)
- values = {'a': 2, 'b': 3, 'c': 5}
- v = mapply(compute, (), values)
+ v = mapply(compute, (), {'a': 2, 'b': 3, 'c': 5})
self.assertEqual(v, '235')
- v = mapply(compute, (7,), values)
+ v = mapply(compute, (7,), {'b': 3, 'c': 5})
self.assertEqual(v, '735')
def testClass(self):
@@ -115,3 +114,19 @@ class MapplyTests(unittest.TestCase):
ob = NoCallButAcquisition().__of__(Root())
self.assertRaises(TypeError, mapply, ob, (), {})
+
+ def testErrors(self):
+ def compute(a, b, c=4):
+ return '%d%d%d' % (a, b, c)
+
+ with self.assertRaisesRegex(TypeError, 'argument a was omitted'):
+ mapply(compute, (), {})
+
+ with self.assertRaisesRegex(TypeError, 'argument b was omitted'):
+ mapply(compute, (1, ), {})
+
+ with self.assertRaisesRegex(TypeError, 'multiple values for argument b'):
+ mapply(compute, (1, 2, ), {'b': 3})
+
+ with self.assertRaisesRegex(TypeError, 'too many arguments'):
+ mapply(compute, (1, 2, 3, 4), {})
--
2.39.2
...@@ -700,6 +700,10 @@ PyPDF2-patches = ${:_profile_base_location_}/../../component/egg-patch/PyPDF2/00 ...@@ -700,6 +700,10 @@ PyPDF2-patches = ${:_profile_base_location_}/../../component/egg-patch/PyPDF2/00
PyPDF2-patch-options = -p1 PyPDF2-patch-options = -p1
python-magic-patches = ${:_profile_base_location_}/../../component/egg-patch/python_magic/magic.patch#de0839bffac17801e39b60873a6c2068 python-magic-patches = ${:_profile_base_location_}/../../component/egg-patch/python_magic/magic.patch#de0839bffac17801e39b60873a6c2068
python-magic-patch-options = -p1 python-magic-patch-options = -p1
Zope-patches =
${:_profile_base_location_}/../../component/egg-patch/Zope/0001-WSGIPublisher-set-REMOTE_USER-even-in-case-of-error-.patch#857a12707cbbeb2ec3d518fac51c6591
${:_profile_base_location_}/../../component/egg-patch/Zope/0002-mapply-wip.patch#56928a9d0b25b344feb0b6ead7bc5e48
Zope-patch-options = -p1
# backported security patches for waitress-1.4.4 from Debian 1.4.4-1.1+deb11u1 package. # backported security patches for waitress-1.4.4 from Debian 1.4.4-1.1+deb11u1 package.
waitress-patches = waitress-patches =
${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-1.patch#a0508880f24662e48a20ce3bcbf440c2 ${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-1.patch#a0508880f24662e48a20ce3bcbf440c2
...@@ -748,6 +752,7 @@ python-ldap = 2.4.32+SlapOSPatched001 ...@@ -748,6 +752,7 @@ python-ldap = 2.4.32+SlapOSPatched001
python-magic = 0.4.12+SlapOSPatched001 python-magic = 0.4.12+SlapOSPatched001
PyPDF2 = 1.26.0+SlapOSPatched001 PyPDF2 = 1.26.0+SlapOSPatched001
waitress = 1.4.4+SlapOSPatched006 waitress = 1.4.4+SlapOSPatched006
Zope = 4.8.8+SlapOSPatched002
## https://lab.nexedi.com/nexedi/slapos/merge_requests/648 ## https://lab.nexedi.com/nexedi/slapos/merge_requests/648
pylint = 1.4.4+SlapOSPatched002 pylint = 1.4.4+SlapOSPatched002
# astroid 1.4.1 breaks testDynamicClassGeneration # astroid 1.4.1 breaks testDynamicClassGeneration
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment