Commit a5c87afd authored by Jérome Perrin's avatar Jérome Perrin

stack/erp5: backport Zope fix (Username not in access log for error requests)

parent 8ed389df
From 1f0be881320f440cec05eb838fa42c5ddf56a57c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Tue, 19 Sep 2023 15:19:51 +0900
Subject: [PATCH 1/2] WSGIPublisher: set REMOTE_USER even in case of error
(#1156)
This fixes a problem that user name was empty in access log for error pages.
Fixes #1155
---------
Co-authored-by: Michael Howitz <icemac@gmx.net>
---
src/ZPublisher/WSGIPublisher.py | 13 +++++++------
src/ZPublisher/tests/test_WSGIPublisher.py | 9 +++++++++
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/src/ZPublisher/WSGIPublisher.py b/src/ZPublisher/WSGIPublisher.py
index bd0ae1d17..09b2c44c9 100644
--- a/src/ZPublisher/WSGIPublisher.py
+++ b/src/ZPublisher/WSGIPublisher.py
@@ -382,12 +382,13 @@ def publish_module(environ, start_response,
try:
with load_app(module_info) as new_mod_info:
with transaction_pubevents(request, response):
- response = _publish(request, new_mod_info)
-
- user = getSecurityManager().getUser()
- if user is not None and \
- user.getUserName() != 'Anonymous User':
- environ['REMOTE_USER'] = user.getUserName()
+ try:
+ response = _publish(request, new_mod_info)
+ finally:
+ user = getSecurityManager().getUser()
+ if user is not None and \
+ user.getUserName() != 'Anonymous User':
+ environ['REMOTE_USER'] = user.getUserName()
break
except TransientError:
if request.supports_retry():
diff --git a/src/ZPublisher/tests/test_WSGIPublisher.py b/src/ZPublisher/tests/test_WSGIPublisher.py
index 989970f24..38e402ab3 100644
--- a/src/ZPublisher/tests/test_WSGIPublisher.py
+++ b/src/ZPublisher/tests/test_WSGIPublisher.py
@@ -822,6 +822,15 @@ class TestPublishModule(ZopeTestCase):
self._callFUT(environ, start_response, _publish)
self.assertFalse('REMOTE_USER' in environ)
+ def test_set_REMOTE_USER_environ_error(self):
+ environ = self._makeEnviron()
+ start_response = DummyCallable()
+ _publish = DummyCallable()
+ _publish._raise = ValueError()
+ with self.assertRaises(ValueError):
+ self._callFUT(environ, start_response, _publish)
+ self.assertEqual(environ['REMOTE_USER'], user_name)
+
def test_webdav_source_port(self):
from ZPublisher import WSGIPublisher
old_webdav_source_port = WSGIPublisher._WEBDAV_SOURCE_PORT
--
2.39.2
...@@ -709,6 +709,9 @@ waitress-patches = ...@@ -709,6 +709,9 @@ waitress-patches =
${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-5.patch#ad2765822397cd1e28e02a68a52d7768 ${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-5.patch#ad2765822397cd1e28e02a68a52d7768
${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-6.patch#85fc9c4105eabee3ff71c800b2ddf63b ${:_profile_base_location_}/../../component/egg-patch/waitress/CVE-2022-24761-6.patch#85fc9c4105eabee3ff71c800b2ddf63b
waitress-patch-options = -p1 waitress-patch-options = -p1
Zope-patches =
${:_profile_base_location_}/../../component/egg-patch/Zope/0001-WSGIPublisher-set-REMOTE_USER-even-in-case-of-error-.patch#857a12707cbbeb2ec3d518fac51c6591
Zope-patch-options = -p1
# neoppod installs bin/coverage so we inject erp5 plugin here so that coverage script can use it in report # neoppod installs bin/coverage so we inject erp5 plugin here so that coverage script can use it in report
[neoppod] [neoppod]
...@@ -743,11 +746,13 @@ depends = ...@@ -743,11 +746,13 @@ depends =
Acquisition = 4.7+SlapOSPatched001 Acquisition = 4.7+SlapOSPatched001
Products.DCWorkflow = 2.4.1+SlapOSPatched001 Products.DCWorkflow = 2.4.1+SlapOSPatched001
ocropy = 1.0+SlapOSPatched001 ocropy = 1.0+SlapOSPatched001
PyPDF2 = 1.26.0+SlapOSPatched001
pysvn = 1.9.15+SlapOSPatched001 pysvn = 1.9.15+SlapOSPatched001
python-ldap = 2.4.32+SlapOSPatched001 python-ldap = 2.4.32+SlapOSPatched001
python-magic = 0.4.12+SlapOSPatched001 python-magic = 0.4.12+SlapOSPatched001
PyPDF2 = 1.26.0+SlapOSPatched001
waitress = 1.4.4+SlapOSPatched006 waitress = 1.4.4+SlapOSPatched006
Zope = 4.8.9+SlapOSPatched001
## https://lab.nexedi.com/nexedi/slapos/merge_requests/648 ## https://lab.nexedi.com/nexedi/slapos/merge_requests/648
pylint = 1.4.4+SlapOSPatched002 pylint = 1.4.4+SlapOSPatched002
# astroid 1.4.1 breaks testDynamicClassGeneration # astroid 1.4.1 breaks testDynamicClassGeneration
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment