changed to be more tolerant about cookie processing (OGo #1911)

git-svn-id: http://svn.opengroupware.org/SOPE/trunk@1538 e4a50df8-12e2-0310-a44c-efbce7f8a7e3

diff --git a/sope-appserver/NGObjWeb/ChangeLog b/sope-appserver/NGObjWeb/ChangeLog
index 6a0daf17799abde81bf528287f3133094c0c2946..ee71d66af48dd30b91da115dc2f6c0db492b007f 100644 (file)
--- a/sope-appserver/NGObjWeb/ChangeLog
+++ b/sope-appserver/NGObjWeb/ChangeLog
@@ -1,7 +1,13 @@
+2007-09-14  Helge Hess  <helge.hess@opengroupware.org>
+
+       * SoObjects/SoHTTPAuthenticator.m, SoCookieAuthenticator.m: be more
+         tolerant about the formatting of 'basic' auth credentials (wrt OGo
+         bug #1911) (v4.7.15)
+
 2007-08-29  Helge Hess  <helge.hess@opengroupware.org>
 
        * WEClientCapabilities.m: added CookComputing XML-RPC.NET as a known
-         user-agent (fixes OGo buf #1910) (v4.7.14)
+         user-agent (fixes OGo bug #1910) (v4.7.14)
 
 2007-06-29  Adam Williams  <awilliam@whitemice.org>
 

diff --git a/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m b/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m
index 6d10db583115f871ecaa8a11c4b4daae6556990f..7eba654dde6b6ad06888c5f8f098ad9533a2bb43 100644 (file)
--- a/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m
+++ b/sope-appserver/NGObjWeb/SoObjects/SoCookieAuthenticator.m
@@ -1,5 +1,5 @@
 /*
-  Copyright (C) 2006 Helge Hess
+  Copyright (C) 2006-2007 Helge Hess
 
   This file is part of SOPE.
 
@@ -28,7 +28,6 @@
 #include <NGObjWeb/WORequest.h>
 #include <NGObjWeb/WOResponse.h>
 #include <NGObjWeb/WOContext.h>
-#include <NGObjWeb/WOCookie.h>
 #include <NGExtensions/NSString+Ext.h>
 #include "common.h"
 
@@ -216,7 +215,11 @@ static NSString *prefix = @"0xHIGHFLYx";
                  inContext:_ctx];
   }
   
-  k = [auth substringFromIndex:6];
+  /*
+    Should be 'basic ' (basic + space), but lets be tolerant and allow an
+    arbitary amount of leading spaces.
+  */
+  k = [[auth substringFromIndex:5] stringByTrimmingLeadWhiteSpaces];
   if ((k = [k stringByDecodingBase64]) == nil) {
     [self logWithFormat:@"tried unknown authentication method: %@ (C)", auth];
     return [self unauthorized:@"unsupported authentication method"

diff --git a/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m b/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m
index d29066b735a5ea0a18dfada4f32b67f2a9eb88ef..34bb5d4479248b2bd5c29e311aa959c52fd10f83 100644 (file)
--- a/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m
+++ b/sope-appserver/NGObjWeb/SoObjects/SoHTTPAuthenticator.m
@@ -1,7 +1,6 @@
 /*
-  Copyright (C)
-  2002-2006 SKYRIX Software AG
-  2006      Helge Hess
+  Copyright (C) 2002-2007 SKYRIX Software AG
+  Copyright (C) 2006-2007 Helge Hess
 
   This file is part of SOPE.
 
@@ -94,7 +93,11 @@
     return nil;
   }
   
-  k = [_creds substringFromIndex:6];
+  /*
+    Should be 'basic ' (basic + space), but lets be tolerant and allow an
+    arbitary amount of leading spaces.
+  */
+  k = [[_creds substringFromIndex:5] stringByTrimmingLeadWhiteSpaces];
   k = [k stringByDecodingBase64];
   if (k == nil) return nil;
 
@@ -235,7 +238,11 @@
                  inContext:_ctx];
   }
   
-  k = [auth substringFromIndex:6];
+  /*
+    Should be 'basic ' (basic + space), but lets be tolerant and allow an
+    arbitary amount of leading spaces.
+  */
+  k = [[auth substringFromIndex:5] stringByTrimmingLeadWhiteSpaces];
   if ((k = [k stringByDecodingBase64]) == nil) {
     [self logWithFormat:@"tried unknown authentication method: %@ (C)", auth];
     return [self unauthorized:@"unsupported authentication method"

diff --git a/sope-appserver/NGObjWeb/Version b/sope-appserver/NGObjWeb/Version
index ae72b0bb4e03a915e825cda8657715a028d2cef7..f094a8aa417a7f853bb1d9895b3839d0b417d1bf 100644 (file)
--- a/sope-appserver/NGObjWeb/Version
+++ b/sope-appserver/NGObjWeb/Version
@@ -1,6 +1,6 @@
 # version file
 
-SUBMINOR_VERSION:=14
+SUBMINOR_VERSION:=15
 
 # v4.7.11  requires libNGExtensions v4.7.194
 # v4.5.234 requires libDOM          v4.5.21