Modify

Opened 6 years ago

Closed 5 years ago

#4563 closed defect (worksforme)

pagetodoc fails with EOFError when trac wiki contains images and uses http authentication over SSL

Reported by: anonymous Owned by: markm
Priority: normal Component: PageToDocIntegration
Severity: major Keywords: authentication, images
Cc: mtnbikingmark@… Trac Release: 0.11

Description

When clicking https://someserver/path/to/wiki/MyWikiPage?format=zip below "Download in other formats:" where the apache2.2 server is configured for "HTTP Basic Authentication" and the wiki page contains images with the same realm, pagetodoc fails with error:

 Trac detected an internal error:

EOFError: EOF when reading a line

which is instigated by pagetodoc at line 206 when method download_image() calls the Python urllib's urlretrieve() method.

However quoting urllib's documentation, "The public functions urlopen() and urlretrieve() create an instance of the FancyURLopener class and use it to perform their requested actions".

It further states that "When performing basic authentication, a FancyURLopener instance calls its prompt_user_passwd() method. The default implementation asks the users for the required information on the controlling terminal. A subclass may override this method to support more appropriate behavior if needed."

The python traceback ends at lines 781 and 782 (joined into one here) within the said prompt_user_password() method: user = raw_input("Enter username for %s at %s: " % (realm, host))

This python bug request 1368368 against urllib is instructive: " Currently, urllib.urlopen() "kind of" handles HTTP authentication. You simply write something like this:

urllib.urlopen("http://foo:bar@www.moo.com") " Urllib's documentation states that "To override this functionality [of creating FancyURLopener instances], programmers can create a subclass of URLopener or FancyURLopener, then assign an instance of that class to the urllib._urlopener variable before calling the desired function."

pagetodoc line 81 already obtains the login username and password from HTTP Request, if available, but perhaps should use also the trac_form_token session cookie and/or overload the prompt_user_password() method with one which either induces a 401 Authorizaton Required to the client or otherwise to force pagetodoc to obtain the authentication tuple and thereby improve HTTP authentication/SSL support.

Regards, -anon

Attachments (0)

Change History (4)

comment:1 Changed 6 years ago by markm

Are you saying that

urllib.urllopen("http://foo:bar@www.moo.com")

Is not enough when dealing with SSL? As you say the plugin already does this.

You mention some other methods - but even if I were to override prompt_user_password() I am not sure what it should return, i.e. is it the URL that needs to be updated - or I should do some other stuff?

comment:2 Changed 6 years ago by markm

  • Owner changed from lei to markm

comment:3 Changed 6 years ago by anonymous

  • Cc mtnbikingmark@… added; anonymous removed

comment:4 Changed 5 years ago by anonymous

  • Resolution set to worksforme
  • Status changed from new to closed

solution: add in your apache-configuration (in the virtualhost-box):

WSGIPassAuthorization On

and have fun.

Add Comment

Modify Ticket

Action
as closed The owner will remain markm.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.