Opened 2 years ago

Last modified 2 years ago

#5671 defect new

HTTPAuthSessionWrapper calls Request.finish() on closed connection

Reported by: tomsheffler Owned by:
Priority: normal Milestone:
Component: web Keywords: auth, deferred, closed connection
Cc: jknight, tom.sheffler@… Branch:
Author: Launchpad Bug:

Description

When a credentials checker raises an exception in the deferred returned from requestAvatarId, an exception is sometimes raises rather than a '401 unauthorized' response generated.

This condition can be recreated under the following conditions

  • the exception is raised after a time delay
  • the client requesting the authorization is not strictly HTTP/1.1 compliant, or is otherwise misbehaving

The attached server and examples recreate the problem. See the comments at the top of the attached server, serv3.py, for shell command stimuli that illustrate the conditions.

Attachments (1)

serv3.tar.gz (1.5 KB) - added by tomsheffler 2 years ago.
example server, raw http traffic for good, bad examples

Download all attachments as: .zip

Change History (4)

comment:1 Changed 2 years ago by DefaultCC Plugin

  • Cc jknight added

Changed 2 years ago by tomsheffler

example server, raw http traffic for good, bad examples

comment:2 Changed 2 years ago by tomsheffler

See also #4411.

comment:3 Changed 2 years ago by tomsheffler

  • Cc tom.sheffler@… added
Note: See TracTickets for help on using tickets.