Ticket #5671 defect new

Opened 13 months ago

Last modified 13 months ago

HTTPAuthSessionWrapper calls Request.finish() on closed connection

Reported by: tomsheffler Owned by:
Priority: normal Milestone:
Component: web Keywords: auth, deferred, closed connection
Cc: jknight, tom.sheffler@… Branch:
Author: Launchpad Bug:

Description

When a credentials checker raises an exception in the deferred returned from requestAvatarId, an exception is sometimes raises rather than a '401 unauthorized' response generated.

This condition can be recreated under the following conditions - the exception is raised after a time delay - the client requesting the authorization is not strictly HTTP/1.1 compliant, or is otherwise misbehaving

The attached server and examples recreate the problem. See the comments at the top of the attached server, serv3.py, for shell command stimuli that illustrate the conditions.

Attachments

serv3.tar.gz Download (1.5 KB) - added by tomsheffler 13 months ago.
example server, raw http traffic for good, bad examples

Change History

1

Changed 13 months ago by DefaultCC Plugin

  • cc jknight added

Changed 13 months ago by tomsheffler

example server, raw http traffic for good, bad examples

2

Changed 13 months ago by tomsheffler

See also #4411.

3

Changed 13 months ago by tomsheffler

  • cc tom.sheffler@… added
Note: See TracTickets for help on using tickets.