schooltool-developers team mailing list archive

[Douglas Cerna <douglascerna@xxxxxxxxx>]

Alan:

Check for the zope.publisher PyPI page:

http://pypi.python.org/pypi/zope.publisher

Maybe it's related to the changes on "3.9.0 (2009-08-27)"

"""Fix #98471: Restrict redirects to current host. This causes a ValueError to be raised in the case of redirecting to a different host. If this is intentional, the parameter trusted can be given."""

Douglas

"... allí­ es cuando te das cuenta que las cosas malas pueden resultar bastante buenas..." - Lionel Messi

Por favor, evite enviarme adjuntos de Word, Excel o PowerPoint.
Vea http://www.gnu.org/philosophy/no-word-attachments.es.html


--- On Mon, 4/5/10, Alan Elkner <aelkner@xxxxxxxxx> wrote:

> From: Alan Elkner <aelkner@xxxxxxxxx>
> Subject: [Schooltool-developers] CAS problem
> To: schooltool-developers@xxxxxxxxxxxxxxxxxxx
> Date: Monday, April 5, 2010, 2:03 PM
> Could it be that we need to change
> something in schooltool.cas as a
> result of using new zope packages?  Starting
> schooltool at SLA with
> CAS enabled gives the following error:
> 
> Traceback (most recent call last):
>   File
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/publish.py",
> line 131, in publish
>     obj = request.traverse(obj)
>   File
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/browser.py",
> line 542, in traverse
>     ob = super(BrowserRequest,
> self).traverse(obj)
>   File
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/http.py",
> line 456, in traverse
>     ob = super(HTTPRequest, self).traverse(obj)
>   File
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/base.py",
> line 250, in traverse
>     publication.callTraversalHooks(self, obj)
>   File
> "/srv/schooltool/schooltool/eggs/zope.app.publication-3.10.0-py2.5.egg/zope/app/publication/zopepublication.py",
> line 135, in callTraversalHooks
>     self._maybePlacefullyAuthenticate(request,
> ob)
>   File
> "/srv/schooltool/schooltool/eggs/zope.app.publication-3.10.0-py2.5.egg/zope/app/publication/zopepublication.py",
> line 122, in _maybePlacefullyAuthenticate
>     principal = auth.authenticate(request)
>   File
> "/srv/schooltool/schooltool/src/schooltool/app/security.py",
> line 219, in authenticate
>     return self.authPlugin.authenticate(request)
>   File
> "/srv/schooltool/schooltool.cas/src/schooltool/cas/__init__.py",
> line 125, in authenticate
>     request.response.redirect(requrl)
>   File
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/browser.py",
> line 761, in redirect
>     return super(BrowserResponse,
> self).redirect(location, status, trusted)
>   File
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/http.py",
> line 888, in redirect
>     % target_host)
> ValueError: Untrusted redirect to host 'sla.cas.host:443'
> not allowed.
> 
> I replaced the actual host name with a fake one in this
> note for
> security reasons.  I know the cas server name (the
> real one) is right
> and that it worked using the older version of schooltool
> which in turn
> used older zope packages, so that's why Chris suggested
> that there may
> have been a change in zope to cause the error.  That
> may be the case,
> but I don't know why.
> 
> Does anybody have any ideas?
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~schooltool-developers
> Post to     : schooltool-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~schooltool-developers
> More help   : https://help.launchpad.net/ListHelp
>