schooltool-developers team mailing list archive

Thread
Date
Re: CAS problem

To: Alan Elkner <aelkner@xxxxxxxxx>
From: Douglas Cerna <douglascerna@xxxxxxxxx>
Date: Mon, 5 Apr 2010 12:29:48 -0700 (PDT)
Cc: SchoolTool Developers <schooltool-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <507404.85088.qm@web59309.mail.re1.yahoo.com>
Alan:

Try changing:

>     request.response.redirect(requrl)

to:

>     request.response.redirect(requrl, trusted=True)

in the authenticate method of the plugin in /srv/schooltool/schooltool.cas/src/schooltool/cas/__init__.py

Douglas

"... allí es cuando te das cuenta que las cosas malas pueden resultar bastante buenas..." - Lionel Messi

Por favor, evite enviarme adjuntos de Word, Excel o PowerPoint.
Vea http://www.gnu.org/philosophy/no-word-attachments.es.html


--- On Mon, 4/5/10, Douglas Cerna <douglascerna@xxxxxxxxx> wrote:

> From: Douglas Cerna <douglascerna@xxxxxxxxx>
> Subject: Re: [Schooltool-developers] CAS problem
> To: "Alan Elkner" <aelkner@xxxxxxxxx>
> Cc: "SchoolTool Developers" <schooltool-developers@xxxxxxxxxxxxxxxxxxx>
> Date: Monday, April 5, 2010, 2:13 PM
> Alan:
> 
> Check for the zope.publisher PyPI page:
> 
> http://pypi.python.org/pypi/zope.publisher
> 
> Maybe it's related to the changes on "3.9.0 (2009-08-27)"
> 
> """Fix #98471: Restrict redirects to current host. This
> causes a ValueError to be raised in the case of redirecting
> to a different host. If this is intentional, the parameter
> trusted can be given."""
> 
> Douglas
> 
> "... allí es cuando te das cuenta que las cosas malas
> pueden resultar bastante buenas..." - Lionel Messi
> 
> Por favor, evite enviarme adjuntos de Word, Excel o
> PowerPoint.
> Vea http://www.gnu.org/philosophy/no-word-attachments.es.html
> 
> 
> --- On Mon, 4/5/10, Alan Elkner <aelkner@xxxxxxxxx>
> wrote:
> 
> > From: Alan Elkner <aelkner@xxxxxxxxx>
> > Subject: [Schooltool-developers] CAS problem
> > To: schooltool-developers@xxxxxxxxxxxxxxxxxxx
> > Date: Monday, April 5, 2010, 2:03 PM
> > Could it be that we need to change
> > something in schooltool.cas as a
> > result of using new zope packages?  Starting
> > schooltool at SLA with
> > CAS enabled gives the following error:
> > 
> > Traceback (most recent call last):
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/publish.py",
> > line 131, in publish
> >     obj = request.traverse(obj)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/browser.py",
> > line 542, in traverse
> >     ob = super(BrowserRequest,
> > self).traverse(obj)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/http.py",
> > line 456, in traverse
> >     ob = super(HTTPRequest, self).traverse(obj)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/base.py",
> > line 250, in traverse
> >     publication.callTraversalHooks(self, obj)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.app.publication-3.10.0-py2.5.egg/zope/app/publication/zopepublication.py",
> > line 135, in callTraversalHooks
> >     self._maybePlacefullyAuthenticate(request,
> > ob)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.app.publication-3.10.0-py2.5.egg/zope/app/publication/zopepublication.py",
> > line 122, in _maybePlacefullyAuthenticate
> >     principal = auth.authenticate(request)
> >   File
> >
> "/srv/schooltool/schooltool/src/schooltool/app/security.py",
> > line 219, in authenticate
> >     return self.authPlugin.authenticate(request)
> >   File
> >
> "/srv/schooltool/schooltool.cas/src/schooltool/cas/__init__.py",
> > line 125, in authenticate
> >     request.response.redirect(requrl)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/browser.py",
> > line 761, in redirect
> >     return super(BrowserResponse,
> > self).redirect(location, status, trusted)
> >   File
> >
> "/srv/schooltool/schooltool/eggs/zope.publisher-3.11.0-py2.5.egg/zope/publisher/http.py",
> > line 888, in redirect
> >     % target_host)
> > ValueError: Untrusted redirect to host
> 'sla.cas.host:443'
> > not allowed.
> > 
> > I replaced the actual host name with a fake one in
> this
> > note for
> > security reasons.  I know the cas server name (the
> > real one) is right
> > and that it worked using the older version of
> schooltool
> > which in turn
> > used older zope packages, so that's why Chris
> suggested
> > that there may
> > have been a change in zope to cause the error.  That
> > may be the case,
> > but I don't know why.
> > 
> > Does anybody have any ideas?
> > 
> > _______________________________________________
> > Mailing list: https://launchpad.net/~schooltool-developers
> > Post to     : schooltool-developers@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~schooltool-developers
> > More help   : https://help.launchpad.net/ListHelp
> > 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~schooltool-developers
> Post to     : schooltool-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~schooltool-developers
> More help   : https://help.launchpad.net/ListHelp
>
Follow ups

Re: CAS problem
From: Gediminas Paulauskas, 2010-04-05
References

Re: CAS problem
From: Douglas Cerna, 2010-04-05