Missing try/except to save PAS from faulty IRoles Plugins

Bug #615474 reported by Willi Langenberger
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope PAS
Fix Released
Undecided
Unassigned

Bug Description

In PluggableAuthService.py most plugin calls are surrounded with::

  try:
     ...
     SomePlugin.<method>(...)
     ...
  except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
      logger.debug( 'SomePlugin %s error' % ...)

However, this is not true for the IRoles plugin::

    rolemakers = plugins.listPlugins( IRolesPlugin )
    for rolemaker_id, rolemaker in rolemakers:
        roles = rolemaker.getRolesForPrincipal( user, request )
        if roles:
            user._addRoles( roles )

This has bitten us last week, when a faulty (and ironically not yet
needed) IRolesPlugin was the reason for a complete service loss for
half an hour.

So, is there a specific reason for the absence of the try/except?

In case it is not, i have made a patch and a (very amateurish) test case
against current PAS trunk
http://svn.zope.org/repos/main/Products.PluggableAuthService/trunk.

Thanks,

Willi Langenberger

Revision history for this message
Willi Langenberger (wlang) wrote :
Revision history for this message
Tres Seaver (tseaver) wrote : Re: [Bug 615474] [NEW] Missing try/except to save PAS from faulty IRoles Plugins

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 status confirmed
 assigned tseaver

Thanks very for the patch with tests -- I will check it in tomorrow, if
all goes well.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkxh+0AACgkQ+gerLs4ltQ70GwCfXWs0FlVjENZkF05k85qoSnBj
MYsAnRWUa0pkQ1onarbEYe0lomsSiH2B
=/uGt
-----END PGP SIGNATURE-----

Changed in zope-pas:
status: New → Confirmed
Revision history for this message
Tres Seaver (tseaver) wrote :

Committed to the trunk for the 1.7.2 release.

Changed in zope-pas:
status: Confirmed → Fix Committed
Tres Seaver (tseaver)
Changed in zope-pas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.