Skip to content

Commit

Permalink
Fix authentication error viewing ZMI with a user defined outside of z…
Browse files Browse the repository at this point in the history
…ope root. (#1196)

Fixes #1195

Co-authored-by: Michael Howitz <[email protected]>
  • Loading branch information
perrinjerome and icemac authored Feb 27, 2024
1 parent 5078624 commit 7f6a4d1
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 12 deletions.
3 changes: 3 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ https://github.com/zopefoundation/Zope/blob/4.x/CHANGES.rst
- Support ``Chameleon`` ``structure`` expression type.
Fixes `#1077 <https://github.com/zopefoundation/Zope/issues/1077>`_.

- Fix authentication error viewing ZMI with a user defined outside of zope root.
Fixes `#1195 <https://github.com/zopefoundation/Zope/issues/1195>`_.


5.9 (2023-11-24)
----------------
Expand Down
21 changes: 12 additions & 9 deletions src/App/dtml/manage_page_header.dtml
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,27 @@
</dtml-let>

<title><dtml-if title_or_id><dtml-var title_or_id><dtml-else>Zope</dtml-if></title>
<dtml-let basepath="'/'.join([''] + [p for p in (REQUEST['BASEPATH1'], REQUEST.get('AUTHENTICATION_PATH')) if p])">

<dtml-in css_urls>
<link rel="stylesheet" type="text/css" href="&dtml-BASEPATH1;&dtml-sequence-item;" />
<link rel="stylesheet" type="text/css" href="&dtml-basepath;&dtml-sequence-item;" />
</dtml-in>
<dtml-in js_urls>
<script src="&dtml-BASEPATH1;&dtml-sequence-item;"></script>
<script src="&dtml-basepath;&dtml-sequence-item;"></script>
</dtml-in>

<link rel="shortcut icon" type="image/x-icon" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/favicon.ico" />
<link rel="apple-touch-icon" sizes="180x180" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/favicon-16x16.png" />
<link rel="manifest" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/site.webmanifest" />
<link rel="mask-icon" href="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/safari-pinned-tab.svg" color="#5bbad5" />
<meta name="msapplication-config" content="&dtml-BASEPATH1;/++resource++zmi/logo/favicon/browserconfig.xml"/>
<link rel="shortcut icon" type="image/x-icon" href="&dtml-basepath;/++resource++zmi/logo/favicon/favicon.ico" />
<link rel="apple-touch-icon" sizes="180x180" href="&dtml-basepath;/++resource++zmi/logo/favicon/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="&dtml-basepath;/++resource++zmi/logo/favicon/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="&dtml-basepath;/++resource++zmi/logo/favicon/favicon-16x16.png" />
<link rel="manifest" href="&dtml-basepath;/++resource++zmi/logo/favicon/site.webmanifest" />
<link rel="mask-icon" href="&dtml-basepath;/++resource++zmi/logo/favicon/safari-pinned-tab.svg" color="#5bbad5" />
<meta name="msapplication-config" content="&dtml-basepath;/++resource++zmi/logo/favicon/browserconfig.xml"/>
<meta name="msapplication-TileColor" content="#2d89ef" />
<meta name="theme-color" content="#ffffff" />

</head>
</dtml-let>
<!-- REFACT what is a better way to get the last part of the current URL? -->
<body id="nodeid-<dtml-var "getId()">" class="zmi zmi-<dtml-var "this().meta_type.replace(' ', '-').replace('(', '').replace(')', '')"> zmi-<dtml-var "URL0[_.len(URL1)+1:]">">
</dtml-unless>
8 changes: 5 additions & 3 deletions src/zmi/styles/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ def setupZCML():
class SubscriberTests(Testing.ZopeTestCase.FunctionalTestCase):
"""Testing .subscriber.*"""

base_path = f'/{Testing.ZopeTestCase.folder_name}'

def call_manage_main(self):
"""Call /folder/manage_main and return the HTML text."""
def _call_manage_main(self):
Expand All @@ -29,7 +31,7 @@ def _call_manage_main(self):
# which the WSGI publisher does not expect.
endInteraction()
response = self.publish(
f'/{Testing.ZopeTestCase.folder_name}/manage_main',
f'{self.base_path}/manage_main',
basic=basic_auth)
return str(response)
return temporaryPlacelessSetUp(
Expand All @@ -40,11 +42,11 @@ def test_subscriber__css_paths__1(self):
from .subscriber import css_paths
body = self.call_manage_main()
for path in css_paths(None):
self.assertIn(path, body)
self.assertIn(f'href="{self.base_path}{path}"', body)

def test_subscriber__js_paths__1(self):
"""The paths it returns are rendered in the ZMI."""
from .subscriber import js_paths
body = self.call_manage_main()
for path in js_paths(None):
self.assertIn(path, body)
self.assertIn(f'src="{self.base_path}{path}"', body)

0 comments on commit 7f6a4d1

Please sign in to comment.