[#7035] canonicalize URL escaping on of paths before use in token validation

commit: 942f171236fea946ae73e1eeae28a92f11dee95f [log] [tgz]
author: Dave Brondsema <dave@brondsema.net> Tue Jan 14 14:39:33 2014 -0500
committer: Dave Brondsema <dave@brondsema.net> Tue Jan 14 14:39:33 2014 -0500
tree: e0fe74b06afcbf25619054166a31c16c93a8cd8a
parent: f82416005eba8123b613be50f23d480401fddf71 [diff]
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 6eb12a8..6e7e452 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py

@@ -19,6 +19,7 @@
 
 """REST Controller"""
 import logging
+from urllib import quote, unquote
 
 import oauth2 as oauth
 from webob import exc
@@ -56,7 +57,12 @@
                 token = M.ApiToken.get(api_key)
             else:
                 log.info('Authenticating with API ticket')
-            if token is not None and token.authenticate_request(request.path, request.params):
+            # Sometimes a path might be only partially escaped like /FAQ-Development,%20Bug%20Reporting,
+            # I don't know why.
+            path = quote(unquote(request.path))
+            if path != request.path:
+                log.info('Canonicalized %s to %s', request.path, path)
+            if token is not None and token.authenticate_request(path, request.params):
                 return token
             else:
                 log.info('API authentication failure')
commit	942f171236fea946ae73e1eeae28a92f11dee95f	[log] [tgz]
author	Dave Brondsema <dave@brondsema.net>	Tue Jan 14 14:39:33 2014 -0500
committer	Dave Brondsema <dave@brondsema.net>	Tue Jan 14 14:39:33 2014 -0500
tree	e0fe74b06afcbf25619054166a31c16c93a8cd8a
parent	f82416005eba8123b613be50f23d480401fddf71 [diff]