[Grok-dev] using zope.testbrowser to test for Unauthorized exceptions and updated zope.publisher with IReRaise exception support

Jan-Wijbrand Kolman janwijbrand at gmail.com
Mon Sep 21 08:42:37 EDT 2009


As per https://bugs.launchpad.net/grok/+bug/332061 and the fix in
zope.publisher 3.4.9 and in grok itself...


...the Unauthorized exception is now never exposed to "the outside" 
world anymore. We have however several doctests in for our applications 
that use the following pattern:

  >>> browser = Browser()
  >>> browser.handleErrors = False
  >>> # Anonymous access is not allowed:
  >>> browser.open('http://localhost/some/restricted/view')
  Traceback (most recent call last):

This doesn't work anymore, since even with the handleErrors set to 
False, the Unauthorized exception will not be exposed to the test browser.

So, I thought, I'll test for the status code in the repsonse headers 
then, something like so:

  >>> browser.open('http://localhost/some/restricted/view')
  >>> print browser.headers
  Status: 401 Unauthorized
  Cache-Control: no-store, no-cache, must-revalidate
  Content-Length: ...
  Content-Type: text/html;charset=utf-8
  Expires: ...
  Pragma: no-cache
  WWW-Authenticate: basic realm="Zope"
  X-Powered-By: Zope (www.zope.org), Python (www.python.org)

This can only work for basic auth though. If you use form based login - 
like we do - the response status code will just be a 200 Ok, since 
*that* login page was handled just fine...

A couple of thoughts:

* This should be part of the upgrade notes.

* The IReRaise adapter is now registered in the configure.zcml of Grok.

I wonder if it instead shouldn't be registered in the wsgi-specific 
grokcore.startup.startup.application_factory. Maybe even only for the 
cases where we want to debug. In all other cases then (during testing, 
non-wsgi deployment, using the deploy.ini profile for paste serve), the 
error raising works as expected.

Any opinions?


More information about the Grok-dev mailing list