[Zope-PAS] challenge branch ready for review
mhammond at skippinet.com.au
Wed Oct 13 21:31:55 EDT 2004
> - the new challenge machinery discussed here that limits players in
> a given challenge to plugins that support the same protocol
I'm having a little trouble making this work with my plugin. The problem is
that the HTTPBasicAuthHelper does not declare a protocol - so the
HTTPBasicAuthHelper ID is used. My plugin wants to interact with
HTTPBasicAuthHelper, but has no way of determining the protocol it should
use to match HTTPBasicAuthHelper.
Is the intention to declare HTTPBasicAuthHelper as using a 'http' protocol?
The patch below declares this protocol for HTTPAuth, and replaces
'setHeader' with 'addHeader' (necessary for correct header semantics). With
that patch applied, my plugin seems to work fine with HTTPAuth.
I believe it is still a minor issue that plugins sharing a protocol have no
way of knowing their order. This means HTTPAuth unconditionally sets the
body and all other plugins sharing a protocol must do the same. Its not a
--- HTTPBasicAuthHelper.py 8 Oct 2004 14:23:05 -0000 188.8.131.52
+++ HTTPBasicAuthHelper.py 14 Oct 2004 01:31:39 -0000
@@ -61,6 +61,8 @@
security = ClassSecurityInfo()
+ protocol = "http" # The PAS challenge 'protocol' we use.
def __init__( self, id, title=None ):
self._setId( id )
self.title = title
@@ -94,7 +96,7 @@
realm = response.realm
- response.setHeader('WWW-Authenticate', 'basic realm="%s"' %
+ response.addHeader('WWW-Authenticate', 'basic realm="%s"' %
m = "<strong>You are not authorized to access this
More information about the Zope-PAS