[Zope-PAS] challenge branch ready for review

Lennart Regebro regebro at nuxeo.com
Thu Oct 14 06:00:09 EDT 2004

Zachery Bir wrote:
> I've got a working implementation of PAS on 
> pre-1_0_3-zbir-challenge-branch that exercises:
>  - the CookieAuthHelper plugin (very rudimentary, not as smart as
>    CookieCrumbler)
>  - the HTTPBasicAuthHelper
>  - the new challenge machinery discussed here that limits players in
>    a given challenge to plugins that support the same protocol
> We've also got tests that exercise nested PAS instances, showing that
> PASes that can't or don't participate in a challenge will delegate it
> up the request chain and allow other PASes (or even the ZPublisher) to
> challenge.
> Please take a look and let me know what you think. I'd like to merge
> this to the head and then start on the ID mangling (coming, Jens, I
> promise ;^)).

This only overrides _unauthorized(), which means that _exception() will 
then later in the chain perform a HTTP Basic auth no matter what. You 
need to override _exception *and* _unauthorized, like is done in HEAD 
for the moment.

I have done this on my hard drive and I can commit it to your branch in 
about 2.4 seconds after I get the word "GO". ;)

Like this:

   def __call__(self, container, req):
         """ The __before_publishing_traverse__ hook.
         resp = req['RESPONSE']
         resp.exception = self.exception
         resp._unauthorized = self._unauthorized

     # Response overrides
     def _unauthorized(self):

     def exception(self, fatal=0, info=None,
         req = self.REQUEST
         resp = req['RESPONSE']
         try: del resp.exception
         except: pass
         try: del resp._unauthorized
         except: pass

         if type(info) is type(()) and len(info) == 3:
             t, v, tb = info
             t, v, tb = sys.exc_info()

         if t == 'Unauthorized' or t == Unauthorized or (
             isinstance(t, types.ClassType) and issubclass(t, 
             t = 'Unauthorized'
             self.challenge(req, resp)
             return resp

         return resp.exception(fatal, info, absuri_match, tag_search, abort)

This implementation works fine for me.

More information about the Zope-PAS mailing list