[Zope-PAS] Proposed challenge implementation

Lennart Regebro regebro at nuxeo.com
Mon Sep 13 10:39:03 EDT 2004

Here are some changes I made to PluggableAuthService.py to implement 
challenge support:

     def __call__(self, container, req):
         """ The __before_publishing_traverse__ hook. """
         req = self.REQUEST
         resp = req['RESPONSE']
         resp.old_unauthorized = resp._unauthorized
         resp._unauthorized = self.challenge

     def challenge(self):
         req = self.REQUEST
         resp = req['RESPONSE']

         # Go through all challenge plugins
         plugins = self._getOb('plugins')
         challengers = plugins.listPlugins( IChallengePlugin )
         for challenger_id, challenger in challengers:
             challenger.challenge(req, resp)

As you notice, this requires the plugins to raise either Unauthorized, 
or Redirect. However, anything else is a bit of a special case, and 
implementing it will be a major pain in the a...posterior, probably 
including some hefty moneky-patching.

This probably means that challenge plugins may not be compatible with 
Zope3s PAS implementation. I'm not sure that is a major problem.

What do you think? It works... should I check it in? Or should we look 
for a better solution?


More information about the Zope-PAS mailing list