[Zope-PAS] Struggling with 'challenge' support.

Lennart Regebro regebro at nuxeo.com
Wed Sep 22 05:00:24 EDT 2004

Mark Hammond wrote:
> I'm looking at adding a new IChallengePlugin implementation.  To familiarize
> myself, I started looking at HTTPBasicAuthHelper, and struck a problem.  I'm
> using Zope 2.7 and CVS PAS.

That's my fault. I forgot to fix it. HTTPBasicAuthHelper's challenge 
should do nothing, since it's challenge implementation is to return an 
unauthorized HTTP response, which is the default reaction.

Here is a challenge response that *does* work:

     def challenge(self, request, response, **kw):
         """ Challenge the user for credentials. """
         try: del response.unauthorized
         except: pass
         try: del response._unauthorized
         except: pass

         # Redirect if desired.
         url = self.getLoginURL()
         if url:
             came_from = request.get('came_from', None)
             if came_from is None:
                 came_from = request['URL']
             query = urllib.urlencode({'service': came_from})
             raise Redirect, '%s?%s' % (url, query)
         # Fall through to the standard unauthorized() call.
         return 0

I'm not sure that the "del response" stuff is necessary, it is basically 
left overs since this was a rehack of CookieCrumbler.

As you see, all that is really does is
	raise Redirect, url

And that is what you need to do too.

I'll fix the bug in HTTPBasicAuthHelper today.

More information about the Zope-PAS mailing list