[Zope-PAS] Struggling with 'challenge' support.

Lennart Regebro regebro at nuxeo.com
Wed Sep 22 08:54:21 EDT 2004

Mark Hammond wrote:
> I'm afraid that with these changes, I don't see "challenge" called at all.

This is what should happen.

1. in __before_traverse__ PAS is called.

2. The __call__ (line 1089) replaces the response.unauthorized() with 
pluggable auths challenge().

3. Somewhere, response.unauthorized() is called, and since this now is 
pas.challenge() thats what is called.

4. pas.challenge() loops over all challenge plugins and calls 
challenge() on them. If they do not wnat to challenge, they return. If 
they do want to challenge, they raise Unauthorized or Redirect.

5. If no plugin raises anything, response.old_unauthorized() (which is 
the original unauthorized(), of course) is called.

>>Scribble on the Response headers and then raise Unauthorized
>>should do it.
> Is there any way I can keep 'state' between these calls?  Somehow I need to
> coordinate the first and second of these calls.

Well, a session is probably the only possibility there.

>>I couldn't help myself.
> I tried that - I was initially prompted to logon, and when I did, I got a
> simple "Insufficient Privileges" messages - without the elderberries :)

Yeah, there is something fishy then. You should get a pythonic message 
if it works. Assuming it is placed first amongst the challenge plugins, 
of course.

More information about the Zope-PAS mailing list