[Zope-PAS] Struggling with 'challenge' support.

Mark Hammond mhammond at skippinet.com.au
Wed Sep 22 19:07:49 EDT 2004

> This is what should happen.
> 1. in __before_traverse__ PAS is called.
> 2. The __call__ (line 1089) replaces the response.unauthorized() with
> pluggable auths challenge().

This all works fine.

> 3. Somewhere, response.unauthorized() is called, and since
> this now is
> pas.challenge() thats what is called.

This is where things go wrong.

In my setup, response.unauthorized() is never called.
response._unauthorized() is, which is why pas.challenge() was called in the
previous version but not in the current one.

response._unauthorized() is called by the ZPublisher\HTTPResponse.py
'exception' method.  The code reads:
        if t == 'Unauthorized' or t == Unauthorized or (
            isinstance(t, types.ClassType) and issubclass(t, Unauthorized)):
            t = 'Unauthorized'

That last line is where the only call to "_unauthorized" originates from.
As I mentioned, 'unauthorized' is never called.

The best I can tell, the problem is that someone has explicitly done 'raise
Unauthorized', rather than calling response.unauthorized().  When someone
explicitly raises that exception, response.unauthorized() is never called -
which makes sense, as all that method does is itself try to raise the

Unfortunately, explicitly raising the exception seems common practice (or so
grep tells me).  As far as I can tell, my specific exception is being raised
by Traversable.py, which raises it in 4 places.

Maybe we need to hook the exception method rather than unauthorized?  I'll
have a play down that route until I hear back :)


More information about the Zope-PAS mailing list