[Zope-PAS] Struggling with 'challenge' support.
regebro at nuxeo.com
Thu Sep 23 05:42:15 EDT 2004
Mark Hammond wrote:
> The best I can tell, the problem is that someone has explicitly done
> 'raise Unauthorized', rather than calling response.unauthorized().
> When someone explicitly raises that exception,
> response.unauthorized() is never called - which makes sense, as all
> that method does is itself try to raise the exception.
Ah... I tried overriding _unauthorized before, but that has other
problems. In fact, I think the problem is that when you do that, and the
challenge raises an exception, that exception is not trapped, and fails...
OK, good, I now have a deeper understanding of the problem. ;)
> * Our challengers should only ever set headers in the response - they should
> never attempt to raise their own 'Unauthorized' exceptions - that exception
> has already been raised, and is being handled by the time we are called.
Nope, it's called by unauthorized as well, so that doesn't work. Most
response scribblings you to then would just get lost at unauthorized
later raises an exception.
Your patch is very much like how things were yesterday morning, before I
realized it doesn't work. ;)
My idea now it to override BOTH unauthorized AND _unauthorized, to get
rid of the first _unauthorized call, and letting the plugin scribble on
Nope, that doesn't work either, because response.exception will continue
to do a lot of changes on the response. You can not change an
Unauthorized into a Redirect, for example, and that is a basic
requirement. Trapping "raise Unauthorized" and making that into a
generic challenge behaviour will require replacing response.exception
More information about the Zope-PAS