[Zope-PAS] Struggling with 'challenge' support.

Lennart Regebro regebro at nuxeo.com
Thu Sep 23 05:42:15 EDT 2004

Mark Hammond wrote:
> The best I can tell, the problem is that someone has explicitly done 
> 'raise Unauthorized', rather than calling response.unauthorized(). 
> When someone explicitly raises that exception, 
> response.unauthorized() is never called - which makes sense, as all 
> that method does is itself try to raise the exception.

Ah... I tried overriding _unauthorized before, but that has other
problems. In fact, I think the problem is that when you do that, and the
challenge raises an exception, that exception is not trapped, and fails...

OK, good, I now have a deeper understanding of the problem. ;)

Second email:

> * Our challengers should only ever set headers in the response - they should
> never attempt to raise their own 'Unauthorized' exceptions - that exception
> has already been raised, and is being handled by the time we are called.

Nope, it's called by unauthorized as well, so that doesn't work. Most 
response scribblings you to then would just get lost at unauthorized 
later raises an exception.

Your patch is very much like how things were yesterday morning, before I 
realized it doesn't work. ;)

My idea now it to override BOTH unauthorized AND _unauthorized, to get 
rid of the first _unauthorized call, and letting the plugin scribble on 
the headers.


Nope, that doesn't work either, because response.exception will continue 
to do a lot of changes on the response. You can not change an 
Unauthorized into a Redirect, for example, and that is a basic 
requirement. Trapping "raise Unauthorized" and making that into a 
generic challenge behaviour will require replacing response.exception 


More information about the Zope-PAS mailing list