[Zope-PAS] Checked in the Challenge implementation.
regebro at nuxeo.com
Fri Sep 24 13:01:05 EDT 2004
I just checked in yesterdays suggested challenge implementation.
This implementation does support scribbling on the response, as the
initial desire was, including changing the body. So, it should be
possible to return a in-place login form.
It also supports redirection (which can be done easily by calling
response.redirect() (see CookieAuthHelper) as well as WWW-Authenticate
header responses (requires some more work, se HTTPBasicAuthHelper).
Happy, happy, joy, joy.
Now, when Unathorized is called, response.unauthorized is no longer
called. As best as I can see, this has two side effects:
a. Any tracebacks will not be added.
b. The bobo-exception headers are not added.
The best suggestions on how to fix that with minimal code duplication
effort is welcome. Fixing it is otehrwise trivial, if we just copy-paste
the code involved, but that is not kosher. Calling response.exception()
with just the right parameters in just the right place *may* be possible.
Mark raised the issue that it might be desirable to let several
challengers scribble on the response. Letting ALL do it has one
drawback: Instead of the first plugin deciding the body and status, it
is the *last* plugin that decides. That would be confusing.
The current implementation will stop iterating over the plugins if the
plugin returned 1. This way, plugins that does not write on the body, or
set the status, or redirects, can scribble on the headers and return 0,
and the next plugin would get to continue.
This should make it possible for Mark to do an NTML plugin that sets a
WWW-Authenticate: NTLM header, and then returns 0, and lets the next
plugin do it's stuff. That next plugin could be HTTPBasicAuthHelper, for
BasicAuth or maybe a plugin for in-place login.
Does this seem reasonable?
More information about the Zope-PAS