[Zope] Post authentication hook and anonymous users

Dieter Maurer dieter at handshake.de
Thu Mar 3 13:52:26 EST 2005


Cyrille Bonnet wrote at 2005-3-3 11:29 +1300:
> ...
>Anyway, I am thinking of adding an unvalidated_hook call in 
>ZPublisher/BaseRequest.py, something like:
>
>         if user is not None:
>             if validated_hook is not None: validated_hook(self, user)
>             request['AUTHENTICATED_USER']=user
>             request['AUTHENTICATION_PATH']='/'.join(steps[:-i])
>         else:
>             unvalidated_hook(request)

You should always have a "user" (i.e. "user" should not be "None").
If the user is not authenticated, you should get the
"Anonymous user".

The "user is None" case should only occur when the root
does not contain an "acl_users" (but then your Zope site
is insane).

-- 
Dieter


More information about the Zope mailing list