[Zope3-checkins] SVN: Zope3/trunk/ - Added a fallback unauthenticated principal that is stored on the request if

Christian Theune ct at gocept.com
Thu May 3 03:14:05 EDT 2007


Log message for revision 75037:
  - Added a fallback unauthenticated principal that is stored on the request if
    the global authentication utility does not provide one.
  

Changed:
  U   Zope3/trunk/doc/CHANGES.txt
  U   Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
  U   Zope3/trunk/src/zope/app/publication/zopepublication.py
  U   Zope3/trunk/src/zope/app/security/configure.zcml
  U   Zope3/trunk/src/zope/app/security/interfaces.py
  U   Zope3/trunk/src/zope/app/security/principalregistry.py
  U   Zope3/trunk/src/zope/app/wsgi/README.txt

-=-
Modified: Zope3/trunk/doc/CHANGES.txt
===================================================================
--- Zope3/trunk/doc/CHANGES.txt	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/doc/CHANGES.txt	2007-05-03 07:14:02 UTC (rev 75037)
@@ -22,6 +22,9 @@
 
     Bugs fixed
 
+      - Added a fallback unauthenticated principal that is stored on the
+        request if the global authentication utility does not provide one.
+
       - #98111: z.a.form.browser.itemswidget.MultiDataHelper._toFieldValue()
         context._type attribute was being ignored when the result was an empty
         collection.

Modified: Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
===================================================================
--- Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py	2007-05-03 07:14:02 UTC (rev 75037)
@@ -49,6 +49,7 @@
 from zope.app.folder import Folder, rootFolder
 from zope.app.security.interfaces import IAuthenticationUtility
 from zope.app.security.interfaces import IAuthentication
+from zope.app.security.interfaces import IFallbackUnauthenticatedPrincipal
 from zope.app.security.principalregistry import principalRegistry
 
 
@@ -84,6 +85,11 @@
     def getPrincipal(self, id):
         return Principal(id)
 
+class AuthUtility3(AuthUtility1):
+
+    def unauthenticatedPrincipal(self):
+        return None
+
 class ErrorReportingUtility(object):
     implements(IErrorReportingUtility)
 
@@ -412,6 +418,23 @@
 
 class ZopePublicationTests(BasePublicationTests):
 
+    def testGlobalAuth(self):
+        # Replace the global registry with a stub that doesn't return an
+        # unauthenticated principal.
+        authentication = AuthUtility3()
+        ztapi.provideUtility(IAuthentication, authentication)
+
+        # We need a fallback unauthenticated principal, otherwise we'll get a
+        # ComponentLookupError:
+        self.assertRaises(ComponentLookupError,
+                          self.publication.beforeTraversal, self.request)
+
+        # Let's register an unauthenticated principal instance for the lookup:
+        principal = UnauthenticatedPrincipal('fallback')
+        ztapi.provideUtility(IFallbackUnauthenticatedPrincipal, principal)
+        self.publication.beforeTraversal(self.request)
+        self.failUnless(self.request.principal is principal)
+
     def testPlacefulAuth(self):
         setup.setUpTraversal()
         setup.setUpSiteManagerLookup()

Modified: Zope3/trunk/src/zope/app/publication/zopepublication.py
===================================================================
--- Zope3/trunk/src/zope/app/publication/zopepublication.py	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/publication/zopepublication.py	2007-05-03 07:14:02 UTC (rev 75037)
@@ -47,6 +47,7 @@
 from zope.app.publication.interfaces import EndRequestEvent
 from zope.app.publication.publicationtraverse import PublicationTraverse
 from zope.app.security.interfaces import IUnauthenticatedPrincipal
+from zope.app.security.interfaces import IFallbackUnauthenticatedPrincipal
 from zope.app.security.interfaces import IAuthentication
 from zope.app.component.interfaces import ISite
 
@@ -79,16 +80,18 @@
         self.db = db
 
     def beforeTraversal(self, request):
-        # Try to authenticate against the default global registry.
+        # Try to authenticate against the root authentication utility.
         auth = zope.component.getGlobalSiteManager().getUtility(
             zope.app.security.interfaces.IAuthentication)
-        p = auth.authenticate(request)
-        if p is None:
-            p = auth.unauthenticatedPrincipal()
-            if p is None:
-                raise Unauthorized # If there's no default principal
+        principal = auth.authenticate(request)
+        if principal is None:
+            principal = auth.unauthenticatedPrincipal()
+            if principal is None:
+                # Get the fallback unauthenticated principal
+                principal = zope.component.getUtility(
+                    IFallbackUnauthenticatedPrincipal)
 
-        request.setPrincipal(p)
+        request.setPrincipal(principal)
         newInteraction(request)
         transaction.begin()
 

Modified: Zope3/trunk/src/zope/app/security/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/security/configure.zcml	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/security/configure.zcml	2007-05-03 07:14:02 UTC (rev 75037)
@@ -145,4 +145,9 @@
       for=".interfaces.IPrincipal"
       />
 
+  <utility
+      component=".principalregistry.fallback_unauthenticated_principal"
+      provides=".interfaces.IFallbackUnauthenticatedPrincipal"
+      />
+
 </configure>

Modified: Zope3/trunk/src/zope/app/security/interfaces.py
===================================================================
--- Zope3/trunk/src/zope/app/security/interfaces.py	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/security/interfaces.py	2007-05-03 07:14:02 UTC (rev 75037)
@@ -29,6 +29,17 @@
     Authenticated principals are preferable to UnauthenticatedPrincipals.
     """
 
+
+class IFallbackUnauthenticatedPrincipal(IUnauthenticatedPrincipal):
+    """Marker interface for the fallback unauthenticated principal.
+
+    This principal can be used by publications to set on a request if
+    no principal, not even an unauthenticated principal, was returned
+    by any authentication utility to fulfill the contract of IApplicationRequest.
+
+    """
+
+
 class IUnauthenticatedGroup(IGroup):
     """A group containing unauthenticated users
     """

Modified: Zope3/trunk/src/zope/app/security/principalregistry.py
===================================================================
--- Zope3/trunk/src/zope/app/security/principalregistry.py	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/security/principalregistry.py	2007-05-03 07:14:02 UTC (rev 75037)
@@ -175,6 +175,16 @@
 
     implements(interfaces.IUnauthenticatedPrincipal)
 
+
+fallback_unauthenticated_principal = (
+    UnauthenticatedPrincipal(
+        __name__+'.fallback_unauthenticated_principal',
+        'Fallback unauthenticated principal',
+        'The default unauthenticated principal. Used as a fallback to '
+        'allow challenging for a user even if the IAuthentication returned '
+        'None as the unauthenticated principal.'))
+
+
 class UnauthenticatedGroup(Group):
 
     implements(interfaces.IUnauthenticatedGroup)
@@ -186,4 +196,3 @@
 class EverybodyGroup(Group):
 
     implements(interfaces.IEveryoneGroup)
-

Modified: Zope3/trunk/src/zope/app/wsgi/README.txt
===================================================================
--- Zope3/trunk/src/zope/app/wsgi/README.txt	2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/wsgi/README.txt	2007-05-03 07:14:02 UTC (rev 75037)
@@ -47,8 +47,8 @@
 Now we can send the fabricated HTTP request to the application for processing:
 
   >>> print ''.join(app(environ, start_response))
-  <html><head><title>Unauthorized</title></head>
-  <body><h2>Unauthorized</h2>
+  <html><head><title>ComponentLookupError</title></head>
+  <body><h2>ComponentLookupError</h2>
   A server error occurred.
   </body></html>
   <BLANKLINE>



More information about the Zope3-Checkins mailing list