Matt Behrens wrote:
I've got some rather funky auth requirements where I need to stop Zope from challenging Basic authentication when Unauthorized is raised.
I seem to be able to do this if I monkey-patch HTTPResponse.unauthorized(), but what I'd really like is to be able to hook into it to make a user folder-overridable challenge with a fallback to the standard unauthorized. Maybe such a hook would be useful in 2.6 :-)
So, given that, can I get to the user folder from HTTPResponse.unauthorized()? Or are there any better ideas?
Check out CookieCrumbler. It does several things: - It patches response *instances*; that is, it adds an attribute to response instances called "unauthorized" which overrides the method. The attribute value is a method bound to a different object. - It uses the request._hold() mechanism to delete the attribute it added to the response, avoiding a memory leak. It would be useful to provide a better way to hook unauthorized() in Zope 2.6, but this way is compatible with Zope 2.4 and 2.5, so I'm not motivated enough. ;-) Shane