Re: [Zope-dev] AUTHENTICATION_USER in standard_error_message cause by NotFound error
Oppps, just realised i've been replying only to myself :) Umm okay here is the diff, it is from version 2.2.4 but should apply to most versions.... I have removed all the "print" debugging and cleaned up the formatting. Could people look it over and tell me if there are any hidden problems with it? Is it done the right way? There seems to be a lot of repeated code between zpublisher_exception_hook and ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own function and work that way? Just an idea... Mithro
Tim Ansell wrote:
No further investigation i have found out that the part i really want to modify is
zpublisher_exception_hook, which gets called when the error occurs
Inside this functions there is a
if REQUEST.get('AUTHENTICATED_USER', None) is None: REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
which seems to explain why i'm getting the anonymous user for the errors.
Is there anyway to add to this function the authentication routines so that is AUTHENTICATED_USER is none it authentication is check with standard_error_message being the object checked against?
Am i making any sense?
I'm going to give it a go and see what happen...
Mithro
Tim Ansell wrote:
<newbie alert>
Hello.
I've been using zope for a couple of months, i have found zope to be a great product and thank you for creating it. Currently i have run into a problem, i need to access the AUTHENTICATED_USER in a standard_error_message called by notFoundError in BaseRequest.
I was wondering if the authentication routine can be added before the authentication routine in BaseRequest? Or if this is not possible it could be split into a function and and call it before the notFoundError call as well?
There are many reasons you might want to do this, i have listed some below:
* You want list possible urls the reader could have meant but don't want to show let Anonymous users see possible privileged urls
* You want to provided different error messages for different people, i.e. a more advanced error for coders, a simple error for html writer, a special error for normal people
* You wanted errors to only be reported it they where caused by certain users
and the list could go on....
Mithro
</newbie aler>
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Forgot to attach the diff.... Forgive me it's 4:52am here.... Mithro Tim Ansell wrote:
Oppps, just realised i've been replying only to myself :)
Umm okay here is the diff, it is from version 2.2.4 but should apply to most versions.... I have removed all the "print" debugging and cleaned up the formatting.
Could people look it over and tell me if there are any hidden problems with it? Is it done the right way?
There seems to be a lot of repeated code between zpublisher_exception_hook and ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own function and work that way? Just an idea...
Mithro
Tim Ansell wrote:
No further investigation i have found out that the part i really want to modify is
zpublisher_exception_hook, which gets called when the error occurs
Inside this functions there is a
if REQUEST.get('AUTHENTICATED_USER', None) is None: REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
which seems to explain why i'm getting the anonymous user for the errors.
Is there anyway to add to this function the authentication routines so that is AUTHENTICATED_USER is none it authentication is check with standard_error_message being the object checked against?
Am i making any sense?
I'm going to give it a go and see what happen...
Mithro
Tim Ansell wrote:
<newbie alert>
Hello.
I've been using zope for a couple of months, i have found zope to be a great product and thank you for creating it. Currently i have run into a problem, i need to access the AUTHENTICATED_USER in a standard_error_message called by notFoundError in BaseRequest.
I was wondering if the authentication routine can be added before the authentication routine in BaseRequest? Or if this is not possible it could be split into a function and and call it before the notFoundError call as well?
There are many reasons you might want to do this, i have listed some below:
* You want list possible urls the reader could have meant but don't want to show let Anonymous users see possible privileged urls
* You want to provided different error messages for different people, i.e. a more advanced error for coders, a simple error for html writer, a special error for normal people
* You wanted errors to only be reported it they where caused by certain users
and the list could go on....
Mithro
</newbie aler>
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
--- ./__init__.py.org Thu Jan 11 04:39:25 2001 +++ ./__init__.py Thu Jan 11 04:37:24 2001 @@ -162,6 +162,9 @@ class RequestContainer(ExtensionClass.Base): def __init__(self,r): self.REQUEST=r +from ZPublisher.BaseRequest import old_validation +UNSPECIFIED_ROLES='' + def zpublisher_exception_hook( published, REQUEST, t, v, traceback, # static @@ -208,11 +211,79 @@ break client=published + + auth=REQUEST._auth + + user=groups=None + + while 1: + if REQUEST.get('AUTHENTICATED_USER', None) is None: + # Do authentication here.... + r = getattr(client, '__roles__', UNSPECIFIED_ROLES) + if r is not UNSPECIFIED_ROLES: + roles = r + elif not got: + roles = getattr(client, entry_name+'__roles__', roles) + + if roles: + if hasattr(client, '__allow_groups__'): + groups=client.__allow_groups__ + + if hasattr(groups, 'validate'): v=groups.validate + else: v=old_validation + + if v is old_validation and roles is UNSPECIFIED_ROLES: + print "Validation and UNSEPCIFIED_ROLES is okay" + # No roles, so if we have a named group, get roles from + # group keys + if hasattr(groups,'keys'): roles=groups.keys() + else: + try: groups=groups() + except: pass + try: roles=groups.keys() + except: pass + + if groups is None: + # Public group, hack structures to get it to validate + roles=None + auth='' + + if v is old_validation: + user=old_validation(groups, request, auth, roles) + elif roles is UNSPECIFIED_ROLES: user=v(request, auth) + else: user=v(REQUEST, auth, roles) + + if hasattr(client, '__allow_groups__') and user == None: + groups=client.__allow_groups__ + if hasattr(groups,'validate'): + v=groups.validate + else: + v=old_validation + if v is old_validation: + user=old_validation(groups, REQUEST, auth, roles) + elif roles is UNSPECIFIED_ROLES: + user=v(REQUEST, auth) + else: + user=v(REQUEST, auth, roles) + + if user is not None: + REQUEST['AUTHENTICATED_USER']=user + + try: + client=getattr(client, 'aq_parent', None) + if client is None: raise + except: + break + while 1: if getattr(client, 'standard_error_message', None) is not None: break + try: client=getattr(client, 'aq_parent', None) if client is None: raise + except: + break + if REQUEST.get('AUTHENTICATED_USER', None) is None: REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
I appears last night i didn't test the diff... This one should work without any editing... Mithro Tim Ansell wrote:
Forgot to attach the diff....
Forgive me it's 4:52am here....
Mithro
Tim Ansell wrote:
Oppps, just realised i've been replying only to myself :)
Umm okay here is the diff, it is from version 2.2.4 but should apply to most versions.... I have removed all the "print" debugging and cleaned up the formatting.
Could people look it over and tell me if there are any hidden problems with it? Is it done the right way?
There seems to be a lot of repeated code between zpublisher_exception_hook and ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own function and work that way? Just an idea...
Mithro
Tim Ansell wrote:
No further investigation i have found out that the part i really want to modify is
zpublisher_exception_hook, which gets called when the error occurs
Inside this functions there is a
if REQUEST.get('AUTHENTICATED_USER', None) is None: REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
which seems to explain why i'm getting the anonymous user for the errors.
Is there anyway to add to this function the authentication routines so that is AUTHENTICATED_USER is none it authentication is check with standard_error_message being the object checked against?
Am i making any sense?
I'm going to give it a go and see what happen...
Mithro
Tim Ansell wrote:
<newbie alert>
Hello.
I've been using zope for a couple of months, i have found zope to be a great product and thank you for creating it. Currently i have run into a problem, i need to access the AUTHENTICATED_USER in a standard_error_message called by notFoundError in BaseRequest.
I was wondering if the authentication routine can be added before the authentication routine in BaseRequest? Or if this is not possible it could be split into a function and and call it before the notFoundError call as well?
There are many reasons you might want to do this, i have listed some below:
* You want list possible urls the reader could have meant but don't want to show let Anonymous users see possible privileged urls
* You want to provided different error messages for different people, i.e. a more advanced error for coders, a simple error for html writer, a special error for normal people
* You wanted errors to only be reported it they where caused by certain users
and the list could go on....
Mithro
</newbie aler>
_______________________________________________
--- ./__init__.py.original Wed Jan 10 23:13:53 2001 +++ ./__init__.py Wed Jan 10 23:45:28 2001 @@ -162,6 +162,9 @@ class RequestContainer(ExtensionClass.Base): def __init__(self,r): self.REQUEST=r +from ZPublisher.BaseRequest import old_validation +UNSPECIFIED_ROLES='' + def zpublisher_exception_hook( published, REQUEST, t, v, traceback, # static @@ -208,11 +211,79 @@ break client=published + + auth=REQUEST._auth + + user=groups=None + + while 1: + if REQUEST.get('AUTHENTICATED_USER', None) is None: + # Do authentication here.... + r = getattr(client, '__roles__', UNSPECIFIED_ROLES) + if r is not UNSPECIFIED_ROLES: + roles = r + elif not got: + roles = getattr(client, entry_name+'__roles__', roles) + + if roles: + if hasattr(client, '__allow_groups__'): + groups=client.__allow_groups__ + + if hasattr(groups, 'validate'): v=groups.validate + else: v=old_validation + + if v is old_validation and roles is UNSPECIFIED_ROLES: + print "Validation and UNSEPCIFIED_ROLES is okay" + # No roles, so if we have a named group, get roles from + # group keys + if hasattr(groups,'keys'): roles=groups.keys() + else: + try: groups=groups() + except: pass + try: roles=groups.keys() + except: pass + + if groups is None: + # Public group, hack structures to get it to validate + roles=None + auth='' + + if v is old_validation: + user=old_validation(groups, request, auth, roles) + elif roles is UNSPECIFIED_ROLES: user=v(request, auth) + else: user=v(REQUEST, auth, roles) + + if hasattr(client, '__allow_groups__') and user == None: + groups=client.__allow_groups__ + if hasattr(groups,'validate'): + v=groups.validate + else: + v=old_validation + if v is old_validation: + user=old_validation(groups, REQUEST, auth, roles) + elif roles is UNSPECIFIED_ROLES: + user=v(REQUEST, auth) + else: + user=v(REQUEST, auth, roles) + + if user is not None: + REQUEST['AUTHENTICATED_USER']=user + + try: + client=getattr(client, 'aq_parent', None) + if client is None: raise + except: + break + while 1: if getattr(client, 'standard_error_message', None) is not None: break - client=getattr(client, 'aq_parent', None) - if client is None: raise + try: + client=getattr(client, 'aq_parent', None) + if client is None: raise + except: + break + if REQUEST.get('AUTHENTICATED_USER', None) is None: REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
participants (1)
-
Tim Ansell