[Grok-dev] using zope.testbrowser to test for Unauthorized exceptions and updated zope.publisher with IReRaise exception support

[Jan-Wijbrand Kolman]

Hi,


As per https://bugs.launchpad.net/grok/+bug/332061 and the fix in
zope.publisher 3.4.9 and in grok itself...

http://svn.zope.org/grok/trunk/src/grok/configure.zcml?rev=101871&r1=94110&r2=10187

...the Unauthorized exception is now never exposed to "the outside" 
world anymore. We have however several doctests in for our applications 
that use the following pattern:

  >>> browser = Browser()
  >>> browser.handleErrors = False
  >>> # Anonymous access is not allowed:
  >>> browser.open('http://localhost/some/restricted/view')
  Traceback (most recent call last):
  ...
  Unauthorized...

This doesn't work anymore, since even with the handleErrors set to 
False, the Unauthorized exception will not be exposed to the test browser.

So, I thought, I'll test for the status code in the repsonse headers 
then, something like so:

  >>> browser.open('http://localhost/some/restricted/view')
  >>> print browser.headers
  Status: 401 Unauthorized
  Cache-Control: no-store, no-cache, must-revalidate
  Content-Length: ...
  Content-Type: text/html;charset=utf-8
  Expires: ...
  Pragma: no-cache
  WWW-Authenticate: basic realm="Zope"
  X-Powered-By: Zope (www.zope.org), Python (www.python.org)

This can only work for basic auth though. If you use form based login - 
like we do - the response status code will just be a 200 Ok, since 
*that* login page was handled just fine...

A couple of thoughts:

* This should be part of the upgrade notes.

* The IReRaise adapter is now registered in the configure.zcml of Grok.

I wonder if it instead shouldn't be registered in the wsgi-specific 
grokcore.startup.startup.application_factory. Maybe even only for the 
cases where we want to debug. In all other cases then (during testing, 
non-wsgi deployment, using the deploy.ini profile for paste serve), the 
error raising works as expected.

Any opinions?

regards,
jw