[Zope-PAS] Cookie authentication and stuff
Lennart Regebro
regebro at nuxeo.com
Mon Aug 30 09:10:07 EDT 2004
Tino Wildenhain wrote:
> Hi,
>
> maybe its fixed in the CVS, but trying
> out the tar.gz I found some issues.
>
> in utils.py there was an endless loop
> looking for a folder with name "Products"
>
> I replaced it with:
>
> product_dir, utils_module_file = os.path.split(
> os.path.abspath(__file__) )
>
> product_prefix = os.path.abspath(os.path.join(product_dir,"..",".."))
>
> (and removed the while part)
>
>
>
> When the PAS is in a subfolder,
> it does not create a anonymous
> user but returns None so BaseRequest.py
> goes on to find another UserFolder
> down the path and finally raises
>
> Unauthorized()
>
> I changed file PluggableAuthService.py
> line 267: in validate()
>
> if not is_top:
> # ok we dont find a user, but we may have other userfolders
> # down the path. Lets see if one of them would like to
> # handle it
> me=self.aq_parent # we want our folder, there must be at
> least one
> while hasattr(me,"aq_parent"):
> me=me.aq_parent
> if hasattr(me,"__allow_groups__"):
> megr=me.__allow_groups__
> if hasattr(megr,"validate"):
> u=megr.validate(request,auth,roles)
> if u is not None:
> return None # we should probably return
> # the user here, but I'm not
> # sure and leave it to
> BaseRequest
> # for now
> #return None
>
> #
> # No other user folder above us can satisfy, and we have no
> user;
> # return a constructed anonymous only if anonymous is
> authorized.
> #
> anonymous = self._createAnonymousUser( plugins )
> self._authorizeUser( anonymous
> , accessed
> , container
> , name
> , value
> , roles
> ) # call it but ignore return value for
> now
> return anonymous
>
>
> now we have anonymous, but challenge() is still not called.
>
> How is it meant to be?
If the authentication fails from any userfolder, challenge() should be
called. I guess the first challenge plugin only?
More information about the Zope-PAS
mailing list