[Zope-PAS] [RFC] PAS extractor failure behavior
Jens Vagelpohl
jens at dataflake.org
Tue Nov 23 04:17:52 EST 2004
Right now, if the CookieAuthHelper is set up to challenge and extract
and for some reason the login_form itself is unreachable (meaning, the
Anonymous User is somehow not authorized to view it) we end up in a
redirect loop. I have code that fixes that which I will check in
shortly. With the fix the CookieAuthHelper can detect the situation and
returns "0" from unauthorized.
My question is about the "fallback" behavior in
PAS._extractCredentials. If there were registered extractors but they
all failed to return anything (like when the CookieAuthHelper gives up
in the scenario above) a "emergency extractor" is used. So I get a
standard auth box, but only emergency users can log in. Why can't this
be a normal DumbHTTPExtractor that accepts any valid credentials
instead?
jens
---------------
Jens Vagelpohl jens at zetwork.com
Software Engineer +49-(0)441-36 18 14 38
Zetwork GmbH http://www.zetwork.com/
More information about the Zope-PAS
mailing list