[Zope-PAS] Re: challenge branch ready for review

Zachery Bir zbir at urbanape.com
Thu Oct 14 11:25:49 EDT 2004 

On 2004-10-14 10:13:13 -0400, Tino Wildenhain 
<tino at wildenhain.de> said:

> Hi,
> 
> Am Do, den 14.10.2004 schrieb Lennart Regebro um 15:56:
>> Zachery Bir wrote:
>>> I thought we had agreed in the #zope-pas roundtable that we weren't 
>>> going to pursue In-line login forms. YAGNI, and all...
> 
> Err. We do not? That would be a show stopper for me.
> 
>> Well, I still think restricting us to do only 401 and 302 responses is 
>> a restriction that we don't need. But if nobody else agrees, I'm not 
>> gonna force it on ya.
> 
> I highly agree. Force it! :-)

Consider it forced. I whipped up this plugin in a matter of minutes. 
It's grody, but it actually works. I'm gonna write some tests for it 
(yeah, yeah, "test first") and check it in on my branch.

There. Three out of three use cases. No overriding of 
HTTPResponse.exception() necessary, and I've plugged the 
PluggableAuthService._unauthorized to keep from firing challenge twice.

Zac

----- snippet -----

class InlineAuthHelper(Folder, BasePlugin):
    """ Multi-plugin for managing details of Inline Authentication. """
    __implements__ = ( ILoginPasswordHostExtractionPlugin
                     , IChallengePlugin
                     )

    meta_type = 'Inline Auth Helper'
    security = ClassSecurityInfo()

    _properties = ( { 'id'    : 'title'
                    , 'label' : 'Title'
                    , 'type'  : 'string'
                    , 'mode'  : 'w'
                    }
                  )

    manage_options = ( BasePlugin.manage_options[:1]
                     + Folder.manage_options[:1]
                     + Folder.manage_options[2:]
                     )

    def __init__(self, id, title):
        self.id = self._id = id
        self.title = title

    security.declarePrivate('extractCredentials')
    def extractCredentials(self, request):
        """ Extract credentials from cookie or 'request'. """
        creds = {}

        # Look in the request for the names coming from the login form
        login = request.get('__ac_name', '')
        password = request.get('__ac_password', '')

        if login:
            creds['login'] = login
            creds['password'] = password

        if creds:
            creds['remote_host'] = request.get('REMOTE_HOST', '')

            try:
                creds['remote_address'] = request.getClientAddr()
            except AttributeError:
                creds['remote_address'] = request.get('REMOTE_ADDR', '')

        return creds

    security.declarePrivate('challenge')
    def challenge(self, request, response, **kw):
        """ Challenge the user for credentials. """
        response.write(BASIC_LOGIN_FORM)
        return True

InitializeClass(InlineAuthHelper)


BASIC_LOGIN_FORM = """<html>
  <head>
    <title> Login Form </title>
  </head>
  <body>
    <h3> Please log in </h3>
    <form method="post">
      <table cellpadding="2">
        <tr>
          <td><b>Login:</b> </td>
          <td><input type="text" name="__ac_name" size="30" /></td>
        </tr>
        <tr>
          <td><b>Password:</b></td>
          <td><input type="password" name="__ac_password" size="30" /></td>
        </tr>
        <tr>
          <td colspan="2">
            <br />
            <input type="submit" value=" Log In " />
          </td>
        </tr>
      </table>
    </form>
  </body>
</html>
"""

More information about the Zope-PAS mailing list