[Zope-PAS] Challenge implementation: Test results

[Lennart Regebro]

(repost, this time from the correct mail address)

I did an implementation of replacing the Response.unauthorized() from 
within validate, as discussed. Turns out it doesn't work.

When Validate returns None, BaseRequest will call response.unauthorized:

             if user is None and roles != UNSPECIFIED_ROLES:
                 response.unauthorized()

This is ASSUMED to raise an Unauthorized Exception, and hence, if it 
doesn't, BaseRequest will then continue as normal, into code assuming 
that the user WAS validated.

Of course, this is easily fixed adding a return:

             if user is None and roles != UNSPECIFIED_ROLES:
                 response.unauthorized()
                 return

is all that it takes. But, that return is not there today...

So, either we add this return in Zope 2.8, or we to the ugly before 
traverse hook machinery thingy (thus ending up doing double 
authentications, I guess. Ah well.)

In expectation of this, I removed my earlier challenge() implementation 
to lessen the confusion. Now there is no challenge support again.

//Lennart