[Zope-PAS] Proposed challenge implementation

Zachery Bir zbir at urbanape.com
Mon Sep 13 10:44:21 EDT 2004


On Sep 13, 2004, at 10:39 AM, Lennart Regebro wrote:

> Here are some changes I made to PluggableAuthService.py to implement 
> challenge support:

Thanks!

>     def __call__(self, container, req):
>         """ The __before_publishing_traverse__ hook. """
>         req = self.REQUEST
>         resp = req['RESPONSE']
>         resp.old_unauthorized = resp._unauthorized
>         resp._unauthorized = self.challenge
>         return
>
>     def challenge(self):
>         req = self.REQUEST
>         resp = req['RESPONSE']
>         resp.old_unauthorized()
>
>         # Go through all challenge plugins
>         plugins = self._getOb('plugins')
>         challengers = plugins.listPlugins( IChallengePlugin )
>         for challenger_id, challenger in challengers:
>             challenger.challenge(req, resp)
>
> As you notice, this requires the plugins to raise either Unauthorized, 
> or Redirect. However, anything else is a bit of a special case, and 
> implementing it will be a major pain in the a...posterior, probably 
> including some hefty moneky-patching.

We should probably have a default case where PAS either always emits 
the Basic Auth challenge, or lets the ZPublisher do it, don't you 
think?

> This probably means that challenge plugins may not be compatible with 
> Zope3s PAS implementation. I'm not sure that is a major problem.

I'm not terribly concerned about this at the moment. There are going to 
be some features of PAS that will be harder to implement in each Zope 
(Zope3's PAS will make more use of events/subscribers to do what we're 
explicitly doing in Zope2's PAS)

> What do you think? It works... should I check it in? Or should we look 
> for a better solution?

Got any tests? If so, I'm happy to have it in there.

Zac



More information about the Zope-PAS mailing list