[Zope-PAS] Struggling with 'challenge' support.
Lennart Regebro
regebro at nuxeo.com
Wed Sep 22 08:54:21 EDT 2004
Mark Hammond wrote:
> I'm afraid that with these changes, I don't see "challenge" called at all.
This is what should happen.
1. in __before_traverse__ PAS is called.
2. The __call__ (line 1089) replaces the response.unauthorized() with
pluggable auths challenge().
3. Somewhere, response.unauthorized() is called, and since this now is
pas.challenge() thats what is called.
4. pas.challenge() loops over all challenge plugins and calls
challenge() on them. If they do not wnat to challenge, they return. If
they do want to challenge, they raise Unauthorized or Redirect.
5. If no plugin raises anything, response.old_unauthorized() (which is
the original unauthorized(), of course) is called.
>>Scribble on the Response headers and then raise Unauthorized
>>should do it.
>
> Is there any way I can keep 'state' between these calls? Somehow I need to
> coordinate the first and second of these calls.
Well, a session is probably the only possibility there.
>>I couldn't help myself.
>>http://zope.org/Members/regebro/KniggetChallenge/swpackage_view
>
> I tried that - I was initially prompted to logon, and when I did, I got a
> simple "Insufficient Privileges" messages - without the elderberries :)
Yeah, there is something fishy then. You should get a pythonic message
if it works. Assuming it is placed first amongst the challenge plugins,
of course.
More information about the Zope-PAS
mailing list