[Zope-PAS] Struggling with 'challenge' support.
Mark Hammond
mhammond at skippinet.com.au
Wed Sep 22 19:07:49 EDT 2004
> This is what should happen.
>
> 1. in __before_traverse__ PAS is called.
>
> 2. The __call__ (line 1089) replaces the response.unauthorized() with
> pluggable auths challenge().
This all works fine.
> 3. Somewhere, response.unauthorized() is called, and since
> this now is
> pas.challenge() thats what is called.
This is where things go wrong.
In my setup, response.unauthorized() is never called.
response._unauthorized() is, which is why pas.challenge() was called in the
previous version but not in the current one.
response._unauthorized() is called by the ZPublisher\HTTPResponse.py
'exception' method. The code reads:
...
if t == 'Unauthorized' or t == Unauthorized or (
isinstance(t, types.ClassType) and issubclass(t, Unauthorized)):
t = 'Unauthorized'
self._unauthorized()
That last line is where the only call to "_unauthorized" originates from.
As I mentioned, 'unauthorized' is never called.
The best I can tell, the problem is that someone has explicitly done 'raise
Unauthorized', rather than calling response.unauthorized(). When someone
explicitly raises that exception, response.unauthorized() is never called -
which makes sense, as all that method does is itself try to raise the
exception.
Unfortunately, explicitly raising the exception seems common practice (or so
grep tells me). As far as I can tell, my specific exception is being raised
by Traversable.py, which raises it in 4 places.
Maybe we need to hook the exception method rather than unauthorized? I'll
have a play down that route until I hear back :)
Mark.
More information about the Zope-PAS
mailing list