[Zope-PAS] Struggling with 'challenge' support.
Lennart Regebro
regebro at nuxeo.com
Thu Sep 23 09:53:31 EDT 2004
Mark Hammond wrote:
>>Ah... I tried overriding _unauthorized before, but that has other
>>problems.
>
> What problems specifically?
See my later mail. Summary:
- Raising exceptions do not work when called from exception(), so that
solution doesn't work.
- Many changes to the response gets overridden later in exception(), so
that solution has some problems too.
>>Nope, that doesn't work either, because response.exception will continue
>>to do a lot of changes on the response. You can not change an
>>Unauthorized into a Redirect, for example, and that is a basic
>>requirement.
>
> Why is that? I see no reason why issuing a challenge should cause a
> redirect.
That is the most common use case: Redirecting to a login page. That is
what 99% of users that require something else than a 401 response will use.
> Did you see a specific error with my patch?
Yes, the explained error above. That implementation is not sufficient. I
need to do more testing to try some alternatives, do a whole lot more
testing and, list up all the use cases.
Use case 1:
Standard HTTP Basic challenge. Returns 401, basically.
Wouldn't it be nice to be able to set the body? Or is that just
completely pointless?
Use case 2:
Redirect to a login page.
Use case 3:
Return a login page without redirecting.
In worst case we could skip this use case, if it is to complicated to
implement.
Use case 4:
What Mark is doing now. Could you explain that closer?
Hmmm.... I just realized, it might be possible to wrap exception instead
of changing it, that woudl be neater. And then to the challenge
*afterwards* and make the plugins write to response *last*. That could
actaully work, if nothing else works. Hmm....
More information about the Zope-PAS
mailing list