[Zope3-checkins] SVN: Zope3/trunk/ - Added a fallback
unauthenticated principal that is stored on the request if
Christian Theune
ct at gocept.com
Thu May 3 03:14:05 EDT 2007
Log message for revision 75037:
- Added a fallback unauthenticated principal that is stored on the request if
the global authentication utility does not provide one.
Changed:
U Zope3/trunk/doc/CHANGES.txt
U Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
U Zope3/trunk/src/zope/app/publication/zopepublication.py
U Zope3/trunk/src/zope/app/security/configure.zcml
U Zope3/trunk/src/zope/app/security/interfaces.py
U Zope3/trunk/src/zope/app/security/principalregistry.py
U Zope3/trunk/src/zope/app/wsgi/README.txt
-=-
Modified: Zope3/trunk/doc/CHANGES.txt
===================================================================
--- Zope3/trunk/doc/CHANGES.txt 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/doc/CHANGES.txt 2007-05-03 07:14:02 UTC (rev 75037)
@@ -22,6 +22,9 @@
Bugs fixed
+ - Added a fallback unauthenticated principal that is stored on the
+ request if the global authentication utility does not provide one.
+
- #98111: z.a.form.browser.itemswidget.MultiDataHelper._toFieldValue()
context._type attribute was being ignored when the result was an empty
collection.
Modified: Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py
===================================================================
--- Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/publication/tests/test_zopepublication.py 2007-05-03 07:14:02 UTC (rev 75037)
@@ -49,6 +49,7 @@
from zope.app.folder import Folder, rootFolder
from zope.app.security.interfaces import IAuthenticationUtility
from zope.app.security.interfaces import IAuthentication
+from zope.app.security.interfaces import IFallbackUnauthenticatedPrincipal
from zope.app.security.principalregistry import principalRegistry
@@ -84,6 +85,11 @@
def getPrincipal(self, id):
return Principal(id)
+class AuthUtility3(AuthUtility1):
+
+ def unauthenticatedPrincipal(self):
+ return None
+
class ErrorReportingUtility(object):
implements(IErrorReportingUtility)
@@ -412,6 +418,23 @@
class ZopePublicationTests(BasePublicationTests):
+ def testGlobalAuth(self):
+ # Replace the global registry with a stub that doesn't return an
+ # unauthenticated principal.
+ authentication = AuthUtility3()
+ ztapi.provideUtility(IAuthentication, authentication)
+
+ # We need a fallback unauthenticated principal, otherwise we'll get a
+ # ComponentLookupError:
+ self.assertRaises(ComponentLookupError,
+ self.publication.beforeTraversal, self.request)
+
+ # Let's register an unauthenticated principal instance for the lookup:
+ principal = UnauthenticatedPrincipal('fallback')
+ ztapi.provideUtility(IFallbackUnauthenticatedPrincipal, principal)
+ self.publication.beforeTraversal(self.request)
+ self.failUnless(self.request.principal is principal)
+
def testPlacefulAuth(self):
setup.setUpTraversal()
setup.setUpSiteManagerLookup()
Modified: Zope3/trunk/src/zope/app/publication/zopepublication.py
===================================================================
--- Zope3/trunk/src/zope/app/publication/zopepublication.py 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/publication/zopepublication.py 2007-05-03 07:14:02 UTC (rev 75037)
@@ -47,6 +47,7 @@
from zope.app.publication.interfaces import EndRequestEvent
from zope.app.publication.publicationtraverse import PublicationTraverse
from zope.app.security.interfaces import IUnauthenticatedPrincipal
+from zope.app.security.interfaces import IFallbackUnauthenticatedPrincipal
from zope.app.security.interfaces import IAuthentication
from zope.app.component.interfaces import ISite
@@ -79,16 +80,18 @@
self.db = db
def beforeTraversal(self, request):
- # Try to authenticate against the default global registry.
+ # Try to authenticate against the root authentication utility.
auth = zope.component.getGlobalSiteManager().getUtility(
zope.app.security.interfaces.IAuthentication)
- p = auth.authenticate(request)
- if p is None:
- p = auth.unauthenticatedPrincipal()
- if p is None:
- raise Unauthorized # If there's no default principal
+ principal = auth.authenticate(request)
+ if principal is None:
+ principal = auth.unauthenticatedPrincipal()
+ if principal is None:
+ # Get the fallback unauthenticated principal
+ principal = zope.component.getUtility(
+ IFallbackUnauthenticatedPrincipal)
- request.setPrincipal(p)
+ request.setPrincipal(principal)
newInteraction(request)
transaction.begin()
Modified: Zope3/trunk/src/zope/app/security/configure.zcml
===================================================================
--- Zope3/trunk/src/zope/app/security/configure.zcml 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/security/configure.zcml 2007-05-03 07:14:02 UTC (rev 75037)
@@ -145,4 +145,9 @@
for=".interfaces.IPrincipal"
/>
+ <utility
+ component=".principalregistry.fallback_unauthenticated_principal"
+ provides=".interfaces.IFallbackUnauthenticatedPrincipal"
+ />
+
</configure>
Modified: Zope3/trunk/src/zope/app/security/interfaces.py
===================================================================
--- Zope3/trunk/src/zope/app/security/interfaces.py 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/security/interfaces.py 2007-05-03 07:14:02 UTC (rev 75037)
@@ -29,6 +29,17 @@
Authenticated principals are preferable to UnauthenticatedPrincipals.
"""
+
+class IFallbackUnauthenticatedPrincipal(IUnauthenticatedPrincipal):
+ """Marker interface for the fallback unauthenticated principal.
+
+ This principal can be used by publications to set on a request if
+ no principal, not even an unauthenticated principal, was returned
+ by any authentication utility to fulfill the contract of IApplicationRequest.
+
+ """
+
+
class IUnauthenticatedGroup(IGroup):
"""A group containing unauthenticated users
"""
Modified: Zope3/trunk/src/zope/app/security/principalregistry.py
===================================================================
--- Zope3/trunk/src/zope/app/security/principalregistry.py 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/security/principalregistry.py 2007-05-03 07:14:02 UTC (rev 75037)
@@ -175,6 +175,16 @@
implements(interfaces.IUnauthenticatedPrincipal)
+
+fallback_unauthenticated_principal = (
+ UnauthenticatedPrincipal(
+ __name__+'.fallback_unauthenticated_principal',
+ 'Fallback unauthenticated principal',
+ 'The default unauthenticated principal. Used as a fallback to '
+ 'allow challenging for a user even if the IAuthentication returned '
+ 'None as the unauthenticated principal.'))
+
+
class UnauthenticatedGroup(Group):
implements(interfaces.IUnauthenticatedGroup)
@@ -186,4 +196,3 @@
class EverybodyGroup(Group):
implements(interfaces.IEveryoneGroup)
-
Modified: Zope3/trunk/src/zope/app/wsgi/README.txt
===================================================================
--- Zope3/trunk/src/zope/app/wsgi/README.txt 2007-05-02 23:12:02 UTC (rev 75036)
+++ Zope3/trunk/src/zope/app/wsgi/README.txt 2007-05-03 07:14:02 UTC (rev 75037)
@@ -47,8 +47,8 @@
Now we can send the fabricated HTTP request to the application for processing:
>>> print ''.join(app(environ, start_response))
- <html><head><title>Unauthorized</title></head>
- <body><h2>Unauthorized</h2>
+ <html><head><title>ComponentLookupError</title></head>
+ <body><h2>ComponentLookupError</h2>
A server error occurred.
</body></html>
<BLANKLINE>
More information about the Zope3-Checkins
mailing list