[Zope-PAS] [RFC] PAS extractor failure behavior

Jens Vagelpohl jens at dataflake.org
Tue Nov 23 04:17:52 EST 2004


Right now, if the CookieAuthHelper is set up to challenge and extract 
and for some reason the login_form itself is unreachable (meaning, the 
Anonymous User is somehow not authorized to view it) we end up in a 
redirect loop. I have code that fixes that which I will check in 
shortly. With the fix the CookieAuthHelper can detect the situation and 
returns "0" from unauthorized.

My question is about the "fallback" behavior in 
PAS._extractCredentials. If there were registered extractors but they 
all failed to return anything (like when the CookieAuthHelper gives up 
in the scenario above) a "emergency extractor" is used. So I get a 
standard auth box, but only emergency users can log in. Why can't this 
be a normal DumbHTTPExtractor that accepts any valid credentials 
instead?

jens

---------------

Jens Vagelpohl			jens at zetwork.com
Software Engineer			+49-(0)441-36 18 14 38
Zetwork GmbH				http://www.zetwork.com/



More information about the Zope-PAS mailing list