[Zope-PAS] challenge branch ready for review

[Mark Hammond]

>   - the new challenge machinery discussed here that limits players in
>     a given challenge to plugins that support the same protocol

I'm having a little trouble making this work with my plugin.  The problem is
that the HTTPBasicAuthHelper does not declare a protocol - so the
HTTPBasicAuthHelper ID is used.  My plugin wants to interact with
HTTPBasicAuthHelper, but has no way of determining the protocol it should
use to match HTTPBasicAuthHelper.

Is the intention to declare HTTPBasicAuthHelper as using a 'http' protocol?

The patch below declares this protocol for HTTPAuth, and replaces
'setHeader' with 'addHeader' (necessary for correct header semantics).  With
that patch applied, my plugin seems to work fine with HTTPAuth.

I believe it is still a minor issue that plugins sharing a protocol have no
way of knowing their order.  This means HTTPAuth unconditionally sets the
body and all other plugins sharing a protocol must do the same.  Its not a
show-stopper though.

Mark.

--- HTTPBasicAuthHelper.py      8 Oct 2004 14:23:05 -0000       1.6.2.1
+++ HTTPBasicAuthHelper.py      14 Oct 2004 01:31:39 -0000
@@ -61,6 +61,8 @@

     security = ClassSecurityInfo()

+    protocol = "http" # The PAS challenge 'protocol' we use.
+
     def __init__( self, id, title=None ):
         self._setId( id )
         self.title = title
@@ -94,7 +96,7 @@
         """
         realm = response.realm
         if realm:
-            response.setHeader('WWW-Authenticate', 'basic realm="%s"' %
realm, 1)
+            response.addHeader('WWW-Authenticate', 'basic realm="%s"' %
realm)
         m = "<strong>You are not authorized to access this
resource.</strong>"
         if response.debug_mode:
             if response._auth: