[Zope-PAS] Challengers (and Zope 3)

[Jim Fulton]

Jim Fulton wrote:
> 
...
> Let me see if I can state this correctly and clearly. For
> lack of a better term, I'll say that there can be multiple
> protocols for making challenges.  Examples of protocols include
> HTTP Authentication and Cookie-based authentication.  There
> are undoubtably other protocols, although I don't know of
> any off hand. ;)  Generally, protocols are not compatible with
> each other. (This is hard to say for sure, but for the protocols
> we have, this is the case. :).  Therefore, we don't want to issue
> challenges for multiple protocols.

OK, this idea seems to have some potential.  I suggest the following
algoritm then:

   # PAS challenge algorithm:
   protocol = None
   for chalenger in challengers:
       protocol = challenger.challenge(request, response, protocol)

   if protocol is None:
       # no challengers fired
       ... do fallback thing

Challenge methods, then, should be written along the lines of:

   def challenge(self, request, response, protocol):
       if protocol is None:
           ... do stuff (e.g. set response status for http)
           return self.protocol
       elif protocol == self.protocol
            ... do other stuff, often a subset of stuff
            ... done when protocol is None (e.g. for http, don't set
            ... 401 status)
       # we do nothing if protocol doesn't match
       return protocol

How does this sound?

I'll be a sprint next week where I think we can try this out for
basic, digest, and cookie/redirect challengers, where basic and digest
auth would use the http protocol.

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org