[Zope] custom authentication

Andrew Altepeter aaltepet@bethel.edu
04 Mar 2003 15:57:08 -0600

On Tue, 2003-03-04 at 13:03, Dieter Maurer wrote:
> Andrew Altepeter wrote at 2003-3-4 09:05 -0600:
>  > I am working on integrating zope into the single sign-on auth. server we
>  > have.  To do so, I  started with the cookie_validate method in
>  > exUserFolder, modified it to suit, and placed it in my custom userFolder
>  > class.  
>  > 
>  > Ok, so it is working great if you to a page that requires
>  > authentication.  However, I have noticed a few quiry happenings here,
>  > and maybe you guys can help me out.
>  > 
>  > Sometimes, if I authenticate through the sso, and try access an object
>  > my user object doesn't have access do, I am sent a 401 Unauthorized with
>  > a Basic login window.  This is not what I want!
>  > 
>  > If the user is logged in, but doesn't have access, I want to return a
>  > 'no access' page, and if the user is not logged not, then I want to
>  > redirect to the sso.
> UserFolder's usually ensure this by overriding the
> "unauthorized" method of the RESPONSE object.
> Have a look at CookieCrumber (as an example).

Ok, I see.  It seems that exUserFolder is an incomplete product then,
since it does not override the unauthorized method.  As such, it cannot
prevent Basic auth's from slipping through unannounced...?
Looking in CookieCrumbler.py, I see that the __call__ method replaces
the response.unauth methods.  But when I try to do that, I get a
complaint from zope:
  File "/usr/local/Zope/lib/python/ZPublisher/HTTPResponse.py", line
662, in exception
TypeError: unbound Python method must be called with PortalUserFolder
1st argument

To replace the unauth methods, I do the following:
In Products/PortalUserFolder/__init__.py, I do the following:
from ZPublisher.HTTPResponse import HTTPResponse
from PortalUserFolder import PortalUserFolder
#patch the HTTPResponse object's unauth code
HTTPResponse.old__unauthorized = HTTPResponse._unauthorized
HTTPResponse._unauthorized = PortalUserFolder._unauthorized    
HTTPResponse.old_unauthorized = HTTPResponse.unauthorized
HTTPResponse.unauthorized = PortalUserFolder.unauthorized

Well, this doesn't seem to work.  What am I doing wrong?

Thanks for all the help,

> Dieter