Am 20.04.2010, 12:53 Uhr, schrieb yuppie <>:

> Proposal:
> Meanwhile a much better hook exists for exception handling: Exception
> views. I propose to move most of the Unauthorized handling to a new
> exception view in the ICMFDefaultSkin layer.

Please add a separate folder for these views. We need to separate them  
 from the content ones. BTW. (For pedagogic reason I'm not too keen on  
EditForms being used when objects aren't being edited.)

> All Unauthorized exceptions inside a CMF site are converted by the view.
> Into a Redirect exception for anonymous users and into a Forbidden
> exception for authenticated users.
> The redirect target is looked up in the 'user/login' Action, making
> CookieCrumbler's auto_login_page setting obsolete. The unauth_page
> setting will no longer be supported.
> CookieCrumbler and therefore CMFCore will loose the redirect feature.
> If there are no objections, I'll check in that change on CMF trunk.

This is great. Having looked at the CookieCrumbler code, and its change  
log, it's that it hasn't seen much love in the last five years, while Zope  
and the rest of the CMF have come along in leaps and bounds.

So +1 from me but as per my other e-mails - what will the CookieCrumbler  
do afterwards?

Using a view means that there is a hardcoded relation between the login  
form and the login cookies.

This is the current interface for ICookieCrumbler with proposed  
deprecation decorators

class ICookieCrumbler(Interface):

     """Reads cookies during traversal and simulates the HTTP auth headers.

     @deprecate auth_cookie = Attribute("""The key of the authorisation  
     @deprecate name_cookie = Attribute("""They key of the authorised user  
     @deprecate pw_cookie = Attribute("""The key of the password cookie""")
     persist_cookie = Attribute("""The key of the persistent cookie""")
     local_cookie_path = Attribute("""If True, the cookie tied to the local  
     cache_header_value = Attribute("""If present, the login page will not  
be cached""")
     log_username = Attribute("""If True, the username will in appear in  
Zope's log""")

     def delRequestVar(req, name):
          """No errors of any sort may propagate, and we don't care *what*
           they are, even to log them."""

     def getCookiePath():
         """Get the path for the cookie
         the parent URL if local_cookie_path is True otherwise /"""
         return path

     def getCookieMethod(name, default=None):
         """ Allow overridable cookie set/expiration methods."""
         return getattr(name, default)

     def defaultSetAuthCookie(resp, cookie_name, cookie_value):
         """Set the authorisation cookie"""

     def defaultExpireAuthCookie(resp, cookie_name):
         """Expire the cookie"""

     def _setAuthHeader(ac, request, response):
         """Set the auth headers for both the Zope and Medusa http request

     def modifyRequest(req, resp):
         """Copies cookie-supplied credentials to the basic auth fields.

         Returns a flag indicating what the user is trying to do with
         cookie login is disabled for this request, raises

     def __call__(container, req):
         """The __before_publishing_traverse__ hook."""

     def credentialsChanged(user, name, pw):
         """# XXX: this method violates the rules for tools/utilities:
         # it depends on self.REQUEST """

     def _cleanupResponse():
         """# XXX: this method violates the rules for tools/utilities:
         # it depends on self.REQUEST"""

     def unauthorized():
         """Remove authentication cookies and redirect to standard  

     def _unauthorized():
         """Remove authentication cookies and redirect to standard  

     def getUnauthorizedURL():
         Redirects to the login page.

     def logout():
         Logs out the user and redirects to the logout page.

     def propertyLabel(id):
         """Return a label for the given property id

I'm more than happy to help with this if there is anything I can do that  
doesn't mean you spend more time answering my questions than it would take  
to do the work! :-)

Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
Zope-CMF maillist  -

See for bug reports and feature requests

Reply via email to