A credentials plugin that uses Zope sessions to get/store credentials.
To illustrate how a session plugin works, we'll first setup some session machinery:
>>> from zope.session.session import RAMSessionDataContainer >>> from tests import sessionSetUp >>> sessionSetUp(RAMSessionDataContainer)
This lets us retrieve the same session info from any test request, which simulates what happens when a user submits a session ID as a cookie.
We also need a session plugin:
>>> plugin = SessionCredentialsPlugin()
A session plugin uses an ISession component to store the last set of credentials it gets from a request. Credentials can be retrieved from subsequent requests using the session-stored credentials.
Our test environment is initially configured without credentials:
>>> from tests import sessionSetUp >>> from zope.publisher.browser import TestRequest >>> request = TestRequest() >>> print plugin.extractCredentials(request) None
We must explicitly provide credentials once so the plugin can store them in a session:
>>> request = TestRequest(login='scott', password='tiger') >>> plugin.extractCredentials(request) {'login': 'scott', 'password': 'tiger'}
Subsequent requests now have access to the credentials even if they're not explicitly in the request:
>>> plugin.extractCredentials(TestRequest()) {'login': 'scott', 'password': 'tiger'}
We can always provide new credentials explicitly in the request:
>>> plugin.extractCredentials(TestRequest( ... login='harry', password='hirsch')) {'login': 'harry', 'password': 'hirsch'}
and these will be used on subsequent requests:
>>> plugin.extractCredentials(TestRequest()) {'login': 'harry', 'password': 'hirsch'}
We can also change the fields from which the credentials are extracted:
>>> plugin.loginfield = "my_new_login_field" >>> plugin.passwordfield = "my_new_password_field"
Now we build a request that uses the new fields:
>>> request = TestRequest(my_new_login_field='luke', my_new_password_field='the_force')
The plugin now extracts the credentials information from these new fields:
>>> plugin.extractCredentials(request) {'login': 'luke', 'password': 'the_force'}
Finally, we clear the session credentials using the logout method:
>>> plugin.logout(TestRequest()) True >>> print plugin.extractCredentials(TestRequest()) None
loginfield
(type:
str
)
'login'
loginpagename
(type:
str
)
'loginForm.html'
passwordfield
(type:
str
)
'password'
challenge(request)
Challenges by redirecting to a login form.
To illustrate, we'll create a test request:
>>> from zope.publisher.browser import TestRequest >>> request = TestRequest()
and confirm its response's initial status and 'location' header:
>>> request.response.getStatus() 599 >>> request.response.getHeader('location')
When we issue a challenge using a session plugin:
>>> plugin = SessionCredentialsPlugin() >>> plugin.challenge(request) True
we get a redirect:
>>> request.response.getStatus() 302 >>> request.response.getHeader('location') 'http://127.0.0.1/@@loginForm.html?camefrom=%2F'
The plugin redirects to the page defined by the loginpagename attribute:
>>> plugin.loginpagename = 'mylogin.html' >>> plugin.challenge(request) True >>> request.response.getHeader('location') 'http://127.0.0.1/@@mylogin.html?camefrom=%2F'
It also provides the request URL as a 'camefrom' GET style parameter. To illustrate, we'll pretend we've traversed a couple names:
>>> env = { ... 'REQUEST_URI': '/foo/bar/folder/page%201.html?q=value', ... 'QUERY_STRING': 'q=value' ... } >>> request = TestRequest(environ=env) >>> request._traversed_names = [u'foo', u'bar'] >>> request._traversal_stack = [u'page 1.html', u'folder'] >>> request['REQUEST_URI'] '/foo/bar/folder/page%201.html?q=value'
When we challenge:
>>> plugin.challenge(request) True
We see the 'camefrom' points to the requested URL:
>>> request.response.getHeader('location') # doctest: +ELLIPSIS '.../@@mylogin.html?camefrom=%2Ffoo%2Fbar%2Ffolder%2Fpage+1.html%3Fq%3Dvalue'
This can be used by the login form to redirect the user back to the originating URL upon successful authentication.
extractCredentials(request)
Extracts credentials from a session if they exist.
logout(request)
Performs logout by clearing session data credentials.
There are no known subclasses.