python-zope.app.security 3.7.5-0ubuntu4 / usr / share / pyshared / zope / app / security / browser / loginlogout.txt

This file is indexed.

/usr/share/pyshared/zope/app/security/browser/loginlogout.txt is in python-zope.app.security 3.7.5-0ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
====================
Login/Logout Snippet
====================

The class LoginLogout:

  >>> from zope.app.security.browser.auth import LoginLogout

is used as a view to generate an HTML snippet suitable for logging in or
logging out based on whether or not the current principal is authenticated.

When the current principal is unauthenticated, it provides
IUnauthenticatedPrincipal:

  >>> from zope.authentication.interfaces import IUnauthenticatedPrincipal
  >>> from zope.principalregistry.principalregistry import UnauthenticatedPrincipal
  >>> anonymous = UnauthenticatedPrincipal('anon', '', '')
  >>> IUnauthenticatedPrincipal.providedBy(anonymous)
  True

When LoginLogout is used for a request that has an unauthenticated principal,
it provides the user with a link to 'Login':

  >>> from zope.publisher.browser import TestRequest
  >>> request = TestRequest()
  >>> request.setPrincipal(anonymous)
  >>> LoginLogout(None, request)()
  u'<a href="@@login.html?nextURL=http%3A//127.0.0.1">[Login]</a>'

Logout, however, behaves differently. Not all authentication protocols (i.e.
credentials extractors/challengers) support 'logout'. Furthermore, we don't
know how an admin may have configured Zope's authentication. Our solution is
to rely on the admin to tell us explicitly that the site supports logout.

By default, the LoginLogout snippet will not provide a logout link for an
unauthenticated principal. To illustrate, we'll first setup a request with an
unauthenticated principal:

  >>> from zope.security.interfaces import IPrincipal
  >>> from zope.interface import implements
  >>> class Bob:
  ...     implements(IPrincipal)
  ...     id = 'bob'
  ...     title = description = ''
  >>> bob = Bob()
  >>> IUnauthenticatedPrincipal.providedBy(bob)
  False
  >>> request.setPrincipal(bob)

In this case, the default behavior is to return None for the snippet:

  >>> print LoginLogout(None, request)()
  None

To show a logout prompt, an admin must register a marker adapter that provides
the interface:

  >>> from zope.authentication.interfaces import ILogoutSupported

This flags to LoginLogout that the site supports logout. There is a 'no-op'
adapter that can be registered for this:

  >>> from zope.authentication.logout import LogoutSupported
  >>> from zope.component import provideAdapter
  >>> provideAdapter(LogoutSupported, (None,), ILogoutSupported)

Now when we use LoginLogout with an unauthenticated principal, we get a logout
prompt:

  >>> LoginLogout(None, request)()
  u'<a href="@@logout.html?nextURL=http%3A//127.0.0.1">[Logout]</a>'

APT Browse - Built by Thomas Orozco.