Class
zope.app.authentication.session.SessionCredentialsPlugin

A credentials plugin that uses Zope sessions to get/store credentials.

To illustrate how a session plugin works, we'll first setup some session machinery:

>>> from zope.session.session import RAMSessionDataContainer
>>> from tests import sessionSetUp
>>> sessionSetUp(RAMSessionDataContainer)

This lets us retrieve the same session info from any test request, which simulates what happens when a user submits a session ID as a cookie.

We also need a session plugin:

>>> plugin = SessionCredentialsPlugin()

A session plugin uses an ISession component to store the last set of credentials it gets from a request. Credentials can be retrieved from subsequent requests using the session-stored credentials.

Our test environment is initially configured without credentials:

>>> from tests import sessionSetUp
>>> from zope.publisher.browser import TestRequest
>>> request = TestRequest()
>>> print plugin.extractCredentials(request)
None

We must explicitly provide credentials once so the plugin can store them in a session:

>>> request = TestRequest(login='scott', password='tiger')
>>> plugin.extractCredentials(request)
{'login': 'scott', 'password': 'tiger'}

Subsequent requests now have access to the credentials even if they're not explicitly in the request:

>>> plugin.extractCredentials(TestRequest())
{'login': 'scott', 'password': 'tiger'}

We can always provide new credentials explicitly in the request:

>>> plugin.extractCredentials(TestRequest(
...     login='harry', password='hirsch'))
{'login': 'harry', 'password': 'hirsch'}

and these will be used on subsequent requests:

>>> plugin.extractCredentials(TestRequest())
{'login': 'harry', 'password': 'hirsch'}

We can also change the fields from which the credentials are extracted:

>>> plugin.loginfield = "my_new_login_field"
>>> plugin.passwordfield = "my_new_password_field"

Now we build a request that uses the new fields:

>>> request = TestRequest(my_new_login_field='luke', my_new_password_field='the_force')

The plugin now extracts the credentials information from these new fields:

>>> plugin.extractCredentials(request)
{'login': 'luke', 'password': 'the_force'}

Finally, we clear the session credentials using the logout method:

>>> plugin.logout(TestRequest())
True
>>> print plugin.extractCredentials(TestRequest())
None

Base classes

Implemented Interfaces

Attributes/Properties

Methods

Known Subclasses

There are no known subclasses.