It looks like registering a view for Unauthorized doesn't work correctly due to the way Unauthorized is handled in the WSGI publisher. The view will get called correctly, but in https://github.com/zopefoundation/Zope/blob/master/src/ZPublisher/WSGIPublisher.py#L212:L216 any response status the view may have set, such as a 302 redirect, is overwritten by the status from the exception, which is 401 Unauthorized. This will cause the browser to pop up the basic HTTP authentication box.
What I did:
Registered a view for Unauthorized, the view code attempts to redirect the browser to a login page (example taken from Products.CMFDefault):
BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)
It looks like registering a view for
Unauthorized
doesn't work correctly due to the wayUnauthorized
is handled in the WSGI publisher. The view will get called correctly, but in https://github.com/zopefoundation/Zope/blob/master/src/ZPublisher/WSGIPublisher.py#L212:L216 any response status the view may have set, such as a 302 redirect, is overwritten by the status from the exception, which is 401 Unauthorized. This will cause the browser to pop up the basic HTTP authentication box.What I did:
Registered a view for Unauthorized, the view code attempts to redirect the browser to a login page (example taken from Products.CMFDefault):
What I expect to happen:
The login page should show when I browse to a page I don't have enough privileges for
What actually happened:
The browser pops up a basic HTTP authentication prompt
What version of Python and Zope/Addons I am using:
Zope 4.x branch on Python 2