Skip to main content
Donate to the Python Software Foundation or Purchase a PyCharm License to Benefit the PSF! Donate Now

Pluggable Zope2 authentication / authorization framework

Project description

(See Products/PluggableAuthService/README.txt).

PluggableAuthService Product README


This product defines a fully-pluggable user folder, intended for
use in all Zope sites.


Please see the files under doc/ in the packaged software for more
information, and consult the interfaces files under interfaces/ in
the software package for PluggableAuthService and plugin APIs.

PluggableAuthService changelog

PluggableAuthService (2007/12/07)

Bugs Fixed

- Packaging error: the 1.5.2 distribution was made from an
'svn export', and thus was missing package data files.

PluggableAuthService 1.5.2 (2007/11/28)

Bugs Fixed

- DomainAuthHelper plugin: fix glitch for plugins which have never
configured any "default" policy: 'authenticateCredentials' and
'getRolesForPrincipal' would raise ValueError.

PluggableAuthService 1.5.1 (2007/09/11)

Bugs Fixed

- PluggableAuthService._verifyUser: changed to use exact_match to the
enumerator, otherwise a user with login 'foobar' might get returned
by _verifyUser for a query for login='foo' because the enumerator
happened to return 'foobar' first in the results.


- Add a test for manage_zmi_logout and replace a call to isImplementedBy
with providedBy.

PluggableAuthService 1.5 (2006/06/17)

Features Added

- Add support for property plugins returning an IPropertySheet
to PropertiedUser. Added addPropertysheet to the IPropertiedUser.

- Added a method to the IRoleAssignerPlugin to remove roles from a
principal, and an implementation for it on the ZODBRoleManager.

- Added events infrastructure. Enabled new IPrincipalCreatedEvent and
ICredentialsUpdatedEvent events.

- Added support for registering plugin types via ZCML.

- Implemented authentication caching in _extractUserIds.

- Ported standard user folder tests from the AccessControl test suite.

Bugs Fixed

- Passwords with ":" characters would break authentication

- Corrected documented software dependencies

- Converted to publishable security sensitive methods to only accept
POST requests to prevent XSS attacks. See and

- Fixed issue in the user search filter where unrecognized keyword
arguments were ignored resulting in duplicate search entries.

- Made sure the Extensions.upgrade script does not commit full
transactions but only sets (optimistic) savepoints. Removed bogus
Zope 2.7 compatibility in the process.

- Made the CookieAuthHelper only use the '__ac_name' field if
'__ac_password' is also present. This fixes a login problem for
CMF sites where the login name was remembered between sessions with
an '__ac_name' cookie.

- Made the DomainAuthHelper return the remote address, even it the
remote host is not available (

- Fixed bug in DelegatingMultiPlugin which attempted to validate the
supplied password directly against the user password - updated to use
AuthEncoding.pw_validate to handle encoding issues

- Fixed serious security hole in DelegatingMultiPlugin which allowed
Authentication if the EmergencyUser login was passed in. Added
password validation utilizing AuthEncoding.pw_validate

- Fixed a set of tests that tested values computed from dictionaries
and could break since dictionaries are not guaranteed to have any
sort order.

- Fixed test breakage induced by use of Z3 pagetemplates in Zope

- BasePlugin: The listInterfaces method only considered the old-style
__implements__ machinery when determining interfaces provided by
a plugin instance.

- ZODBUserManager: Already encrypted passwords were encrypted again in
addUser and updateUserPassword.

- Made sure the emergency user via HTTP basic auth always wins, no matter
how borken the plugin landscape.


- cleaned up code in CookieAuthHelper which allowed the form to override
login/password if a cookie had already been set.

- Removed some BBB code for Zope versions < 2.8, which is not needed
since we require Zope > 2.8.5 nowadays.

PluggableAuthService 1.4 (2006/08/28)

Bugs Fixed

- Extended the DomainAuthHelper to function as its own extraction
plugin, to allow for the case that another extractor is registered,
but does not return any credentials.

- Re-worded parts of the README so they don't point to specific or
non-existing files ( and

PluggableAuthService 1.4-beta (2006/08/07)

Features Added

- Created a "Configured PAS" entry in the ZMI add list, which
allows creating a PAS using base and extension GenericSetup profiles
registered for IPluggableAuthService. This entry should eventually
replace the "stock" PAS entry (assuming that we make GenericSetup
a "hard" dependency).

- Added an "empty" GenericSetup profile, which creates a PAS containing
only a plugin registry and a setup tool.

Bugs Fixed

- Repaired the "simple" GenericSetup profile to be useful, rather than
catastrophic, to apply: it now creates and registers a set of
ZODB-based user / group / role plugins, along with a basic auth

- ZODBUserManager: Extend the "notional IZODBUserManager interface"
with the left-out updateUser facility and a corresponding
manage_updateUser method for ZMI use. Removed any responsibility
for updating a user's login from the updateUserPassword and
manage_updateUserPassword methods. This fixes the breakage
described in the collector issue below, and makes the ZMI view
for updating users work in a sane way.

- CookieAuthHelper: If expireCookie was called and extractCredentials
was hit in the same request, the CookieAuthHelper would throw an
exception (


- Added a DEPENDENCIES.txt. (

PluggableAuthService 1.3 (2006/06/09)

No changes from version 1.3-beta

PluggableAuthService 1.3-beta (2006/06/03)


- Modify CookieAuthHelper to prefer __ac form variables to the cookie
when extracting credentials.

PluggableAuthService 1.2 (2006/05/14)

Bugs Fixed

- Fix manage_zmi_logout which stopped working correctly as soon as the
PluggableAuthService product code was installed by correcting the
monkeypatch for it in

- Add missing interface for IPropertiedUser and tests


- Removed STX links from README.txt which do nothing but return
404s when clicked from the README on

- Fixing up inconsistent searching in the listAvailablePrincipals
method of the ZODBRoleManager and ZODBGroupManager plugins. Now both
constrain searches by ID.

- Convert from using zLOG to using the Python logging module.

PluggableAuthService 1.2-beta (2006/02/25)

New Features

- Added suppport for exporting / importing a PAS and its content via
the GenericSetup file export framework.

- Made ZODBRoleManager plugin check grants to the principal's groups,
as well as those made to the principal directly.

- Added two new interfaces, IChallengeProtocolChooser and
IRequestTypeSniffer. Those are used to select the 'authorization
protocol' or 'challenger protocol' to be used for challenging
according to the incoming request type.

Bugs Fixed

- Repaired warings appearing in Zope 2.8.5 due to a couple typos
in security declarations.

- Repaired DeprecationWarnings due to use of Zope2 interface verification.

- Repaired unit test breakage (unittest.TestCase instances have
'failUnless'/'failIf', rather than 'assertTrue'/'assertFalse').

- Fixed a couple more places where Zope 2-style ``__implements__``
were being used to standardize on using ``classImplements``.

- Fixed fallback implementations of ``providedBy`` and
``implementedBy`` to always return a tuple.

- Make sure challenge doesn't break if existing instances of the
PluginRegistry don't yet have ``IChallengeProtocolChooser`` as a
registered interface. (Would be nice to have some sort of
migration for the PluginRegistry between PAS releases)

- Don't assume that just because zope.interface can be imported
that Five is present.

PluggableAuthService 1.1b2 (2005/07/14)

Bugs Fixed

- Repaired a missing 'nocall:' in the Interfaces activation form.

PluggableAuthService 1.1b1 (2005/07/06)

New Features

- PAS-level id mangling is no more. All (optional) mangling is now
done on a per-plugin basis.

- Interfaces used by PAS are now usable in both Zope 2.7 and 2.8
(Five compatible)

PluggableAuthService 1.0.5 (2005/01/31)

Bugs Fixed

- Simplified detection of the product directory using 'package_home'.

- Set a default value for the 'login' attribute of a PAS, to avoid

PluggableAuthService 1.0.4 (2005/01/27)

Features Added

- Made 'Extensions' a package, to allow importing its scripts
as modules.

- Declared new 'IPluggableAuthService' interface, describing additional
PAS-specific API.

- Exposed PAS' 'resetCredentials' and 'updateCredentials' as public

- Monkey-patch ZMI's logout to invoke PAS' 'resetCredentials', if

- CookieAuth plugin now encodes and decodes cookies in the same
format as CookieCrumbler to provide compatibility between
sites running PAS and CC.

- Add a publicly callable "logout" method on the PluggableAuthService
instance that will call resetCredentials on all activated
ICredentialsRest plugins, thus effecting a logout.

- Enabled the usage of the CookieAuthHelper login screen functionality
without actually using the CookieAuthHelper to maintain the
credentials store in its own auth cookie by ensuring that only
active updateCredentials plugins are informed about a successful
login so they can store the credentials.

- Added a _getPAS method to the BasePlugin base class to be used
as the canonical way of getting at the PAS instance from within

- Group and user plugins can now specify their own title for a
principal entry (PAS will not compute one if they do).

- PAS and/or plugins can now take advantage of caching using the
Zope ZCacheable framework with RAM Cache Managers. See
doc/caching.stx for the details.

Bugs Fixed

- Make 'getUserById' pass the 'login' to '_findUser', so that
the returned user object can answer 'getUserName' sanely.

- Harden 'logout' against missing HTTP_REFERRER.

- Avoid triggering "Emergency user cannot own" when adding a
CookieAuthHelper plugin as that user.

- Detect and prevent recursive redirecting in the CookieAuthHelper
if the login_form cannot be reached by the Anonymous User.

- Made logging when swallowing exceptions much less noisy (they
*don't* necessarily require attention).

- Clarified interface of IAuthenticationPlugin, which should return
None rather than raising an exception if asked to authenticate an
unknown principal; adjusted ZODBUserManager accordingly.

- Don't log an error in zodb_user_plugin's authenticateCredentials
if we don't have a record for a particular username, just return None.

- If an IAuthenticationPlugin returns None instead of a tuple
from authenticateCredentials, don't log a tuple-unpack error in PAS

PluggableAuthService 1.0.3 (2004/10/16)

Bugs Fixed

- Implemented support for issuing challenges via IChallengePlugins.

- three challenge styles in particular:

- HTTP Basic Auth

- CookieCrumbler-like redirection

- Inline authentication form

- Made unit tests pass when run with cAccessControl.

- plugins/ don't claim authority for 'Authenticated'
or 'Anonymous' roles, which are managed by PAS.

- plugins/ don't freak out if a previously assigned
principal goes away.

- plugins/ don't freek out if a previously assigned
principal goes away.

- plugins/ plugin now uses AuthEncoding for its
password encryption so that we can more easily support migrating
existing UserFolders. Since PAS has been out for a while,
though, we still will authenticate against old credentials

- Repaired arrow images in two-list ZMI views.

- searchPrincipals will work for exact matches when a plugin supports
both 'enumerateUsers' and 'enumerateGroups'.

- 'Authenticated' Role is now added dynamically by the
PluggableAuthService, not by any role manager

- Added WARNING-level logs with tracebacks for all swallowed
plugin exceptions, so that you notice that there is something
wrong with the plugins.

- All authenticateCredentials() returned a single None when they
could not authenticate, although all calls expected a tuple.

- The user id in extract user now calls _verifyUser to get the ID
mangled by the enumeration plugin, instead of mangling it with the
authentication ID, thereby allowing the authentication and
enumeration plugins to be different plugins.

PluggableAuthService 1.0.2 (2004/07/15)

Bugs Fixed

- ZODBRoleManager and ZODBGroupManager needed the "two_lists" view,
and associated images, which migrated to the PluginRegsitry product
when they split; restored them.

PluggableAuthService 1.0.1 (2004/05/18)

Bugs Fixed

- CookieAuth plugin didn't successfully set cookies (first, because
of a NameError, then, due to a glitch with long lines).

- Missing ZPL in most modules.

PluggableAuthService 1.0 (2004/04/29)

- Initial release

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
Products.PluggableAuthService- (135.8 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page