Skip to main content

Pluggable Zope2 authentication / authorization framework

Project description

This product defines a fully-pluggable user folder, intended for use in all Zope sites.

Manual Installation

If you want to install this package manually, without using setuptools, simply untar the package file downloaded from the PyPI site and look for the folder named “PluggableAuthService” underneath the “Products” folder at the root of the extracted tarball. Copy or link this “PluggableAuthService” folder into your Zope “Products” folder and restart Zope.


Please see the files under doc/ in the packaged software for more information, and consult the interfaces files under interfaces/ in the software package for PluggableAuthService and plugin APIs.

PluggableAuthService changelog

PluggableAuthService 1.6.1 (2008-11-20)

  • Launchpad #273680: Avoid expensive / incorrect dive into ‘enumerateUsers’ when trying to validate w/o either a real ID or login.
  • Launchpad #300321: ZODBGroupManager.enumerateGroups failed to find groups with unicode IDs.

PluggableAuthService 1.6 (2008-08-05)

  • Fixed another deprecation for manage_afterAdd occurring when used together with Five (this time for the ZODBRoleManager class).
  • Ensure the _findUser cache is invalidated if the roles or groups for a principal change.
  • Launchpad #15569586: docstring fix.
  • Factored out ‘filter’ logic into separate classes; added filters for ‘startswith’ test and (if the IPy module is present) IP-range tests. See .
  • Zope 2.12 compatibility - removed Interface.Implements import if zope.interface available.
  • Ensure ZODBRoleManagerExportImport doesn’t fail if it tries to add a role that already exists (idempotence is desirable in GS importers)
  • Fixed tests so they run with Zope 2.11.
  • Split up large permission tests into individual tests.
  • Fixed deprecation warning occurring when used together with Five. (manage_afterAdd got undeprecated.)
  • Added buildout.

PluggableAuthService 1.5.3 (2008-02-06)

  • ZODBUserManager plugin: allow unicode arguments to ‘enumerateUsers’. (
  • plugins/ZODBRoleManager: added logging in case searchPrincipial() returning more than one result (which might happen in case of having duplicate id within difference user sources)

PluggableAuthService 1.5.2 (2007-11-28)

  • DomainAuthHelper plugin: fix glitch for plugins which have never configured any “default” policy: ‘authenticateCredentials’ and ‘getRolesForPrincipal’ would raise ValueError. (

PluggableAuthService 1.5.1 (2007-09-11)

  • PluggableAuthService._verifyUser: changed to use exact_match to the enumerator, otherwise a user with login ‘foobar’ might get returned by _verifyUser for a query for login=’foo’ because the enumerator happened to return ‘foobar’ first in the results.
  • Add a test for manage_zmi_logout and replace a call to isImplementedBy with providedBy. (

PluggableAuthService 1.5 (2006-06-17)

  • Add support for property plugins returning an IPropertySheet to PropertiedUser. Added addPropertysheet to the IPropertiedUser.
  • Added a method to the IRoleAssignerPlugin to remove roles from a principal, and an implementation for it on the ZODBRoleManager. (
  • Added events infrastructure. Enabled new IPrincipalCreatedEvent and ICredentialsUpdatedEvent events.
  • Added support for registering plugin types via ZCML.
  • Implemented authentication caching in _extractUserIds.
  • Ported standard user folder tests from the AccessControl test suite.
  • Passwords with “:” characters would break authentication (
  • Corrected documented software dependencies
  • Converted to publishable security sensitive methods to only accept POST requests to prevent XSS attacks. See and
  • Fixed issue in the user search filter where unrecognized keyword arguments were ignored resulting in duplicate search entries. (
  • Made sure the Extensions.upgrade script does not commit full transactions but only sets (optimistic) savepoints. Removed bogus Zope 2.7 compatibility in the process. (
  • Made the CookieAuthHelper only use the ‘__ac_name’ field if ‘__ac_password’ is also present. This fixes a login problem for CMF sites where the login name was remembered between sessions with an ‘__ac_name’ cookie.
  • Made the DomainAuthHelper return the remote address, even it the remote host is not available (
  • Fixed bug in DelegatingMultiPlugin which attempted to validate the supplied password directly against the user password - updated to use AuthEncoding.pw_validate to handle encoding issues
  • Fixed serious security hole in DelegatingMultiPlugin which allowed Authentication if the EmergencyUser login was passed in. Added password validation utilizing AuthEncoding.pw_validate
  • Fixed a set of tests that tested values computed from dictionaries and could break since dictionaries are not guaranteed to have any sort order.
  • Fixed test breakage induced by use of Z3 pagetemplates in Zope 2.10+.
  • BasePlugin: The listInterfaces method only considered the old-style __implements__ machinery when determining interfaces provided by a plugin instance.
  • ZODBUserManager: Already encrypted passwords were encrypted again in addUser and updateUserPassword. (
  • Made sure the emergency user via HTTP basic auth always wins, no matter how borken the plugin landscape.
  • cleaned up code in CookieAuthHelper which allowed the form to override login/password if a cookie had already been set.
  • Removed some BBB code for Zope versions < 2.8, which is not needed since we require Zope > 2.8.5 nowadays.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Products.PluggableAuthService-1.6.1.tar.gz (135.8 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page