added viewlet manager for html head containing JavaScript basic auth …

…logout and redirect
zopefoundation · Mar 13, 2009 · 9c3385b · 9c3385b
1 parent 81469e9
commit 9c3385b
Show file tree

Hide file tree

Showing 8 changed files with 222 additions and 77 deletions.
diff --git a/src/z3c/layer/pagelet/browser/auth.py b/src/z3c/layer/pagelet/browser/auth.py
@@ -33,6 +33,14 @@
 _ = zope.i18nmessageid.MessageFactory("z3c")
 
 
+class ILoginLogoutHeadViewletManager(zope.viewlet.interfaces.IViewletManager):
+    """ViewletManager for supporting header contents (e. g. JavaScript)."""
+
+
+LoginLogoutHeadViewletManager = zope.viewlet.manager.ViewletManager(
+    'login-logout-head', ILoginLogoutHeadViewletManager)
+
+
 class ILoginLogoutViewletManager(zope.viewlet.interfaces.IViewletManager):
     """ViewletManager for login and logout viewlets."""
 

diff --git a/src/z3c/layer/pagelet/browser/logout_head.pt b/src/z3c/layer/pagelet/browser/logout_head.pt
@@ -0,0 +1,16 @@
+<script type="text/javascript"><!--
+  // clear HTTP Authentication
+  try {
+    if (window.XMLHttpRequest) {
+      var xmlhttp = new XMLHttpRequest();
+      // Send invalid credentials, then abort
+      xmlhttp.open("GET", "@@", true, "logout", "logout");
+      xmlhttp.send("");
+      xmlhttp.abort();
+    } else if (document.execCommand) {
+      // IE specific command
+      document.execCommand("ClearAuthenticationCache");
+    }
+  } catch(e) { }
+  //-->
+</script>
diff --git a/src/z3c/layer/pagelet/browser/redirect_head.pt b/src/z3c/layer/pagelet/browser/redirect_head.pt
@@ -0,0 +1,2 @@
+<meta http-equiv="refresh" content="0;url=./"
+      tal:attributes="content string:0;;url=${request/nextURL}" />
diff --git a/src/z3c/layer/pagelet/browser/zope.app.security.browser.zcml b/src/z3c/layer/pagelet/browser/zope.app.security.browser.zcml
@@ -4,122 +4,167 @@
    xmlns:z3c="http://namespaces.zope.org/z3c"
    i18n_domain="z3c">
 
-  <!-- viewlets for login and logout links -->
+  <!-- viewlets in head tag supporting login and logout
+       (viewlets are defined together with the pagelets below) -->
+  <browser:viewletManager
+     provides=".auth.ILoginLogoutHeadViewletManager"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     name="login-logout-head"
+     class=".auth.LoginLogoutHeadViewletManager"
+     permission="zope.Public"
+     />
+
+  <!-- viewlet manager and viewlets for login and logout links -->
   <browser:viewletManager
-     name="login-logout"
      provides=".auth.ILoginLogoutViewletManager"
-     class=".auth.LoginLogoutViewletManager"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     name="login-logout"
+     class=".auth.LoginLogoutViewletManager"
      permission="zope.Public"
      />
 
   <browser:viewlet
      manager=".auth.ILoginLogoutViewletManager"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      name="Login"
-     for="*"
      class=".auth.LoginViewlet"
      permission="zope.Public"
-     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      weight="1"
      viewName="@@login.html"
      />
 
   <browser:viewlet
      manager=".auth.ILoginLogoutViewletManager"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      name="Logout"
-     for="*"
      class=".auth.LogoutViewlet"
      permission="zope.Public"
-     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      weight="2"
      viewName="@@logout.html"
      />
 
+  <!-- login page (executing login and redirecting user) -->
   <browser:page
-     name="logout.html"
      for="*"
-     class=".auth.HTTPAuthenticationLogout"
-     attribute="logout"
-     permission="zope.Public"
-     allowed_interface="zope.app.publisher.interfaces.http.ILogout"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
-     />
-
-  <browser:page
      name="login.html"
-     for="*"
      class=".auth.HTTPAuthenticationLogin"
      attribute="login"
-     permission="zope.Public"
      allowed_interface="zope.app.publisher.interfaces.http.ILogin"
+     permission="zope.Public"
+     />
+
+  <!-- login form for session credentials  -->
+  <z3c:pagelet
+     for="*"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     name="loginForm.html"
+     class=".auth.SessionCredentialsLoginForm"
+     permission="zope.Public"
      />
 
+  <z3c:template
+     for=".auth.SessionCredentialsLoginForm"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     template="session_cred_loginform.pt"
+     />
+
+  <!-- login failed -->
   <z3c:pagelet
+     for=".auth.HTTPAuthenticationLogin"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      name="login_failed.html"
      class=".auth.LoginFailedPagelet"
      permission="zope.Public"
-     for=".auth.HTTPAuthenticationLogin"
      />
 
   <z3c:template
      for=".auth.LoginFailedPagelet"
-     template="login_failed.pt"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     template="login_failed.pt"
      />
 
+  <!-- login success confirmation -->
   <z3c:pagelet
+     for=".auth.HTTPAuthenticationLogin"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      name="login_success.html"
      class=".auth.LoginSuccessfulPagelet"
      permission="zope.Public"
-     for=".auth.HTTPAuthenticationLogin"
      />
 
   <z3c:template
      for=".auth.LoginSuccessfulPagelet"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      template="login_success.pt"
+     />
+
+  <!-- logout page (executing logout and redirecting user) -->
+  <browser:page
+     for="*"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     name="logout.html"
+     class=".auth.HTTPAuthenticationLogout"
+     attribute="logout"
+     allowed_interface="zope.app.publisher.interfaces.http.ILogout"
+     permission="zope.Public"
      />
 
+  <!-- redirecting logout confirmation -->
   <z3c:pagelet
+     for=".auth.HTTPAuthenticationLogout"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      name="redirect.html"
      class=".auth.LogoutRedirectPagelet"
      permission="zope.Public"
-     for=".auth.HTTPAuthenticationLogout"
      />
 
   <z3c:template
      for=".auth.LogoutRedirectPagelet"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      template="redirect.pt"
+     />
+
+  <browser:viewlet
+     manager=".auth.ILoginLogoutHeadViewletManager"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     view=".auth.LogoutRedirectPagelet"
+     name="Redirect"
+     template="redirect_head.pt"
+     permission="zope.Public"
+     />
+
+  <browser:viewlet
+     manager=".auth.ILoginLogoutHeadViewletManager"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     view=".auth.LogoutRedirectPagelet"
+     name="Logout"
+     template="logout_head.pt"
+     permission="zope.Public"
      />
 
+  <!-- not redirecting logout confirmation -->
   <z3c:pagelet
+     for=".auth.HTTPAuthenticationLogout"
+     layer="z3c.layer.pagelet.IPageletBrowserLayer"
      name="logout_success.html"
      class=".auth.LogoutSuccessPagelet"
      permission="zope.Public"
-     for=".auth.HTTPAuthenticationLogout"
      />
 
   <z3c:template
      for=".auth.LogoutSuccessPagelet"
-     template="logout.pt"
-     layer="z3c.layer.pagelet.IPageletBrowserLayer"
-     />
-
-  <!-- login form for session credentials  -->
-  <z3c:pagelet
-     name="loginForm.html"
-     for="*"
-     class=".auth.SessionCredentialsLoginForm"
-     permission="zope.Public"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
+     template="logout.pt"
      />
 
-  <z3c:template
-     for=".auth.SessionCredentialsLoginForm"
+  <browser:viewlet
+     manager=".auth.ILoginLogoutHeadViewletManager"
      layer="z3c.layer.pagelet.IPageletBrowserLayer"
-     template="session_cred_loginform.pt"
+     view=".auth.LogoutSuccessPagelet"
+     name="Logout"
+     template="logout_head.pt"
+     permission="zope.Public"
      />
 
 </configure>