[Zope-CMF] CMF Authentication process

Kevin Carlson khcarlso@bellsouth.net
Thu, 16 May 2002 00:02:17 -0400


Hi,

Where does user authentication actually happen within CMF?  It looks as if
after the user completes the login_form and posts to logged_in that the user
is somehow magically authenticated.  I can find no calls to the
User.authenticate method anywhere...

The logged_in form calls "portal_skins.updateSkinCookie()" and
"setupCurrentSkin" in the first few lines of its code, and reading the
source for these functions I cannot find a place where it is doing the
authentication of the user.  It appears that there is a call to
getAuthenticatedUser before there was ever a chance to authenticate!  I know
I'm wrong about this because the CMF is doing user authentication -- I just
can't figure out where it's happening.

Can anyone explain or point me to some doc on this?

Thanks,

Kevin