[Zope] Custom authentication that avoids login screens

Dieter Maurer dieter@handshake.de
Tue, 19 Nov 2002 23:03:41 +0100


Felix Ulrich-Oltean writes:
 > ... automatic login ...
 > <code>
 > req = context.REQUEST
 > if req.has_key('came_from') and req['came_from']:
 >     dest = req.resolve_url(req['came_from'])
 >     req.set('__ac_user', 'bob')
 >     req.set('__ac_password', 'builder')
 >     return dest(REQUEST=req)
 > else:
 >     raise AttributeError, "Didn't know where you came from."
 > </code>
 > 
 > This doesn't work - I'm guessing there's at least 2 problems:
The code above has in fact lots of problems, though not necessary
the ones you describe:

  *  authentication is not done when an object is called
     but at the end of traversal.
     It is finish when the above code is executed.
     That you set the login variables has no effect

  *  The way you call "dest" is wrong in general.
     The necessary parameters are determined by "dest"'s type.
     No standard type what's a single "REQUEST" keyword argument.

Make a redirect instead (this exposes the login information in
a query string) or call the appropriate "authenticate" method
(look at the CookieCrumber methods).


Dieter