[Zope] create Login/Logout functionality

Troy Farrell troy@entheossoft.com
Mon, 05 May 2003 10:41:11 -0500


Helpful hints on figuring this whole thing out:
1) view RFC's on HTTP protocol with emphasis on http status codes
2) google search on 'WWW-Authenticate' aka basic http authentication

Using manage_zmi_logout and the zope HelpSys docs, I've come up with 
this script.  Play with it:

## Script (Python) "authtest"
##bind container=container
##bind context=context
##bind namespace=
##bind script=script
##bind subpath=traverse_subpath
##parameters=
##title=
##
request = container.REQUEST
response =  request.RESPONSE

response.setHeader('Content-Type','text/html')

print "<html><head><title>authtest</title><body><p>"

print "you are " + request['AUTHENTICATED_USER'].getUserName()

if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User':
   print "Trying to authenticate..."
   response.setStatus('Unauthorized')
   response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1)

print "</p></body></html>"
return printed

#end script

Troy

Andreas Pakulat wrote:
> On 05.Mai 2003 - 12:29:12, Paavo Parkkinen wrote:
> 
>>On Mon, 05.05.2003 at 11:19 +0200, Andreas Pakulat wrote:
>>
>>>On 03.Mai 2003 - 17:38:10, Troy Farrell wrote:
>>>
>>>>Look in the source for 'manage_zmi_logout' in=20
>>>>zopedir/lib/python/App/Management.py
>>>
>>>=20
>>>That doesn't help me much, I see that I can call manage_zmi_logout to
>>>logout the user, but how do I get him to log in?
>>
>>=20
>>I believe manage_zmi_logout opens the login pop-up window.
> 
> 
> Yeah, that's right, but either using the function or copying some of its
> content, doesn't give me a proper login-message. I see such a message,
> but whatever I type, I get a "could not authenticate"! I also don't have
> enough knowledge about the Status and Header-Info that is set in the
> function, so if somebody could point me to a tutorial or sth. else that
> explains what the different status and headers in an HTTP-Response are,
> it would help me much.
> 
> 
>>>I don't think that I can do it with such a message box, as far as I can
>>>see, this can only be done, by setting the permissions on the file. But
>>>this doesn't work for me, as anybody should be able to view a certain
>>>page, but only logged in users should see a link that points to an
>>>edit-form
>>>=20
>>>So the question is, which method to call if I have a username and a
>>>password, I didn't find anything in the UserFolder API. I will try to
>>>look further on the source of the API, but maybe someone can directly
>>>point me to the right spot.
>>
>>=20
>>We had a similar problem, and we used the CookieCrumbler product. It
>>doesn't open a pop-up window to login, but you can use a custom login
>>form.
> 
> 
> So you used cookies to authenticate users? That is not possible within
> my project, I need to authenticate against the Zope-Userdatabase.
> 
> It could theoretically be done, if I can get a User/SimpleUser Object
> =66rom having a username, but it seems that I cannot get this. The
> functions of the UserFolder Object are all restricted to UserManagers,
> and an Unauthorized User isn't a UserManager.
> 
> It could theoretically be done, if I can get a User/SimpleUser Object
> =66rom having a username, but it seems that I cannot get this. The
> functions of the UserFolder Object are all restricted to UserManagers,
> and an Unauthorized User isn't a UserManager.
> 
> Andreas
> 
> --
> Fine day to work off excess energy.  Steal something heavy.
>