[Zope] create Login/Logout functionality

Andreas Pakulat ap125@informatik.uni-rostock.de
Mon, 05 May 2003 18:19:26 +0200

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 05.Mai 2003 - 10:41:11, Troy Farrell wrote:
> Helpful hints on figuring this whole thing out:
> 1) view RFC's on HTTP protocol with emphasis on http status codes
> 2) google search on 'WWW-Authenticate' aka basic http authentication

Yeah and I did find the info, but it didn't help me very much. I did
not understand everything, but I thought it would be enough to have a
script which sets the response to 401 and the header to
WWW-Authentication?! But this didn't work, the message box was repeated
over and over again, even though I typed the correct username and
password. The only thing I see, why this happens is that users are only
searched for in the first User Folder Zope finds when looking upwards
=66rom the current location. Is this true?

> Using manage_zmi_logout and the zope HelpSys docs, I've come up with=20
> this script.  Play with it:
> ## Script (Python) "authtest"
> ##bind container=3Dcontainer
> ##bind context=3Dcontext
> ##bind namespace=3D
> ##bind script=3Dscript
> ##bind subpath=3Dtraverse_subpath
> ##parameters=3D
> ##title=3D
> ##
> request =3D container.REQUEST
> response =3D  request.RESPONSE
> response.setHeader('Content-Type','text/html')
> print "<html><head><title>authtest</title><body><p>"
> print "you are " + request['AUTHENTICATED_USER'].getUserName()
> if request.get('AUTHENTICATED_USER').getUserName() =3D=3D 'Anonymous User=
>   print "Trying to authenticate..."
>   response.setStatus('Unauthorized')
>   response.setHeader('WWW-Authenticate', 'basic realm=3D"Zope"', 1)
> print "</p></body></html>"
> return printed
> #end script

I'll try that in a minute, but I also found the Product LoginManager.
And I've installed it on my Debian box, but it doesn't work for me. I
replaced the acl_users Folder with a LoginManager object and did nothing
more. Now if I use the standard LoginForm I can type what I want, I
never get authenticated. Also the logoutForm doesn't work, it calls
AUTHENTICATED_USER.logout() which Zope cannot find? Is LoginManager too
old to be used with Zope 2.6?


You have a truly strong individuality.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)