how to change to another authenticated user programmatically?
Hello: I am working on an application where users register themselves. That is, there will be a registrar username and password that is sent out to all prospective users via email. The only thing the registrar can do is add a user. The most convenient thing would be for the user to log in as the registrar, add himself as a user, and then the application woud immediately recognize him as *the new user* from then on, without the user having to exit the browser, restart it, and login as the new user. The new user is added using the standard _addUser() function on the user folder, so it is a valid Zope user. Does anyone know how to change the current AUTHENTICATED_USER programmatically? That is, the "user" object in my ZPTs would thereafter be the *new* user, not the registrar? Alternative number two is to force the user to reauthenticate-- somehow get the browser to popup a login screen where the user can type in the new username and password. This might be easier, b/c it is simply a matter of sending back the appropriate HTTP Header and status codes, right? Thanks in advance! --Craeg
Am Die, 2002-09-24 um 19.41 schrieb Craeg K Strong:
Alternative number two is to force the user to reauthenticate-- somehow get the browser to popup a login screen where the user can type in the new username and password. This might be easier, b/c it is simply a matter of sending back the appropriate HTTP Header and status codes, right? Create an object/page that is viewable by all users except the registrar user. Redirect the user to it.
Andreas -- Andreas Kostyrka <andreas@kostyrka.priv.at>
Hello: This is a great idea! Even better, it is very easy to implement. Brilliant. We will do it this way. Many thanks to all who responded. zope-dev rocks :) --Craeg Andreas Kostyrka wrote:
Am Die, 2002-09-24 um 19.41 schrieb Craeg K Strong:
Alternative number two is to force the user to reauthenticate-- somehow get the browser to popup a login screen where the user can type in the new username and password. This might be easier, b/c it is simply a matter of sending back the appropriate HTTP Header and status codes, right?
Create an object/page that is viewable by all users except the registrar user. Redirect the user to it.
Andreas
From: "Craeg K Strong" <cstrong@arielpartners.com>
Does anyone know how to change the current AUTHENTICATED_USER programmatically?
This may be possible with cookie based authentication.
Craeg K Strong wrote:
I am working on an application where users register themselves. That is, there will be a registrar username and password that is sent out to all prospective users via email.
The only thing the registrar can do is add a user.
Not sure why you can't just mail out actual user details if the first and only thing a registrar does is register themselves...
The most convenient thing would be for the user to log in as the registrar, add himself as a user, and then the application woud immediately recognize him as *the new user* from then on, without the user having to exit the browser, restart it, and login as the new user.
...but take a look at the CMF, which might have some functions ot help you here. That said both Andreas and Lennart's suggestions are sound :-) cheers, Chris
Am Mit, 2002-09-25 um 09.27 schrieb Chris Withers:
Craeg K Strong wrote:
I am working on an application where users register themselves. That is, there will be a registrar username and password that is sent out to all prospective users via email.
The only thing the registrar can do is add a user.
Not sure why you can't just mail out actual user details if the first and only thing a registrar does is register themselves... Or even better: Do not authenticate the users, instead provide a method that has the Proxy rules set, and check the password inside the method.
Andreas -- Andreas Kostyrka <andreas@kostyrka.priv.at>
participants (4)
-
Andreas Kostyrka -
Chris Withers -
Craeg K Strong -
Lennart Regebro