Helpful hints on figuring this whole thing out: 1) view RFC's on HTTP protocol with emphasis on http status codes 2) google search on 'WWW-Authenticate' aka basic http authentication Using manage_zmi_logout and the zope HelpSys docs, I've come up with this script. Play with it: ## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE response.setHeader('Content-Type','text/html') print "<html><head><title>authtest</title><body><p>" print "you are " + request['AUTHENTICATED_USER'].getUserName() if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': print "Trying to authenticate..." response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1) print "</p></body></html>" return printed #end script Troy Andreas Pakulat wrote:
On 05.Mai 2003 - 12:29:12, Paavo Parkkinen wrote:
On Mon, 05.05.2003 at 11:19 +0200, Andreas Pakulat wrote:
On 03.Mai 2003 - 17:38:10, Troy Farrell wrote:
Look in the source for 'manage_zmi_logout' in=20 zopedir/lib/python/App/Management.py
=20 That doesn't help me much, I see that I can call manage_zmi_logout to logout the user, but how do I get him to log in?
=20 I believe manage_zmi_logout opens the login pop-up window.
Yeah, that's right, but either using the function or copying some of its content, doesn't give me a proper login-message. I see such a message, but whatever I type, I get a "could not authenticate"! I also don't have enough knowledge about the Status and Header-Info that is set in the function, so if somebody could point me to a tutorial or sth. else that explains what the different status and headers in an HTTP-Response are, it would help me much.
I don't think that I can do it with such a message box, as far as I can see, this can only be done, by setting the permissions on the file. But this doesn't work for me, as anybody should be able to view a certain page, but only logged in users should see a link that points to an edit-form =20 So the question is, which method to call if I have a username and a password, I didn't find anything in the UserFolder API. I will try to look further on the source of the API, but maybe someone can directly point me to the right spot.
=20 We had a similar problem, and we used the CookieCrumbler product. It doesn't open a pop-up window to login, but you can use a custom login form.
So you used cookies to authenticate users? That is not possible within my project, I need to authenticate against the Zope-Userdatabase.
It could theoretically be done, if I can get a User/SimpleUser Object =66rom having a username, but it seems that I cannot get this. The functions of the UserFolder Object are all restricted to UserManagers, and an Unauthorized User isn't a UserManager.
It could theoretically be done, if I can get a User/SimpleUser Object =66rom having a username, but it seems that I cannot get this. The functions of the UserFolder Object are all restricted to UserManagers, and an Unauthorized User isn't a UserManager.
Andreas
-- Fine day to work off excess energy. Steal something heavy.