html form authentication
Hello, I want to authenticate users from acl_users with my own HTML form and a python script. I can't use user._getPassword() because it's an internal method. and it seems user.authenticate function calls browser authentication again. How could I achieve this? This is the code I use: *************** ZPT "form" *************** ... <form action="login" method="post"> <table class="form"> <tbody> <tr> <th class="text">Name: </th> <td><input name="user" size="12" maxlength="12" value=""></td> </tr> <tr> <th class="text">Password: </th> <td><input name="password" type="password" size="12" maxlength="8" value=""></td> </tr> <tr><td> </td></tr> <tr> <td align="center"> <input type="reset" value="Clean"> </td> <td align="center"> <input type="SUBMIT" value="Submit"> </td> </tr> </tbody> </table> </form> ... ********************************************* *************** Script (Python) "login" *************** request = container.REQUEST RESPONSE = request.RESPONSE user = container.acl_users.getUser(request.user) try: if user.authenticate('the_password', request): print 'OK' else: print 'FAILED' except AttributeError: print 'User doesn\' exist' return printed ********************************************* Thanks in advance, Iñigo
use the CookieCrumber product (-> search zope.org) to do cookie-based authentication. do not attempt to "hand-roll" authentication by calling methods on the user folder. it will not work. jens On Sunday, Mar 30, 2003, at 10:58 US/Eastern, Iñigo Serna wrote:
Hello,
I want to authenticate users from acl_users with my own HTML form and a python script. I can't use user._getPassword() because it's an internal method. and it seems user.authenticate function calls browser authentication again. How could I achieve this?
This is the code I use:
*************** ZPT "form" *************** ... <form action="login" method="post"> <table class="form"> <tbody> <tr> <th class="text">Name: </th> <td><input name="user" size="12" maxlength="12" value=""></td> </tr> <tr> <th class="text">Password: </th> <td><input name="password" type="password" size="12" maxlength="8" value=""></td> </tr> <tr><td> </td></tr> <tr> <td align="center"> <input type="reset" value="Clean"> </td> <td align="center"> <input type="SUBMIT" value="Submit"> </td> </tr> </tbody> </table> </form> ... *********************************************
*************** Script (Python) "login" *************** request = container.REQUEST RESPONSE = request.RESPONSE user = container.acl_users.getUser(request.user) try: if user.authenticate('the_password', request): print 'OK' else: print 'FAILED' except AttributeError: print 'User doesn\' exist' return printed *********************************************
Thanks in advance, Iñigo <signature.asc>
Perhaps it would be quite valuable to take CookieCrumbler or some equivalent and have it migrated into the official core (like the Core Session Manager was)? It seems enough people are looking for this feature... Regards, Eron On Sunday 30 March 2003 12:24 pm, Jens Vagelpohl wrote:
use the CookieCrumber product (-> search zope.org) to do cookie-based authentication. do not attempt to "hand-roll" authentication by calling methods on the user folder. it will not work.
jens
On Sunday, Mar 30, 2003, at 10:58 US/Eastern, Iñigo Serna wrote:
Hello,
I want to authenticate users from acl_users with my own HTML form and a python script. I can't use user._getPassword() because it's an internal method. and it seems user.authenticate function calls browser authentication again. How could I achieve this?
This is the code I use:
*************** ZPT "form" *************** ... <form action="login" method="post"> <table class="form"> <tbody> <tr> <th class="text">Name: </th> <td><input name="user" size="12" maxlength="12" value=""></td> </tr> <tr> <th class="text">Password: </th> <td><input name="password" type="password" size="12" maxlength="8" value=""></td> </tr> <tr><td> </td></tr> <tr> <td align="center"> <input type="reset" value="Clean"> </td> <td align="center"> <input type="SUBMIT" value="Submit"> </td> </tr> </tbody> </table> </form> ... *********************************************
*************** Script (Python) "login" *************** request = container.REQUEST RESPONSE = request.RESPONSE user = container.acl_users.getUser(request.user) try: if user.authenticate('the_password', request): print 'OK' else: print 'FAILED' except AttributeError: print 'User doesn\' exist' return printed *********************************************
Thanks in advance, Iñigo <signature.asc>
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) --- [This E-mail scanned for viruses by Declude Virus]
Thanks, CookieCrumbler is exactly what I need. I also looked at exUserFolder, but it seemed a bit complex for me, I'm just a YAN (Yet Another Newbie ;-). Thanks again, Iñigo El dom, 30 de 03 de 2003 a las 22:49, Eron Lloyd escribió:
Perhaps it would be quite valuable to take CookieCrumbler or some equivalent and have it migrated into the official core (like the Core Session Manager was)? It seems enough people are looking for this feature...
Regards,
Eron
On Sunday 30 March 2003 12:24 pm, Jens Vagelpohl wrote:
use the CookieCrumber product (-> search zope.org) to do cookie-based authentication. do not attempt to "hand-roll" authentication by calling methods on the user folder. it will not work.
jens
On Sunday, Mar 30, 2003, at 10:58 US/Eastern, Iñigo Serna wrote:
Hello,
I want to authenticate users from acl_users with my own HTML form and a python script. I can't use user._getPassword() because it's an internal method. and it seems user.authenticate function calls browser authentication again. How could I achieve this?
This is the code I use:
*************** ZPT "form" *************** ... <form action="login" method="post"> <table class="form"> <tbody> <tr> <th class="text">Name: </th> <td><input name="user" size="12" maxlength="12" value=""></td> </tr> <tr> <th class="text">Password: </th> <td><input name="password" type="password" size="12" maxlength="8" value=""></td> </tr> <tr><td> </td></tr> <tr> <td align="center"> <input type="reset" value="Clean"> </td> <td align="center"> <input type="SUBMIT" value="Submit"> </td> </tr> </tbody> </table> </form> ... *********************************************
*************** Script (Python) "login" *************** request = container.REQUEST RESPONSE = request.RESPONSE user = container.acl_users.getUser(request.user) try: if user.authenticate('the_password', request): print 'OK' else: print 'FAILED' except AttributeError: print 'User doesn\' exist' return printed *********************************************
Thanks in advance, Iñigo <signature.asc>
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) --- [This E-mail scanned for viruses by Declude Virus]
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Iñigo Serna <inigoserna@terra.es> Katxijasotzaileak
Don't reinvent the wheel to do your own authentication. Check exUserFolder: a very flexible product for implementing alternative authentication methods. -- Luciano On domingo, mar 30, 2003, at 12:58 America/Sao_Paulo, Iñigo Serna wrote:
Hello,
I want to authenticate users from acl_users with my own HTML form and a python script. I can't use user._getPassword() because it's an internal method. and it seems user.authenticate function calls browser authentication again. How could I achieve this?
participants (4)
-
Eron Lloyd -
Iñigo Serna -
Jens Vagelpohl -
Luciano Ramalho