exUserFolder will not redirect to login page
Hi all. I have this problem with our zope based CMS system. No matter what i try I can not make the docLogin page appear when it should. If I go directly to it, it works fine, but otherwise the http auth poppup appears. I have started looking into exUserFolder, and putting in zLOG.LOG statements to try to figure out what is going on. The best description of what is _supposed_ to be going I have found is this: http://www.zope.org/Members/vladap/mysqlUserFolder/release-1.0.5/README Section -> "Zope authentication process" When i log just above "if user != None:" in validate at approx. line 1040 in exUserFolder.py I get: auth: None roles: None parent index.html user: Anonymous User I get this wether index html allows anonymous or not. Is this propper behavior? Where does roles come from? Should not that reflect the roles needed for access? If access is allowed all the other requests for images and so on have: auth: None roles: ('Manager', 'Anonymous') parent <bound method Image.id of <Image instance at 42aeb650>> user: Anonymous User I think our CMS has modified the permission system somewhat to allow access to some specific folders above acl_users, but I have not found those changes yet. (and the lead developer is very busy on something else, and don't remember) I don't know if this is relevant or not, either.. Anyway, it seems a crucial point must be towards the end of cookie_validate after "if not self.sessionTracking" at approx. line 930. If I override here and set roles = ('Manager'), i get to "raise 'LoginRequired'", and it seems like I should end up at acl_users/docLogin via docLoginRedirect.dtml, except that I go into a redirect loop because of the same override. Normally "if nobody.allowed(parent, roles):" is true, and "ob" is returned, which is 'Anonymous User', even if the file I am accessing is protected. Should not this be None in the last case? And if it returns anonymous, then who decides to ask the next acl_user upp the chain (who only knows http auth)? How about some way to trace down where roles come from? Am I on the right track here? I had a peek in ZPublisher/BaseRequest.py, but that only made me more confused.. All confused, and ready to give up now. Any and all explanations, tips, or good ideas appreciated. Regards Gaute Amundsen -- ----------------------------------------------------------------- Gaute Amundsen "Technology today is the campfire gaute@div.org around which we tell our stories. There's this attraction to light and to this kind of power, which is both warm and destructive." Laurie Anderson http://www.div.org --------------------------------------------------------------------
+-------[ Gaute Amundsen ]---------------------- | Hi all. | | I have this problem with our zope based CMS system. | No matter what i try I can not make the docLogin page appear when it should. | If I go directly to it, it works fine, but otherwise the http auth poppup | appears. I don't know what version of exUserFolder you're using, but, try looking in doc/UnenlightenedZopistasGuide.txt 5.0 TIPS FOR THE UNWARY Specifically section 5.1.1; 5.1.1 The problem When you try to access the folder, instead of getting the form, you get a popup box, even though you chose Cookie Authentication. Even when you enter a username and password it doesn't work. -- Andrew Milton akm@theinternet.com.au
On Friday 02 December 2005 04:31, Andrew Milton wrote:
+-------[ Gaute Amundsen ]----------------------
| Hi all. | | I have this problem with our zope based CMS system. | No matter what i try I can not make the docLogin page appear when it | should. If I go directly to it, it works fine, but otherwise the http | auth poppup appears.
I don't know what version of exUserFolder you're using, but, try looking in
exUserFolder-0-10-10
doc/UnenlightenedZopistasGuide.txt
5.0 TIPS FOR THE UNWARY
Specifically section 5.1.1;
5.1.1 The problem
When you try to access the folder, instead of getting the form, you get a popup box, even though you chose Cookie Authentication. Even when you enter a username and password it doesn't work.
I have been over that guide a few times after clues, but unfortunately this description only approximately fits my situations.
5.1.2 What happened
You tried to access an area you don't have access to. Zope found the closest user folder to the object you were trying to access. The user folder decided you were not authorized and tried to display the login form. You don't have access to view the login form, so Zope finds the nearest user folder to the login form, which is the user folder above the protected directory. It pops up the authentication dialog. If you put in a valid username and password for this top level, then lower level then displays the login form.
As I mention in the part you quote, I have no problem accessing acl_users/docLogin, or indeed logging in using cookies, when I go directly to this url. The problem is that when I go to a protected url I do not get redirected to docLogin, but controll is passed to the acl_users above, as described, and that acl_users only knows http auth. When I forced cookie_validate to return the redirect at the end, I did get the right docLogin as well, as far as I can see, except I got in that redirect loop because of same forcing. That should eliminate the above explanation pretty conclusively, I would think. (in adition to the fact that acl_users is way outside the protected area) As far as I can see that must mean that either something is going wrong in exUserFolder, or much more likely, that we are feeding it something bogus, or have previously modified it in some non-obvious way. My problem is that I have little idea what it is supposed to look like at different stages. Regards Gaute Amundsen -- -- ----------------------------------------------------------------- Gaute Amundsen "Technology today is the campfire gaute@div.org around which we tell our stories. There's this attraction to light and to this kind of power, which is both warm and destructive." Laurie Anderson http://www.div.org --------------------------------------------------------------------
+-------[ Gaute Amundsen ]---------------------- | On Friday 02 December 2005 04:31, Andrew Milton wrote: | > +-------[ Gaute Amundsen ]---------------------- | > | > | Hi all. | > | | > | I have this problem with our zope based CMS system. | > | No matter what i try I can not make the docLogin page appear when it | > | should. If I go directly to it, it works fine, but otherwise the http | > | auth poppup appears. | > | > I don't know what version of exUserFolder you're using, but, try looking in | | exUserFolder-0-10-10 On man, this is positively ancient. Move to 0.20.x or 0.50.x and try again. If you're already setup, I suggest moving to 0.20.x, since 0.50.x involved a code-reshuffle, and ZODB pickles don't like that so much :-) -- Andrew Milton akm@theinternet.com.au
Gaute Amundsen wrote:
As far as I can see that must mean that either something is going wrong in exUserFolder, or much more likely, that we are feeding it something bogus, or have previously modified it in some non-obvious way. My problem is that I have little idea what it is supposed to look like at different stages.
You could always use SimpleUserFolder and CookieCrumbler ;-) cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
On Friday 02 December 2005 10:45, Chris Withers wrote:
Gaute Amundsen wrote:
As far as I can see that must mean that either something is going wrong in exUserFolder, or much more likely, that we are feeding it something bogus, or have previously modified it in some non-obvious way. My problem is that I have little idea what it is supposed to look like at different stages.
You could always use SimpleUserFolder and CookieCrumbler ;-)
Good idea. Will give it a try. Even if only to try to isolate the problem. G. -- ----------------------------------------------------------------- Gaute Amundsen "Technology today is the campfire gaute@div.org around which we tell our stories. There's this attraction to light and to this kind of power, which is both warm and destructive." Laurie Anderson http://www.div.org --------------------------------------------------------------------
participants (3)
-
Andrew Milton -
Chris Withers -
Gaute Amundsen