change password through script messes up session
Hello all, I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script(Python). I'm using PAS and CookieCrumbler and the code is as follows: container.acl_users.users.manage_updateUserPassword(user['id'],password,password) This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing the password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then). Here is the error that's thrown in the logs: Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 468, in traverse Module ZPublisher.HTTPResponse, line 687, in unauthorized Unauthorized: <strong>You are not authorized to access this resource.</strong> So basically, I can't access any protected object until I log out and log back in. Anyone have any insight here? I've been trying to read the Plone source code to figure out how they do it but I can't get their code to work... I've been searching around for an answer to this all weekend but can't find anything :( Thanks for the help, - Teebes
IIRC CookieCrumbler just stores the username:password on the __ac cookie. You probably need to force it to set another cookie when you change the password, or move to a different implementation like plone.session that uses signed cookies and avoids the requirement to store the password on a cookie. Laurence Thibaud Morel l'Horset wrote:
Hello all,
I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script(Python). I'm using PAS and CookieCrumbler and the code is as follows: container.acl_users.users.manage_updateUserPassword(user['id'],password,password)
This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing the password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then).
Here is the error that's thrown in the logs:
Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 468, in traverse Module ZPublisher.HTTPResponse, line 687, in unauthorized
Unauthorized: <strong>You are not authorized to access this resource.</strong>
So basically, I can't access any protected object until I log out and log back in.
Anyone have any insight here? I've been trying to read the Plone source code to figure out how they do it but I can't get their code to work... I've been searching around for an answer to this all weekend but can't find anything :(
Thanks for the help,
- Teebes
------------------------------------------------------------------------
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Laurence Rowe wrote at 2008-10-6 09:52 -0400:
IIRC CookieCrumbler just stores the username:password on the __ac cookie. You probably need to force it to set another cookie when you change the password, or move to a different implementation like plone.session that uses signed cookies and avoids the requirement to store the password on a cookie.
PAS has a standard method to indicate that credentials have been changed ("updateCredentials" or something like this). If it is used (and the plugins set up correctly), then the "Unauthorized" should not happen -- provided the password change is at an appropriate place (the "updateCredentials" assumes to be called in the normal request -- not somewhere during traversal). -- Dieter
Hi, what I do: req=context.REQUEST context.acl_users.manage_users('Change', {'name':req['name'], 'password':req['pswd'], 'confirm':req['cpswd'], 'roles': req ['roles'], 'domains':''}) On Oct 6, 2008, at 3:48 AM, Thibaud Morel l'Horset wrote:
Hello all,
I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script (Python). I'm using PAS and CookieCrumbler and the code is as follows: container.acl_users.users.manage_updateUserPassword(user ['id'],password,password)
This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing the password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then).
Here is the error that's thrown in the logs: Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 468, in traverse Module ZPublisher.HTTPResponse, line 687, in unauthorized
Unauthorized: <strong>You are not authorized to access this resource.</strong>
So basically, I can't access any protected object until I log out and log back in.
Anyone have any insight here? I've been trying to read the Plone source code to figure out how they do it but I can't get their code to work... I've been searching around for an answer to this all weekend but can't find anything :(
Thanks for the help,
- Teebes _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
(Sun, Oct 05, 2008 at 09:48:20PM -0400) Thibaud Morel l'Horset wrote/schrieb/egrapse:
I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script(Python). I'm using PAS and CookieCrumbler and the code is as follows: container.acl_users.users.manage_updateUserPassword(user['id'],password,password)
This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing the password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then).
AFAIK this case is documented in the CC docs, also it's quite obvious from the CookieCrumbler API: You need to call its credentialsChanged method. Regards, Sascha
credentialsChanged did the trick! thanks so much... and you're right, it was quite obvious (especially now that I see it!) Thanks again, - Teebes On Mon, Oct 6, 2008 at 1:39 PM, Sascha Welter <zopelist@betabug.ch> wrote:
(Sun, Oct 05, 2008 at 09:48:20PM -0400) Thibaud Morel l'Horset wrote/schrieb/egrapse:
I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script(Python). I'm using PAS and CookieCrumbler and the code is as follows:
container.acl_users.users.manage_updateUserPassword(user['id'],password,password)
This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing
the
password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then).
AFAIK this case is documented in the CC docs, also it's quite obvious from the CookieCrumbler API: You need to call its credentialsChanged method.
Regards,
Sascha
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (5)
-
Dieter Maurer -
Giampiero Benvenuti -
Laurence Rowe -
Sascha Welter -
Thibaud Morel l'Horset