Re: [Zope] create Login/Logout functionality
On 03.Mai 2003 - 17:38:10, Troy Farrell wrote:
Look in the source for 'manage_zmi_logout' in zopedir/lib/python/App/Management.py
That doesn't help me much, I see that I can call manage_zmi_logout to logout the user, but how do I get him to log in? I don't think that I can do it with such a message box, as far as I can see, this can only be done, by setting the permissions on the file. But this doesn't work for me, as anybody should be able to view a certain page, but only logged in users should see a link that points to an edit-form So the question is, which method to call if I have a username and a password, I didn't find anything in the UserFolder API. I will try to look further on the source of the API, but maybe someone can directly point me to the right spot. Andreas
Troy
Andreas Pakulat wrote:
Hi,
I would like to have a login Link on the top of my page, but I don't know how I can login a user. I have searched through the help, but didn't find a method that causes the MessageBox, that appears if I go to a /manage Url, to appear.
And I also want the users to get logged of again.
I know that I can write a dtml/zpt page and call a script with values from a form, and then in the script set the Authenticated User if he exists in the User Folder, but I don't see how to verify the password. Also I really would like to have it with the messagebox and not a separate form to fill in.
Andreas
-- Letzte Worte eines Flugkapitäns: "Wir landen in wenigen Minuten planmäßig"
On Mon, 05.05.2003 at 11:19 +0200, Andreas Pakulat wrote:
On 03.Mai 2003 - 17:38:10, Troy Farrell wrote:
Look in the source for 'manage_zmi_logout' in zopedir/lib/python/App/Management.py
That doesn't help me much, I see that I can call manage_zmi_logout to logout the user, but how do I get him to log in?
I believe manage_zmi_logout opens the login pop-up window.
I don't think that I can do it with such a message box, as far as I can see, this can only be done, by setting the permissions on the file. But this doesn't work for me, as anybody should be able to view a certain page, but only logged in users should see a link that points to an edit-form
So the question is, which method to call if I have a username and a password, I didn't find anything in the UserFolder API. I will try to look further on the source of the API, but maybe someone can directly point me to the right spot.
We had a similar problem, and we used the CookieCrumbler product. It doesn't open a pop-up window to login, but you can use a custom login form. -- paavo. "4000 hungry children leave us per hour from starvation while billions are spent on bombs creating death showers"
On 05.Mai 2003 - 12:29:12, Paavo Parkkinen wrote:
On Mon, 05.05.2003 at 11:19 +0200, Andreas Pakulat wrote:
On 03.Mai 2003 - 17:38:10, Troy Farrell wrote:
Look in the source for 'manage_zmi_logout' in zopedir/lib/python/App/Management.py
That doesn't help me much, I see that I can call manage_zmi_logout to logout the user, but how do I get him to log in?
I believe manage_zmi_logout opens the login pop-up window.
Yeah, that's right, but either using the function or copying some of its content, doesn't give me a proper login-message. I see such a message, but whatever I type, I get a "could not authenticate"! I also don't have enough knowledge about the Status and Header-Info that is set in the function, so if somebody could point me to a tutorial or sth. else that explains what the different status and headers in an HTTP-Response are, it would help me much.
I don't think that I can do it with such a message box, as far as I can see, this can only be done, by setting the permissions on the file. But this doesn't work for me, as anybody should be able to view a certain page, but only logged in users should see a link that points to an edit-form
So the question is, which method to call if I have a username and a password, I didn't find anything in the UserFolder API. I will try to look further on the source of the API, but maybe someone can directly point me to the right spot.
We had a similar problem, and we used the CookieCrumbler product. It doesn't open a pop-up window to login, but you can use a custom login form.
So you used cookies to authenticate users? That is not possible within my project, I need to authenticate against the Zope-Userdatabase. It could theoretically be done, if I can get a User/SimpleUser Object from having a username, but it seems that I cannot get this. The functions of the UserFolder Object are all restricted to UserManagers, and an Unauthorized User isn't a UserManager. It could theoretically be done, if I can get a User/SimpleUser Object from having a username, but it seems that I cannot get this. The functions of the UserFolder Object are all restricted to UserManagers, and an Unauthorized User isn't a UserManager. Andreas -- Fine day to work off excess energy. Steal something heavy.
Helpful hints on figuring this whole thing out: 1) view RFC's on HTTP protocol with emphasis on http status codes 2) google search on 'WWW-Authenticate' aka basic http authentication Using manage_zmi_logout and the zope HelpSys docs, I've come up with this script. Play with it: ## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE response.setHeader('Content-Type','text/html') print "<html><head><title>authtest</title><body><p>" print "you are " + request['AUTHENTICATED_USER'].getUserName() if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': print "Trying to authenticate..." response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1) print "</p></body></html>" return printed #end script Troy Andreas Pakulat wrote:
On 05.Mai 2003 - 12:29:12, Paavo Parkkinen wrote:
On Mon, 05.05.2003 at 11:19 +0200, Andreas Pakulat wrote:
On 03.Mai 2003 - 17:38:10, Troy Farrell wrote:
Look in the source for 'manage_zmi_logout' in=20 zopedir/lib/python/App/Management.py
=20 That doesn't help me much, I see that I can call manage_zmi_logout to logout the user, but how do I get him to log in?
=20 I believe manage_zmi_logout opens the login pop-up window.
Yeah, that's right, but either using the function or copying some of its content, doesn't give me a proper login-message. I see such a message, but whatever I type, I get a "could not authenticate"! I also don't have enough knowledge about the Status and Header-Info that is set in the function, so if somebody could point me to a tutorial or sth. else that explains what the different status and headers in an HTTP-Response are, it would help me much.
I don't think that I can do it with such a message box, as far as I can see, this can only be done, by setting the permissions on the file. But this doesn't work for me, as anybody should be able to view a certain page, but only logged in users should see a link that points to an edit-form =20 So the question is, which method to call if I have a username and a password, I didn't find anything in the UserFolder API. I will try to look further on the source of the API, but maybe someone can directly point me to the right spot.
=20 We had a similar problem, and we used the CookieCrumbler product. It doesn't open a pop-up window to login, but you can use a custom login form.
So you used cookies to authenticate users? That is not possible within my project, I need to authenticate against the Zope-Userdatabase.
It could theoretically be done, if I can get a User/SimpleUser Object =66rom having a username, but it seems that I cannot get this. The functions of the UserFolder Object are all restricted to UserManagers, and an Unauthorized User isn't a UserManager.
It could theoretically be done, if I can get a User/SimpleUser Object =66rom having a username, but it seems that I cannot get this. The functions of the UserFolder Object are all restricted to UserManagers, and an Unauthorized User isn't a UserManager.
Andreas
-- Fine day to work off excess energy. Steal something heavy.
On 05.Mai 2003 - 10:41:11, Troy Farrell wrote:
Helpful hints on figuring this whole thing out: 1) view RFC's on HTTP protocol with emphasis on http status codes 2) google search on 'WWW-Authenticate' aka basic http authentication
Yeah and I did find the info, but it didn't help me very much. I did not understand everything, but I thought it would be enough to have a script which sets the response to 401 and the header to WWW-Authentication?! But this didn't work, the message box was repeated over and over again, even though I typed the correct username and password. The only thing I see, why this happens is that users are only searched for in the first User Folder Zope finds when looking upwards from the current location. Is this true?
Using manage_zmi_logout and the zope HelpSys docs, I've come up with this script. Play with it:
## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE
response.setHeader('Content-Type','text/html')
print "<html><head><title>authtest</title><body><p>"
print "you are " + request['AUTHENTICATED_USER'].getUserName()
if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': print "Trying to authenticate..." response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1)
print "</p></body></html>" return printed
#end script
I'll try that in a minute, but I also found the Product LoginManager. And I've installed it on my Debian box, but it doesn't work for me. I replaced the acl_users Folder with a LoginManager object and did nothing more. Now if I use the standard LoginForm I can type what I want, I never get authenticated. Also the logoutForm doesn't work, it calls AUTHENTICATED_USER.logout() which Zope cannot find? Is LoginManager too old to be used with Zope 2.6? Andreas -- You have a truly strong individuality.
On 05.Mai 2003 - 18:19:26, Andreas Pakulat wrote:
On 05.Mai 2003 - 10:41:11, Troy Farrell wrote:
Using manage_zmi_logout and the zope HelpSys docs, I've come up with this script. Play with it:
## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE
response.setHeader('Content-Type','text/html')
print "<html><head><title>authtest</title><body><p>"
print "you are " + request['AUTHENTICATED_USER'].getUserName()
if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': print "Trying to authenticate..." response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1)
print "</p></body></html>" return printed
#end script
I'll try that in a minute, but I also found the Product LoginManager.
Ok, this works nearly perfect. The only thing that doesn't fit my dreams is that I cannot directly put the user back on the page he was, I'll have to include some link back. That's a bit annoying, but as it also is this was within the zmi, I suppose there is no way to do this?! Andreas -- Don't Worry, Be Happy. -- Meher Baba
Entheos Software does zope consulting and custom programming :) Change the script so it doesn't print anything out like this: ## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1) #end script Then, add this line to your page template: <span tal:replace="here/authtest" /> or this to a dtml document: <dtml-call name="authtest"> And try that. Troy Andreas Pakulat wrote:
On 05.Mai 2003 - 18:19:26, Andreas Pakulat wrote:
On 05.Mai 2003 - 10:41:11, Troy Farrell wrote:
Using manage_zmi_logout and the zope HelpSys docs, I've come up with this script. Play with it:
## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE
response.setHeader('Content-Type','text/html')
print "<html><head><title>authtest</title><body><p>"
print "you are " + request['AUTHENTICATED_USER'].getUserName()
if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': print "Trying to authenticate..." response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1)
print "</p></body></html>" return printed
#end script
I'll try that in a minute, but I also found the Product LoginManager.
Ok, this works nearly perfect. The only thing that doesn't fit my dreams is that I cannot directly put the user back on the page he was, I'll have to include some link back. That's a bit annoying, but as it also is this was within the zmi, I suppose there is no way to do this?!
Andreas
On 05.Mai 2003 - 13:30:23, Troy Farrell wrote:
Entheos Software does zope consulting and custom programming :)
Change the script so it doesn't print anything out like this: ## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE
if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1)
#end script
Then, add this line to your page template:
<span tal:replace="here/authtest" />
or this to a dtml document:
<dtml-call name="authtest">
And try that.
No chance, as said earlier, I have a link pointing to the python script, if I insert the <dtml-call name="login_script"> there it gets called everytime the document is accessed, which is not what I wanted. I want the users that are authorized, to click that link and authenticate themselfes, so they get the full access to the site. Andreas -- Don't you feel more like you do now than you did when you came in?
Have you looked at the CookieCrumbler product. It can be used in conjunction with any UserFolder to provide a nice login page. And then the link you desire can point to that page. Thats what we do on our site. To logoff just call the user_logout function of the userfolder or just send back a 403 AM Andreas Pakulat wrote:
On 05.Mai 2003 - 13:30:23, Troy Farrell wrote:
Entheos Software does zope consulting and custom programming :)
Change the script so it doesn't print anything out like this: ## Script (Python) "authtest" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## request = container.REQUEST response = request.RESPONSE
if request.get('AUTHENTICATED_USER').getUserName() == 'Anonymous User': response.setStatus('Unauthorized') response.setHeader('WWW-Authenticate', 'basic realm="Zope"', 1)
#end script
Then, add this line to your page template:
<span tal:replace="here/authtest" />
or this to a dtml document:
<dtml-call name="authtest">
And try that.
No chance, as said earlier, I have a link pointing to the python script, if I insert the <dtml-call name="login_script"> there it gets called everytime the document is accessed, which is not what I wanted. I want the users that are authorized, to click that link and authenticate themselfes, so they get the full access to the site.
Andreas
-- ================================================================== Aseem Mohanty Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706 (R) 510 7696011 (M) 510 3014871 (O) 510 5279231 ================================================================== "I saw `cout' being shifted "Hello world" times to the left and stopped right there!!" -- Steve Gonedes ==================================================================
participants (4)
-
AM -
Andreas Pakulat -
Paavo Parkkinen -
Troy Farrell