[Zope-PTK] Re: [Zope-dev] Subclassing LoginManager
Phillip J. Eby
pje@telecommunity.com
Fri, 19 May 2000 18:25:15 -0500
At 06:02 PM 5/19/00 -0400, Dan L. Pierson wrote:
>LoginManager.LoginManager.validate. A rough sketch is like this:
>
> if req_has('__ac'):
> ... handle cookie login ...
>
> if req_has('__ac_name') and req_has('__ac_password'):
> ... handle explicit login ...
>
> if auth and lower(auth[:6]) != 'basic':
> ... do basic authentication ...
>
> ... climb up the acquisition hierarchy ...
>
> ... try anonymous ...
LoginManager will behave just like your outline, if you give it a
BasicCookie LoginMethod, and a BasicAuth LoginMethod, in that order.
LoginManager does not climb up the acquisition hierarchy, as that is
properly the province of ZPublisher to do. It will provide the anonymous
user, if it is a top-level user folder.
>I know that the official way to do most of this sort of thing with
>LoginManager is by defining new LoginMethods, but I just don't see how
>to make LoginManager even try the LoginMethods at the correct time
>without overriding validate.
>
>Am I on the right track here?
Not as far as I can see. You shouldn't even need any custom LoginMethods,
the out-of-the-box ones should work just fine.