[Zope-dev] re: struggeling with a sessionbased LoginMethod

Joachim Schmitz js@aixtraware.de
Wed, 7 Nov 2001 18:17:18 +0100 (CET)


Hi,

thanks for the tip, but it didn't solve the problem. But I found a
workaround after trying many different things, it's a hack but it works :=
-)

in the index_html, I put:

<dtml-var header>
<dtml-try>
<dtml-var content>
<dtml-except>
<FORM action=3D"<dtml-var "idUrl(url=3D'login')">" method=3D"POST">
  <tr height=3D"4">
  <td colspan=3D2 width=3D"650" height=3D"4">
  <b>Bitte melden Sie sich zun=E4chst an</b></font></td>
  </tr>
  <TR>
  <th>Benutzer</th>
  <td>
  <input type=3D"hidden" name=3D"GalileoSession" value=3D"<dtml-var expr=3D=
"sdm.getToken()">">
  <input type=3D"string" name=3D"__ac_name" size=3D40></td>
  </TR>
  <TR>
  <th>Passwort</th>
  <td><input type=3D"password" name=3D"__ac_password" size=3D40></td>
  </TR>
  <TR><TD>&nbsp;</TD>
  <td>
  <input type=3D"hidden" name=3D"goto" value=3D"<dtml-var HTTP_REFERER>">
  <input type=3D"submit" name=3D"LogMeIn" value=3D" Log In ">
  </td>
  </TR>
<dtml-try>
<dtml-if "REQUEST.has_key('LogMeIn') and AUTHENTICATED_USER.getUserName()=
 !=3D 'Anonymous User'">
<dtml-var mitte>
</dtml-if>

I had to put in the Form directly anything else didn't work.

login/content looks like this:

<table with=3D"100%" border=3D"0">

<dtml-with "AUTHENTICATED_USER">
  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"2" width=3D"450">
  <dtml-if "AUTHENTICATED_USER.getUserName() =3D=3D 'Anonymous User'">
  <dtml-if "REQUEST.has_key('LogMeIn')">
<tr><td>
    Login failed !!
</td></tr>
  </dtml-if>
<FORM action=3D"<dtml-var "idUrl(url=3D'./')">" method=3D"POST">
  <tr height=3D"4">
  <td colspan=3D2 width=3D"650" height=3D"4">
  <b>Bitte melden Sie sich an</b></font></td>
  </tr>
  <TR>
  <th>Benutzer</th>
  <td>
  <input type=3D"hidden" name=3D"GalileoSession" value=3D"<dtml-var expr=3D=
"sdm.getToken()">">
  <input type=3D"string" name=3D"__ac_name" size=3D40></td>
  </TR>
  <TR>
  <th>Passwort</th>
  <td><input type=3D"password" name=3D"__ac_password" size=3D40></td>
  </TR>
  <TR><TD>&nbsp;</TD>
  <td>
  <input type=3D"hidden" name=3D"goto" value=3D"<dtml-var HTTP_REFERER>">
<dtml-comment "">
  <input type=3D"hidden" name=3D"goto" value=3D"<dtml-var expr=3D"idUrl(u=
rl=3DHTTP_REFERER)">">
</dtml-comment>
  <input type=3D"submit" name=3D"LogMeIn" value=3D" Log In ">
  </td>
  </TR>
  </FORM>
<dtml-else>
<dtml-if "REQUEST.has_key('goto')">
<dtml-in "SQL_gesperrt(benutzer=3DAUTHENTICATED_USER.getUserName())">
<dtml-call "REQUEST.set('frei',freigegeben)">
</dtml-in>
<dtml-if "frei =3D=3D 's'">
<b>Dieser Benutzer ist gesperrt.</b>
<dtml-else>
<dtml-call "RESPONSE.redirect(goto)">
</dtml-if>
</dtml-if>
</dtml-if>
</dtml-with>
</table>

The code at the bottom covers a special case in this application, where t=
he
user access is locked. The interesting and remaining problem is, that if =
the
condition is true, the Text is displayed twice !!!!!!!



On Thu, 8 Nov 2001, Andrew Kenneth Milton wrote:

> Hi there, someone asked me to drop you a line about your problem you po=
sted
> on zope-dev.
>
> I can't directly help you with LoginManager, which you might be tied to.
>
> I'm the principal developer of exUserFolder. Which is an extensible use=
r
> folder, that lets you write auth plugins. It's fairly easy to write the=
m
> from scratch. This isn't a plug, just a warning d;)
>
> I can reproduce the behaviour you are seeing, *if* inside the locked fo=
lder
> I allow "View" permission to Anonymous on content. Then it throws the B=
asic
> Auth instead of the Form Auth it should throw as it tries to access pro=
tected
> objects (this is because the acquired object is above the level where t=
he
> acl_users that uses Cookie Auth is) this is normally standard_html_head=
er.
>
> It might be as simple as turning of View for Anonymous on content insid=
e
> testFolder, this will force the initial access to throw the Login Requi=
red
> exception in the right context.
>
> If this works for you feel free to share with the zope-dev list.
>
> I have tested the following setup;
>
> /openFolder
> /openFolder/acl_users (exUserFolder using Cookie Auth)
> /openFolder/index_html
> /openFolder/lockedFolder/
> /openFolder/lockedFolder/content
>
> In all cases access to lockedFolder uses the form based login, calling
> content directly, and calling index_html (which is acquired) and callin=
g
> lockedFolder/ without explicitly calling index_html. This is without
> View for Anonymous allowed.
>
> --
> Totally Holistic Enterprises Internet|                      | Andrew Mi=
lton
> The Internet (Aust) Pty Ltd          |                      |
> ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Dae=
mon
> PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|
>

Mit freundlichen Gr=FC=DFen

Joachim Schmitz

AixtraWare, Ing. B=FCro f=FCr Internetanwendungen
H=FCsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163