[Zope-PAS] auth fallback with cookies
Kapil Thangavelu
hazmat at objectrealms.net
Sun Aug 7 18:49:36 EDT 2005
make the cookie auth plugin push form credentials into the the request
as basic auth headers ala cookie crumbler.
-k
On Jul 26, 2005, at 4:09 PM, J Cameron Cooper wrote:
> Say I have a user in a root acl_users folder (call it 'admin'). I also
> have a PAS user folder in a sub-object of the root. This PAS is
> configured to do cookie auth, and users will typically login using a
> form.
>
> Now, if I try to log in as 'admin' in that form, it doesn't work. I
> think this is why:
>
> - credentials are supplied via a form to the PAS cookie auth plugin
>
> - there is no such user, so it fails
>
> - 'validate' returns None, so Zope goes to the next user folder
> (which the basic in the root where 'admin' lives)
>
> - that one tries to validate but gets nothing: it looks for HTTP
> basic credentials, but finds nothing, since login is form based
>
> Does this sound about right? Anybody have a strategy to get around
> this?
>
> --jcc
> --
> Enfold Systems, LLC
> http://www.enfoldsystems.com
>
> _______________________________________________
> Zope-PAS mailing list
> Zope-PAS at zope.org
> http://mail.zope.org/mailman/listinfo/zope-pas
More information about the Zope-PAS
mailing list