[Zope] Strange behaviour on authorization

Jarkko Veijalainen Jarkko.Veijalainen@tecnomen.fi
Fri, 18 Aug 2000 10:18:32 +0300 

i have been trying to figure this out and get help to this almost one
week...

i have login form called login:

<clip>
		<form name="LoginForm" action="email_accounts"
method="post">
              <div align="center"><center><p>Username or ID <br>
              <input type="text" name="cn" size="10" maxlength="20"><br>
              Password<br>
              <input type="password" name="password" size="10" > <br>
              <br>
			  <input type="submit" value="Select this button to
continue"> <br>
		</form>

</clip>

email_accounts is a DTML document:

<clip>

<font face="Verdana, Arial" color="#ffffff">
<dtml-let resDTML="Imap('Authentication',REQUEST,1)">
<h2>User <dtml-var "resDTML.cn"> <dtml-var title_or_id></h2>
</font>

<TABLE border="1" bgcolor="#b0bf30" width=80% cellpadding=2 cellspacing=0
valign=top>
<FORM ACTION="email_headers" METHOD="POST" >

<TR><TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1">Check?</TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1">Account</TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica" size="1">New
messages</TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica" size="1">Total
messages</TD>
</TR>

<TR><TD><INPUT TYPE="CHECKBOX" NAME="checkbox[]" VALUE="imap" CHECKED="yes">
</TD><TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1"><dtml-var "resDTML.account">&nbsp; </TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1"><dtml-var "resDTML.recent">&nbsp;</TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1"><dtml-var "resDTML.msgcount">&nbsp;</TD>
</TR>

<TR><TD><INPUT TYPE="CHECKBOX" NAME="checkbox[]" VALUE="pop">
</TD><TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1"><dtml-var "resDTML.popaccount">&nbsp; </TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1">&nbsp;</TD>
<TD><font color="#000000" face="Verdana, Arial, Helvetica"
size="1">&nbsp;</TD>
</TR>

<TR><TD>&nbsp;</TD><TD><font color="#000000" face="Verdana, Arial,
Helvetica" size="1">Check selected mailboxes:</TD><TD>
<INPUT TYPE="submit" VALUE="Go!"></TD><TD>&nbsp;</TD></TR>

</FORM></TABLE>
</dtml-let>

</clip>

Zope loads login form with no problem (it's basicly static page) but when i
try so POST data to email_headers with login form, popups Authorization
failed window. I have tried to use my manager and superuser name and same
values that i submitted, but nothing is accepted to auth. window. 

here's the traceback:

Zope Error

  Zope has encountered an error while publishing this resource. 

  Unauthorized

  Sorry, a Zope error occurred.

  Traceback (innermost last):
    File /usr/local/Zope-2.2.0/lib/python/ZPublisher/Publish.py, line 222,
in publish_module
    File /usr/local/Zope-2.2.0/lib/python/ZPublisher/Publish.py, line 187,
in publish
    File /usr/local/Zope-2.2.0/lib/python/ZPublisher/Publish.py, line 171,
in publish
    File /usr/local/Zope-2.2.0/lib/python/ZPublisher/mapply.py, line 160, in
mapply
      (Object: email_accounts)
    File /usr/local/Zope-2.2.0/lib/python/ZPublisher/Publish.py, line 112,
in call_object
      (Object: email_accounts)
    File /usr/local/Zope-2.2.0/lib/python/OFS/DTMLDocument.py, line 171, in
__call__
      (Object: email_accounts)
    File /usr/local/Zope-2.2.0/lib/python/DocumentTemplate/DT_String.py,
line 502, in __call__
      (Object: email_accounts)
    File /usr/local/Zope-2.2.0/lib/python/DocumentTemplate/DT_Let.py, line
147, in render
      (Object: resDTML="Imap('Authentication',REQUEST,1)")
    File /usr/local/Zope-2.2.0/lib/python/DocumentTemplate/DT_Util.py, line
337, in eval
      (Object: resDTML.cn)
      (Info: resDTML)
    File <string>, line 0, in ?
    File /usr/local/Zope-2.2.0/lib/python/DocumentTemplate/DT_Util.py, line
142, in careful_getattr
    File /usr/local/Zope-2.2.0/lib/python/OFS/DTMLMethod.py, line 194, in
validate
      (Object: email_accounts)
    File /usr/local/Zope-2.2.0/lib/python/AccessControl/SecurityManager.py,
line 139, in validate
    File
/usr/local/Zope-2.2.0/lib/python/AccessControl/ZopeSecurityPolicy.py, line
159, in validate
  Unauthorized: cn

by the way....
  resDTML="Imap('Authentication',REQUEST,1) is on External method called on
email_headers document.

I cathed REQUEST from login form and it shows:

request

form

 password
          1234
 cn
          666666

 AUTHENTICATION_PATH
                           proto_test
 password
                           1234
 dtpref_rows
                           20

 tree-s
                           eJzTiFZ3hANPW/VYHU0ALlYElA
 AUTHENTICATED_USER
                           jarkkov

so i have authenticated user and i still can't login. All these documents
work like they're supposed to in Zope 2.1.6, but not anymore when i
installed Zope 2.2.0 on Solaris. Why is Zopesecurity trying to validate
'cn', which is value that i submit to another document. 

What went wrong here and how i fix this problem?

	jarkkov