[Zope] user login via form (calling authenticate)

rob.sheppard@btinternet.com rob.sheppard@btinternet.com
Tue, 3 Apr 2001 21:08:40 00100 

I've been trying to use the authenticate(password, 
REQUEST) method in User.py from a login form (as 
described in the Beehive "Users, Roles and 
Permissions" document). I want to have a members 
login like the one on Zope.org.

In a folder called "Members" I've created an acl_users 
folder with: a) one test user, b) a simple DTML doc 
containing a form with 2 fields (Name and Password), 
and c) a DTML doc which matches the form's action 
containing:

   <dtml-if "acl_users.getUser(REQUEST.form
['Name']).authenticate(REQUEST.form
['Password'],REQUEST)">
     password correct.
   <dtml-else>
     Password incorrect.
   </dtml-if>

When I try to login using the form as the test user 
in /Members/acl_users, Zope brings up its own login 
dialog. 

If I enter the test user from /Members/acl_users into 
Zope's login dialog, it tries 3 times then reports:

   "Zope Error
   Zope has encountered an error while publishing this 
resource. 

   Unauthorized

   You are not authorized to access getUser. "

 and the last line in the error comment reads:

     File /home/sites/site6/users/london/Zope-2.2.2-
src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 
159, in validate
     Unauthorized: authenticate


If I enter my own user/password at Zope's dialog box 
(i.e. valid in the toplevel /acl_users, owner/manager 
roles), it tries 3 times and reports:

   "Zope Error
   Zope has encountered an error while publishing this 
resource. 

   Unauthorized

   Sorry, a Zope error occurred "

 and the last line in the error comment reads:

    File /home/sites/site6/users/london/Zope-2.2.2-
src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 
159, in validate
    Unauthorized: authenticate



OK, I figured that its an access problem with the User.py 
methods, but I've tried setting the proxy roles of the 
form and the action document to Manager, and setting 
the permissions on /Members/acl_users to anonymous 
but still get the same problem.
Zope version is 2.2.2, Python 1.5.2.

What have I missed? How do I give an anonymous user 
access to getUser?

--
Rob

PS I've searched the mail archives at NIP (found a 
couple of people with the similar problem but no 
answers) and the bug collector (nothing).