[Zope] Custom authentication that avoids login screens

[Felix Ulrich-Oltean]

On Mon, Nov 18, 2002 at 07:45:25PM +0100, Dieter Maurer wrote:
> Most cookie user folders allow the customization of the login dialog.
> Make it a redirect to a page that handles your global (for PHP, Zope,
...)
> login.
> 
> This may pop up a login dialog or perform an automatic login
> based on already available login information.
> 
> The login action is expected to have some variables
> (e.g. "__ac_name" and "__ac_password").
> Let your login page come back with these variables set -- voila.

Right, I think this is what I tried to do.  I add a CookieCrumbler,
and replace the standard login_form DTML Method with a script like
this:

<code>
req = context.REQUEST
if req.has_key('came_from') and req['came_from']:
    dest = req.resolve_url(req['came_from'])
    req.set('__ac_user', 'bob')
    req.set('__ac_password', 'builder')
    return dest(REQUEST=req)
else:
    raise AttributeError, "Didn't know where you came from."
</code>

This doesn't work - I'm guessing there's at least 2 problems:

1. req is not the original request (i.e. the one that corresponds to
   'came_from'), so I'm passing an inappropriate request object to the
   destination object.

2. dest may not be directly callable, so I should perhaps be calling
   dest.index_html(REQUEST=req) in some cases

How do I get around this?

Thanks,

Felix.