[Zope] password change and cookie crumbler - FIXED

Ben Avery ben@thesite.org
Fri, 03 Jan 2003 12:45:05 +0000 

I've fixed this myself, sorry to bother anyone!

I just needed to look at how CC's login_form works:
it sets two things in the request - __ac_name and __ac_password
and then show the display screen using the request, rather than doing a 
response.redirect which loses the request.
So, for anyone's future reference, I modified the script to this:

-----
myreq={}
myreq['name']=uid
myreq['password']=request['new_pwd1']
myreq['confirm']=request['new_pwd1']
myreq['roles']=user.getRoles()
context.acl_users.manage_users( submit='Change', REQUEST=myreq )

# set new password in request for Cookie Crumbler to pick up
request.set( '__ac_name', user.getId() )
request.set( '__ac_password', request['new_pwd1'] )

# display thanks page
print context.changed.changed_display( context, request )
return printed
-----



ben@thesite.org wrote:
> hi, happy new year everyone!
> 
> I'm stuck on a problem involving cookie crumbler authentication:
> 
> I'm building a site which requires users to register their own accounts 
> and log in. When the users are created, I generate a password for them. 
> But I need to allow the users to change their own passwords. At the 
> moment I'm using a python script which picks up the new password and 
> confirmation from a form, and does this (after checking the new password 
> and confirmation match):
> 
> ------
> user = request.AUTHENTICATED_USER
> uid=user.getId()
> 
> myreq={}
> myreq['name']=uid
> myreq['password']=request['new_pwd1']
> myreq['confirm']=request['new_pwd1']
> context.acl_users.manage_users( submit='Change', REQUEST=myreq )
> 
> response.redirect( '%s/changed/' % request.URL2 )
> return
> -------
> 
> The code manages to change the password successfully, but I cannot then 
> view the confirmation page, and am redirected to CC's login_form page, 
> (I think) because the password set in the cookie is now not the same as 
> the updated one in the acl_users user folder.
> 
> Do you agree that this is the problem here, and if so, what would I have 
> to do to fix this?
> 
> [Zope 2.6.0, Python 2.1.3, Solaris 7, viewed in Mozilla 1.0.1]
> 
> TIA
> 
> Ben Avery
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>