[Zope] exUserFolder will not redirect to login page

Gaute Amundsen gaute at div.org
Fri Dec 2 02:26:17 EST 2005


On Friday 02 December 2005 04:31, Andrew Milton wrote:
> +-------[ Gaute Amundsen ]----------------------
>
> | Hi all.
> |
> | I have this problem with our zope based CMS system.
> | No matter what i try I can not make the docLogin page appear when it
> | should. If I go directly to it, it works fine, but otherwise the http
> | auth poppup appears.
>
> I don't know what version of exUserFolder you're using, but, try looking in

 exUserFolder-0-10-10

> doc/UnenlightenedZopistasGuide.txt
>
> 5.0 TIPS FOR THE UNWARY
>
> Specifically section 5.1.1;
>
> 5.1.1 The problem
>
> When you try to access the folder, instead of getting the form, you
> get a popup box, even though you chose Cookie Authentication. Even
> when you enter a username and password it doesn't work.

I have been over that guide a few times after clues, but unfortunately this 
description only approximately fits my situations.

> 5.1.2 What happened
>
>You tried to access an area you don't have access to. Zope found the
>closest user folder to the object you were trying to access. The user
>folder decided you were not authorized and tried to display the login
>form. You don't have access to view the login form, so Zope finds the
>nearest user folder to the login form, which is the user folder above
>the protected directory. It pops up the authentication dialog. If you
>put in a valid username and password for this top level, then lower
>level then displays the login form.

As I mention in the part you quote, I have no problem accessing 
acl_users/docLogin, or indeed logging in using cookies, when I go  directly 
to this url. The problem is that when I go to a protected url I do not get 
redirected to docLogin, but controll is passed to the acl_users above, as 
described, and that acl_users only knows http auth.

When I forced cookie_validate to return the redirect at the end, I did get the 
right docLogin as well, as far as I can see, except I got in that redirect 
loop because of same forcing. That should eliminate the above explanation 
pretty conclusively, I would think. (in adition to the fact that acl_users is 
way outside the protected area)

As far as I can see that must mean that either something is going wrong in 
exUserFolder, or much more likely, that we are feeding it something bogus, or 
have previously modified it in some non-obvious way.
My problem is that I have little idea what it is supposed to look like at 
different stages.

Regards

Gaute Amundsen

-- 
-- -----------------------------------------------------------------
  Gaute Amundsen               "Technology today is the campfire
  gaute at div.org               around which we tell our stories.
                                          There's this attraction to light
                                          and to this kind of power, which is
                                           both warm and destructive."

                                               Laurie Anderson
 http://www.div.org
--------------------------------------------------------------------


More information about the Zope mailing list