[Zope3-Users] request.principal and render/update
Pete Taylor
baldtrol at gmail.com
Thu Jun 1 17:41:38 EDT 2006
no problem anymore, that was a while back. it's been working
correctly for quite some time. if you check the later posts, I did
exactly what you suggest, and use session credentials. it then had an
issue where it assumed that the form always called the fields "login"
and "password" so I overrode that behavior myself. then
AuthenticatedPrincipalFactory doesn't actually adapt a principal back
to the type of principal you originally sent in, but instead sends you
back an IPrincipal, rather than derived version. so I built my own
Authenticated factory as well, to get back a principal with my own,
extra attributes.
as far as the "login/password" fields issue, I'm pretty sure Florian
submitted a fix for that back to svn a while back as well.
Thanks for the answer though!
On 6/1/06, Stephan Richter <srichter at cosmos.phy.tufts.edu> wrote:
> On Wednesday 12 April 2006 12:54, Pete Taylor wrote:
> > i have built a credentials plugin and an authenticator plugin, and set
> > them up in my PAU. i built the credentials plugin such that if no
> > credentials a recieved in the request, it checks the cookies for the
> > expected credentials, and if they're there, builds the necessary
> > credentials dict out of that instead, and returns that back for the
> > authenticator plugin to use.
>
> Aehm, this is exactly what the SessionCredentials do.
>
> > the login logic then, assuming a principal is infact returned from
> > pau.authenticate(self.request) (either because the cookies have the
> > credentials or the request did), returns back
> > self.request.setPrincipal(principal) and sets the cookies for the next
> > use (in the case that the credentials were found in the request, but
> > hadn't been set yet).
> >
> > my login form's action looks like this:
> >
> > @form.action('Login')
> > def handle_login_action(self, action, data):
> > lsm = component.getSiteManager(context=self.context)
> > pau = component.getUtility(IAuthentication, context=lsm)
> > principal = pau.authenticate(self.request)
> > if principal is not None:
> > self.setCookies()
> > #i've both used this and not used this...
> > #doesn't seem to affect anything one way or the other
> > self.request.setPrincipal(principal)
>
> Why are you doing this by hand? The authentication service should do all of
> this for you.
>
> > as a bit of extra background, i have a viewlet that needs to be aware
> > of request.principal. in tales, i did a bit of tracking of "where and
> > when" the current self.request was aware of request.principal. the
> > primary page view found request/principal/id every time. the viewlet
> > could find request/principal/id in tales, but not in the viewlet class
> > (a form.Form), even though self.request is super'd up through. i
> > attempted, in the viewlet, to look at
> > "self.__parent__.request.principal" since i set __parent__ to the view
> > that comes in on __init__, and i know that view can see
> > request.principal, since it shows up in tales every time.
> >
> > still no luck, it always throws AttributeError on request.principal.
>
> All this will work, if you use PAU correctly.
>
> I strongly suggest setting up a simple PAU, all with standard components. It
> is really not that hard and work beautifully.
>
> Regards,
> Stephan
> --
> Stephan Richter
> CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
> Web2k - Web Software Design, Development and Training
>
--
"All guilt is relative, loyalty counts, and never let your conscience
be your guide."
- Lucas Buck, American Gothic
More information about the Zope3-users
mailing list