[Zope3-Users] automatic authentication after signup

Jayarajan Jn jayarajan at musmo.com
Fri Nov 7 07:30:40 EST 2008 

Hi ALL,

I have been doing an authentcation package with signup and login/logout
features using PAU. When i refered to philips book and the worldcookery
example i found the following codes in the signup logic.

class SignUpView(BaseSignUpView):

    signUpForm = ViewPageTemplateFile('signup.pt')

    def signUp(self, login, title, password, confirmation):
        if confirmation != password:
            raise UserError(_(u"Password and confirmation didn't match"))
        folder = self._signupfolder()
        if login in folder:
            raise UserError(_(u"This login has already been chosen."))
        principal_id = folder.signUp(login, password, title)

        role_manager = IPrincipalRoleManager(self.context)

        role_manager = removeSecurityProxy(role_manager) # <- wot does it
really do and how does it make the newly

                   # created user to be authenticated automatically

        for role in folder.signup_roles:
            role_manager.assignRoleToPrincipal(role, principal_id)
        self.request.response.redirect("@@welcome.html")

The above logic works well for me too. But if i comment the line
'role_manager = removeSecurityProxy(role_manager)',still user creation and
role assignment works. but i am asked to login again right after the signup.
and the redirect does not work.

And another apporch i have seen in

http://kelpi.com/script/e2019a
http://kelpi.com/script/f49219

so i tried to set the principal as

principal=pau.getPrincipal(principal_id)
sel.request.setPrincipal(principal)

and commented the removeSecurityProxy line.
But it also gives same result.

So is there any other way than using removeSecurityProxy(role_manager)? I
also would like to know how risky it can be to use removeSecurityProxy in a
code with public (zope.public) permission. I Know this is very trivial issue
and everyone have gone through this once.

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope3-users/attachments/20081107/cb4a04a4/attachment.html

More information about the Zope3-users mailing list