[Zope-PTK] morphing identity

[Mike Pelletier]

On Mon, 14 Feb 2000, Timothy Wilson wrote:

> >                 raise 'Login Required', self.loginForm(self, request)
> > 
> >     Replace this with "raise 'Unauthorized'".  This will cause the
> > standard browser authentication window to pop up instead of redirecting
> > you to a login form.  You should be able to log in using HTTP-auth and
> > avoid this caching nastiness.
> 
> Will this break any other part of the PTK? The caching problem isn't a big
> deal at this point since we're still just messing around with it.

    I gave you bad advice, don't do that.  Instead, look for a DTML Method
called 'login_form' in your Portal object.  Stick this in it somewhere:

<dtml-raise type="Unauthorized">
 Please log in.
</dtml-raise>

    As far as brakeage goes, nothing that I can think of will break but it
will make portions of the portal unavailable.  Specifically, it will hide
the 'Mail me my password' link from you.  You can make this link available
elsewhere, though.  

    The new 'LoginManager' based membership services will give us much
better control over stuff like this.  It is due Real, Real Soon Now.

> Again, I don't have any problems with Zope.org so is there something
> different about the authentication?

    Do multiple people from your LAN log into Zope.org?  Try logging into
Zope.org, finding some page you've never seen before, and then viewing the
identical URL on another station.

    Another thing to consider, you may have different caching policies for
local and external resources.  This is really a job for your cache admin.

Mike.

-- 
Mike Pelletier                          email: mike@digicool.com
Mild mannered software developer          icq: 7127228
by day, super villain by night.         phone: 519-884-2434