[Zope-PAS] auth fallback with cookies

Kapil Thangavelu hazmat at objectrealms.net
Sun Aug 7 18:49:36 EDT 2005


make the cookie auth plugin push form credentials into the the request 
as basic auth headers ala cookie crumbler.
-k

On Jul 26, 2005, at 4:09 PM, J Cameron Cooper wrote:

> Say I have a user in a root acl_users folder (call it 'admin'). I also 
> have a PAS user folder in a sub-object of the root. This PAS is 
> configured to do cookie auth, and users will typically login using a 
> form.
>
> Now, if I try to log in as 'admin' in that form, it doesn't work. I 
> think this is why:
>
>  - credentials are supplied via a form to the PAS cookie auth plugin
>
>  - there is no such user, so it fails
>
>  - 'validate' returns None, so Zope goes to the next user folder 
> (which the basic in the root where 'admin' lives)
>
>  - that one tries to validate but gets nothing: it looks for HTTP 
> basic credentials, but finds nothing, since login is form based
>
> Does this sound about right? Anybody have a strategy to get around 
> this?
>
> 		--jcc
> -- 
> Enfold Systems, LLC
> http://www.enfoldsystems.com
>
> _______________________________________________
> Zope-PAS mailing list
> Zope-PAS at zope.org
> http://mail.zope.org/mailman/listinfo/zope-pas



More information about the Zope-PAS mailing list