Re: login via url

2006-02-08 Thread David Pratt 


Hi Amit. That sounds interesting. I looking at something so allow a 
credentials to be passed in a similar fashion to zope as a url. Do you 
have any further details you are able to share?  Many thanks.


Regards,
David

Amit Upadhyay wrote:
On 2/8/06, *Jason F. McBrayer* <[EMAIL PROTECTED] 
> wrote:



On Wed, 2006-02-08 at 06:04 -0800, [EMAIL PROTECTED]
 wrote:
 > Does someone have a recipe for logging in via url only.  I would like
 > to have it work with admin or   regular user where
 > credentials can be passed as parameters in a url and they are
logged in
 > and directed to the url. For admin login I am wanting it to
simply log
 > into admin index.

You _could_ do this by looking at the admin interface's login view, and
handling request.GET the way it handles request.POST.  But IMO you
_shouldn't_ do this, as it may (depending on other things) open up quite
a few new ways to steal credentials (think about referrers, and about
httpd logs).


One option could be to use a one time login url.

* Create a model containing GUID/UUID.
* Create a view that sends you a mail containing a login url
  everytime you hit it.
* Create a view that server this url containing GUID/UUID as
  parameter, and if it matches with one in database, delete that
  object and log user in.

I have done something similer for invitations, as soon as i get a 
request containing previously generated GUID, i create a user and log 
user in with that user.


--
Amit Upadhyay
Blog: http://www.rootshell.be/~upadhyay
+91-9867-359-701

Re: login via url

2006-02-08 Thread Amit Upadhyay 
On 2/8/06, Jason F. McBrayer <[EMAIL PROTECTED]> wrote:
On Wed, 2006-02-08 at 06:04 -0800, [EMAIL PROTECTED] wrote:> Does someone have a recipe for logging in via url only.  I would like> to have it work with admin or   regular user where
> credentials can be passed as parameters in a url and they are logged in> and directed to the url. For admin login I am wanting it to simply log> into admin index.You _could_ do this by looking at the admin interface's login view, and
handling request.GET the way it handles request.POST.  But IMO you_shouldn't_ do this, as it may (depending on other things) open up quitea few new ways to steal credentials (think about referrers, and about
httpd logs).One option could be to use a one time login url. Create a model containing GUID/UUID. Create a view that sends you a mail containing a login url everytime you hit it. 
Create a view that server this url containing GUID/UUID as parameter, and if it matches with one in database, delete that object and log user in.I have done something similer for invitations, as soon as i get a request containing previously generated GUID, i create a user and log user in with that user.
-- Amit UpadhyayBlog: http://www.rootshell.be/~upadhyay+91-9867-359-701

Re: login via url

2006-02-08 Thread David Pratt 


Hi Jason. Many thanks for your reply. I'll look into what you have 
suggested.


Regards,
David

Jason F. McBrayer wrote:

On Wed, 2006-02-08 at 06:04 -0800, [EMAIL PROTECTED] wrote:


Does someone have a recipe for logging in via url only.  I would like
to have it work with admin or   regular user where
credentials can be passed as parameters in a url and they are logged in
and directed to the url. For admin login I am wanting it to simply log
into admin index.



You _could_ do this by looking at the admin interface's login view, and
handling request.GET the way it handles request.POST.  But IMO you
_shouldn't_ do this, as it may (depending on other things) open up quite
a few new ways to steal credentials (think about referrers, and about
httpd logs).

Re: login via url

2006-02-08 Thread Jason F. McBrayer 

On Wed, 2006-02-08 at 06:04 -0800, [EMAIL PROTECTED] wrote:
> Does someone have a recipe for logging in via url only.  I would like
> to have it work with admin or   regular user where
> credentials can be passed as parameters in a url and they are logged in
> and directed to the url. For admin login I am wanting it to simply log
> into admin index.

You _could_ do this by looking at the admin interface's login view, and
handling request.GET the way it handles request.POST.  But IMO you
_shouldn't_ do this, as it may (depending on other things) open up quite
a few new ways to steal credentials (think about referrers, and about
httpd logs).

-- 
++
| Jason F. McBrayer [EMAIL PROTECTED]  |
|  "If you wish to make Pythocles wealthy, don't give him more   |
|   money; rather, reduce his desires."-- Epicurus   |

login via url

2006-02-08 Thread [EMAIL PROTECTED] 

Does someone have a recipe for logging in via url only.  I would like
to have it work with admin or   regular user where
credentials can be passed as parameters in a url and they are logged in
and directed to the url. For admin login I am wanting it to simply log
into admin index.

Many thanks
David