Re: [Zope] LoginManager broken?
Phil, Something that bit me when using the howto you referenced. When creating the methods, as soon as the authenticate method is created the LoginManager starts using it, but since the other methods don't yet exist it starts generating errors with the result that you are locked out of the LoginManager and any folders secured by it. My solution was to create all the methods needed but with bogus names, such as by sticking an x as the first character of each. This way you can test each in isolation and when satisfied that they are correct, rename them all in one fell swoop. Ipso facto, presto magico you have a working LoginManager. I've tried this procedure on 2.2.x with various versions of LoginManager/ZPatterns and it's worked every time. The latest Zope I've used it with is 2.2.4. hth Phil [EMAIL PROTECTED] - Original Message - From: "Mayers, Philip J" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 11, 2000 8:34 PM Subject: RE: [Zope] LoginManager broken? Thanks, I'll take a look. Re: LoginManager - After a fast turnaround (confirming my ample faith in Open Source software) Magnus Heino pointed me in the right direction - the dtml methods and SQL objects need to be inside the UserSource folder, *not* the LoginManager folder as the Howto implies (or maybe I just can't read...). Can someone confirm that the SQL methods need to be inside the UserSource folder? (which is mildly annoying, but there we go...) I'm still having some problems getting multiple roles working, but it's behaving itself for now. Now all I have to do is solve my LIMIT problem... Regards, Phil +--+ | Phil Mayers, Network Support | | Centre for Computing Services| | Imperial College | +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 11 December 2000 20:18 To: Mayers, Philip J Cc: '[EMAIL PROTECTED]' Subject: Re: [Zope] LoginManager broken? You might look at http://www.zope.org/Members/dlpierson/sqlLogin for a different approach that works for me in early testing. Note that it needs additional work before being turned loose on a live site. Dan Pierson "Mayers, Philip J" [EMAIL PROTECTED] writes: Does it even *work*? Even a little bit? Because other than repeating the same process 12 damn times, so far I'm not convinced. Maybe I'll look in the source code to see if there's actually anything in the files (other than a HOWTO.txt, which is empty, which BTW is more annoying than there not being one). The "LoginManager with SQL database" on the Zope site seems to end up with me having a folder I can't access through the management interface (unless you count "management" as "this is the index_html" document) Wow, thanks! Now I have to delete it and start all over again... In all seriousness - there *must* be one person who has gotten an SQL-backed LoginManger working with 2.2.4 - surely? Thanks for all the great work (little bugs aside...) - Zope is a wonderful product! Now if only it could serve XML as well as Cocoon... Regards, Phil +--+ | Phil Mayers, Network Support | | Centre for Computing Services| | Imperial College | +--+ ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager broken?
Ye gods...
Ok, steps I had to take to get LoginManager working
1) Create a folder, call it "test"
2) In that folder, add a LoginManager with a GenericUserSource, with *just*
"Basic Auth Login" selected. Leave the rest as defaults.
3) In the newly-created ACL-users folder, you'll find "forbiddenPage",
"loginForm" and "logoutForm" - you can delete loginForm.
Give logoutForm and forbiddenPage the "Manager" proxy role
4) In the UserSource folder/object underneath acl_users, add
a) A connection to the SQL database you'll be using
b) an SQL method "check_user" with a parameter "username", which does a
"select username from usertable where username = dtml-sqlvar username
type=string"
c) an SQL method "check_user" with parameters "username" and "password",
which does a "select username from usertable where username = dtml-sqlvar
username type=string and password = dtml-sqlvar password type=string"
d) an SQL method "get_roles" with a paramter "username" that does "select
groupname from group_members where username = dtml-sqlvar username
type=string" (or whatever is appropriate for your database)
5) Add the DTML methods WITH A DIFFERENT NAME - DON'T add
userAuthenticate,userExists,userRoles - add (say)
xuserAuthenticate,xuserExists,xuserRoles
a) xuserExists should read:
dtml-in "HDB_check_user(username=username)"
dtml-if "_['sequence-item'].username == username"
dtml-return "_.int('1')"
/dtml-if
/dtml-in
dtml-return "_.int('0')"
b) xuserAuthenticate should read:
dtml-in "HDB_check_password(username=username,password=password)"
dtml-if "_['sequence-item'].username == username"
dtml-return "_.int('1')"
/dtml-if
/dtml-in
dtml-return "_.int('0')"
c) xuserRoles should read
dtml-call "REQUEST.set('ret', '')"
dtml-in "HDB_get_roles(username=username)"
dtml-call "REQUEST.set('ret', ret+' '+groupname)"
/dtml-in
dtml-return ret
6) Give the "Manager" proxy role to the DTML methods, so they can access the
SQL methods you just created
7) Turn off acquisition of the permissions on the test folder, and be sure
to add read permissions to any local roles you're using
8) Make a copy of the test folder now, before it all goes wrong...
9) Batch rename the DTML method (e.g. s/x(.*)/$1/g in perl-speak) - if
you're lucky, it will work.
I have to say, I'm not hugely impressed...
Regards,
Phil
+--+
| Phil Mayers, Network Support |
| Centre for Computing Services|
| Imperial College |
+--+
-Original Message-
From: Mayers, Philip J [mailto:[EMAIL PROTECTED]]
Sent: 11 December 2000 20:34
To: '[EMAIL PROTECTED]'
Subject: RE: [Zope] LoginManager broken?
Thanks, I'll take a look.
Re: LoginManager - After a fast turnaround (confirming my ample faith in
Open Source software) Magnus Heino pointed me in the right direction - the
dtml methods and SQL objects need to be inside the UserSource folder, *not*
the LoginManager folder as the Howto implies (or maybe I just can't
read...). Can someone confirm that the SQL methods need to be inside the
UserSource folder? (which is mildly annoying, but there we go...)
I'm still having some problems getting multiple roles working, but it's
behaving itself for now. Now all I have to do is solve my LIMIT problem...
Regards,
Phil
+--+
| Phil Mayers, Network Support |
| Centre for Computing Services|
| Imperial College |
+--+
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 11 December 2000 20:18
To: Mayers, Philip J
Cc: '[EMAIL PROTECTED]'
Subject: Re: [Zope] LoginManager broken?
You might look at http://www.zope.org/Members/dlpierson/sqlLogin for a
different approach that works for me in early testing. Note that it
needs additional work before being turned loose on a live site.
Dan Pierson
"Mayers, Philip J" [EMAIL PROTECTED] writes:
Does it even *work*? Even a little bit? Because other than repeating the
same process 12 damn times, so far I'm not convinced. Maybe I'll look in
the
source code to see if there's actually anything in the files (other than a
HOWTO.txt, which is empty, which BTW is more annoying than there not being
one).
The "LoginManager with SQL database" on the Zope site seems to end up with
me having a folder I can't access through the management interface (unless
you count "management" as "this is the index_html" document) Wow, thanks!
Now I have to delete it and start all over again...
In all seriousness - there *must* be one person who has gotten an
SQL-backed
LoginManger wo
Re: [Zope] LoginManager broken?
"Phil Harris" [EMAIL PROTECTED] writes: Phil, Something that bit me when using the howto you referenced. When creating the methods, as soon as the authenticate method is created the LoginManager starts using it, but since the other methods don't yet exist it starts generating errors with the result that you are locked out of the LoginManager and any folders secured by it. Yeah, that bit me too. I think that the alternate approach in my writeup below avoids it by not telling the UserSource anything until everything else is set up. The main problem with it is that it doesn't currently take advantage of the cacheing features in BasicUserSource. I think that I need a trivial Python subclass of LoginUser that supports cache management, but I need to understand the lifetimes of virtual ZClasses in Racks a bit better first... My solution was to create all the methods needed but with bogus names, such as by sticking an x as the first character of each. This way you can test each in isolation and when satisfied that they are correct, rename them all in one fell swoop. Cute. I'll remember this trick. Ipso facto, presto magico you have a working LoginManager. I've tried this procedure on 2.2.x with various versions of LoginManager/ZPatterns and it's worked every time. The latest Zope I've used it with is 2.2.4. hth Phil [EMAIL PROTECTED] - Original Message - From: "Mayers, Philip J" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 11, 2000 8:34 PM Subject: RE: [Zope] LoginManager broken? Thanks, I'll take a look. Re: LoginManager - After a fast turnaround (confirming my ample faith in Open Source software) Magnus Heino pointed me in the right direction - the dtml methods and SQL objects need to be inside the UserSource folder, *not* the LoginManager folder as the Howto implies (or maybe I just can't read...). Can someone confirm that the SQL methods need to be inside the UserSource folder? (which is mildly annoying, but there we go...) I'm still having some problems getting multiple roles working, but it's behaving itself for now. Now all I have to do is solve my LIMIT problem... Regards, Phil +--+ | Phil Mayers, Network Support | | Centre for Computing Services| | Imperial College | +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 11 December 2000 20:18 To: Mayers, Philip J Cc: '[EMAIL PROTECTED]' Subject: Re: [Zope] LoginManager broken? You might look at http://www.zope.org/Members/dlpierson/sqlLogin for a different approach that works for me in early testing. Note that it needs additional work before being turned loose on a live site. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager broken?
You might look at http://www.zope.org/Members/dlpierson/sqlLogin for a different approach that works for me in early testing. Note that it needs additional work before being turned loose on a live site. Dan Pierson "Mayers, Philip J" [EMAIL PROTECTED] writes: Does it even *work*? Even a little bit? Because other than repeating the same process 12 damn times, so far I'm not convinced. Maybe I'll look in the source code to see if there's actually anything in the files (other than a HOWTO.txt, which is empty, which BTW is more annoying than there not being one). The "LoginManager with SQL database" on the Zope site seems to end up with me having a folder I can't access through the management interface (unless you count "management" as "this is the index_html" document) Wow, thanks! Now I have to delete it and start all over again... In all seriousness - there *must* be one person who has gotten an SQL-backed LoginManger working with 2.2.4 - surely? Thanks for all the great work (little bugs aside...) - Zope is a wonderful product! Now if only it could serve XML as well as Cocoon... Regards, Phil +--+ | Phil Mayers, Network Support | | Centre for Computing Services| | Imperial College | +--+ ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager broken?
Does it even *work*? Even a little bit? Because other than repeating the same process 12 damn times, so far I'm not convinced. Maybe I'll look in the source code to see if there's actually anything in the files (other than a HOWTO.txt, which is empty, which BTW is more annoying than there not being one). The "LoginManager with SQL database" on the Zope site seems to end up with me having a folder I can't access through the management interface (unless you count "management" as "this is the index_html" document) Wow, thanks! Now I have to delete it and start all over again... In all seriousness - there *must* be one person who has gotten an SQL-backed LoginManger working with 2.2.4 - surely? Well, not 2.2.4 but 2.2.3, and I had some bugs when trying it on a copy of a production server. I couldn't get the "old" installation to work in a different directory, although I thought I changed every path in start etc.. I also deleted all pyc files and reran wo_pcgi.py. One symtom was that loginmanager didn't acquire users from a level above. Later on it wouldn't want to to the sql-query, nothing showed up in I postgres' debugging output. Btw. can anybody tell me if and how it's possible to relocate an installed Zope? Back to your question, loginmanager now works fine for me now, and it did so flawlessly on a fresh installed zope. Did you eventually try to use the loginmanager-with-SQL-howto in the toplevel folder? IIRC, this will lock you out permanently. Did you reuse a user name (just a guess that this might cause problems)? Try to find out whether and which sql-queries are issued by LoginManager, I guess other dbs than postgres will also allow to find that out. Oh, and if you try LM in a subfolder, have a look at the undo tab if things go wrong ;-), you might at first use some fake methods at first which always return 1, manager etc. and change them step by step (and say goodbye to security). cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] LoginManager broken?
Thanks, I'll take a look. Re: LoginManager - After a fast turnaround (confirming my ample faith in Open Source software) Magnus Heino pointed me in the right direction - the dtml methods and SQL objects need to be inside the UserSource folder, *not* the LoginManager folder as the Howto implies (or maybe I just can't read...). Can someone confirm that the SQL methods need to be inside the UserSource folder? (which is mildly annoying, but there we go...) I'm still having some problems getting multiple roles working, but it's behaving itself for now. Now all I have to do is solve my LIMIT problem... Regards, Phil +--+ | Phil Mayers, Network Support | | Centre for Computing Services| | Imperial College | +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 11 December 2000 20:18 To: Mayers, Philip J Cc: '[EMAIL PROTECTED]' Subject: Re: [Zope] LoginManager broken? You might look at http://www.zope.org/Members/dlpierson/sqlLogin for a different approach that works for me in early testing. Note that it needs additional work before being turned loose on a live site. Dan Pierson "Mayers, Philip J" [EMAIL PROTECTED] writes: Does it even *work*? Even a little bit? Because other than repeating the same process 12 damn times, so far I'm not convinced. Maybe I'll look in the source code to see if there's actually anything in the files (other than a HOWTO.txt, which is empty, which BTW is more annoying than there not being one). The "LoginManager with SQL database" on the Zope site seems to end up with me having a folder I can't access through the management interface (unless you count "management" as "this is the index_html" document) Wow, thanks! Now I have to delete it and start all over again... In all seriousness - there *must* be one person who has gotten an SQL-backed LoginManger working with 2.2.4 - surely? Thanks for all the great work (little bugs aside...) - Zope is a wonderful product! Now if only it could serve XML as well as Cocoon... Regards, Phil +--+ | Phil Mayers, Network Support | | Centre for Computing Services| | Imperial College | +--+ ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager broken?
Well, not 2.2.4 but 2.2.3, and I had some bugs when ehm replace 2.2.3 with 2.2.2 ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager broken?
"Mayers, Philip J" [EMAIL PROTECTED] writes: Thanks, I'll take a look. Re: LoginManager - After a fast turnaround (confirming my ample faith in Open Source software) Magnus Heino pointed me in the right direction - the dtml methods and SQL objects need to be inside the UserSource folder, *not* the LoginManager folder as the Howto implies (or maybe I just can't read...). Can someone confirm that the SQL methods need to be inside the UserSource folder? (which is mildly annoying, but there we go...) This isn't required in my experience. The UserSource will find them via acquisition if the permissions are OK. I tend to keep them in a level above the acl_users (i.e. the LoginManager) in question while debugging just in case I wind up turning off permissions to that folder accidentally. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LoginManager broken?
"Mayers, Philip J" wrote: Thanks, I'll take a look. Re: LoginManager - After a fast turnaround (confirming my ample faith in Open Source software) Magnus Heino pointed me in the right direction - the dtml methods and SQL objects need to be inside the UserSource folder, *not* the LoginManager folder as the Howto implies (or maybe I just can't read...). Can someone confirm that the SQL methods need to be inside the UserSource folder? (which is mildly annoying, but there we go...) I'm still having some problems getting multiple roles working, but it's behaving itself for now. Now all I have to do is solve my LIMIT problem... If you're having dificulties getting LoginManager to work with the local roles management interface, maybe this solution (which I only tested using LoginManger+Membership) will help: http://lists.zope.org/pipermail/zope-dev/2000-September/006953.html I ahve no idea how this would work with SQL users, but hopefully it'll give you a clue. HTH, Michael Bernstein. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
