Re: [Zope] change password through script messes up session
credentialsChanged did the trick! thanks so much... and you're right, it was quite obvious (especially now that I see it!) Thanks again, - Teebes On Mon, Oct 6, 2008 at 1:39 PM, Sascha Welter <[EMAIL PROTECTED]> wrote: > (Sun, Oct 05, 2008 at 09:48:20PM -0400) Thibaud Morel l'Horset > wrote/schrieb/egrapse: > > I'm trying to write a piece of code that just changes the password of a > > user as they are logged in. This is in a Script(Python). I'm using PAS > and > > CookieCrumbler and the code is as follows: > > > container.acl_users.users.manage_updateUserPassword(user['id'],password,password) > > > > This does work and change the password, however what happens then is > > anytime I try to access a resource that I could view prior to changing > the > > password, I get a basic pop-up auth login prompt (even though I'm using > > CookieCrumbler), and entering the new creds doesn't work. If I logout > > through the login/logout link and log back in with the web form, > everything > > is fine (and the new creds do work then). > > AFAIK this case is documented in the CC docs, also it's quite obvious > from the CookieCrumbler API: You need to call its credentialsChanged > method. > > Regards, > > Sascha > > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
Laurence Rowe wrote at 2008-10-6 09:52 -0400: >IIRC CookieCrumbler just stores the username:password on the __ac >cookie. You probably need to force it to set another cookie when you >change the password, or move to a different implementation like >plone.session that uses signed cookies and avoids the requirement to >store the password on a cookie. PAS has a standard method to indicate that credentials have been changed ("updateCredentials" or something like this). If it is used (and the plugins set up correctly), then the "Unauthorized" should not happen -- provided the password change is at an appropriate place (the "updateCredentials" assumes to be called in the normal request -- not somewhere during traversal). -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
(Sun, Oct 05, 2008 at 09:48:20PM -0400) Thibaud Morel l'Horset wrote/schrieb/egrapse: > I'm trying to write a piece of code that just changes the password of a > user as they are logged in. This is in a Script(Python). I'm using PAS and > CookieCrumbler and the code is as follows: > container.acl_users.users.manage_updateUserPassword(user['id'],password,password) > > This does work and change the password, however what happens then is > anytime I try to access a resource that I could view prior to changing the > password, I get a basic pop-up auth login prompt (even though I'm using > CookieCrumbler), and entering the new creds doesn't work. If I logout > through the login/logout link and log back in with the web form, everything > is fine (and the new creds do work then). AFAIK this case is documented in the CC docs, also it's quite obvious from the CookieCrumbler API: You need to call its credentialsChanged method. Regards, Sascha ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
Hi, what I do: req=context.REQUEST context.acl_users.manage_users('Change', {'name':req['name'], 'password':req['pswd'], 'confirm':req['cpswd'], 'roles': req ['roles'], 'domains':''}) On Oct 6, 2008, at 3:48 AM, Thibaud Morel l'Horset wrote: > Hello all, > > I'm trying to write a piece of code that just changes the > password of a user as they are logged in. This is in a Script > (Python). I'm using PAS and CookieCrumbler and the code is as follows: > container.acl_users.users.manage_updateUserPassword(user > ['id'],password,password) > > This does work and change the password, however what happens then > is anytime I try to access a resource that I could view prior to > changing the password, I get a basic pop-up auth login prompt (even > though I'm using CookieCrumbler), and entering the new creds > doesn't work. If I logout through the login/logout link and log > back in with the web form, everything is fine (and the new creds do > work then). > > Here is the error that's thrown in the logs: > Traceback (innermost last): > Module ZPublisher.Publish, line 106, in publish > Module ZPublisher.BaseRequest, line 468, in traverse > Module ZPublisher.HTTPResponse, line 687, in unauthorized > > > Unauthorized: You are not authorized to access this > resource. > > So basically, I can't access any protected object until I log out > and log back in. > > Anyone have any insight here? I've been trying to read the Plone > source code to figure out how they do it but I can't get their code > to work... I've been searching around for an answer to this all > weekend but can't find anything :( > > Thanks for the help, > > - Teebes > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
IIRC CookieCrumbler just stores the username:password on the __ac cookie. You probably need to force it to set another cookie when you change the password, or move to a different implementation like plone.session that uses signed cookies and avoids the requirement to store the password on a cookie. Laurence Thibaud Morel l'Horset wrote: > Hello all, > > I'm trying to write a piece of code that just changes the password of > a user as they are logged in. This is in a Script(Python). I'm using PAS > and CookieCrumbler and the code is as follows: > container.acl_users.users.manage_updateUserPassword(user['id'],password,password) > > This does work and change the password, however what happens then is > anytime I try to access a resource that I could view prior to changing > the password, I get a basic pop-up auth login prompt (even though I'm > using CookieCrumbler), and entering the new creds doesn't work. If I > logout through the login/logout link and log back in with the web form, > everything is fine (and the new creds do work then). > > Here is the error that's thrown in the logs: > > Traceback (innermost last): > Module ZPublisher.Publish, line 106, in publish > Module ZPublisher.BaseRequest, line 468, in traverse > Module ZPublisher.HTTPResponse, line 687, in unauthorized > > > Unauthorized: You are not authorized to access this resource. > > > So basically, I can't access any protected object until I log out and > log back in. > > Anyone have any insight here? I've been trying to read the Plone > source code to figure out how they do it but I can't get their code to > work... I've been searching around for an answer to this all weekend but > can't find anything :( > > Thanks for the help, > > - Teebes > > > > > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] change password through script messes up session
Hello all, I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script(Python). I'm using PAS and CookieCrumbler and the code is as follows: container.acl_users.users.manage_updateUserPassword(user['id'],password,password) This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing the password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then). Here is the error that's thrown in the logs: Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 468, in traverse Module ZPublisher.HTTPResponse, line 687, in unauthorized Unauthorized: You are not authorized to access this resource. So basically, I can't access any protected object until I log out and log back in. Anyone have any insight here? I've been trying to read the Plone source code to figure out how they do it but I can't get their code to work... I've been searching around for an answer to this all weekend but can't find anything :( Thanks for the help, - Teebes ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )