Re: [Zope] change password through script messes up session
credentialsChanged did the trick! thanks so much... and you're right, it was quite obvious (especially now that I see it!) Thanks again, - Teebes On Mon, Oct 6, 2008 at 1:39 PM, Sascha Welter <[EMAIL PROTECTED]> wrote: > (Sun, Oct 05, 2008 at 09:48:20PM -0400) Thibaud Morel l'Horset > wrote/schrieb/egrapse: > > I'm trying to write a piece of code that just changes the password of a > > user as they are logged in. This is in a Script(Python). I'm using PAS > and > > CookieCrumbler and the code is as follows: > > > container.acl_users.users.manage_updateUserPassword(user['id'],password,password) > > > > This does work and change the password, however what happens then is > > anytime I try to access a resource that I could view prior to changing > the > > password, I get a basic pop-up auth login prompt (even though I'm using > > CookieCrumbler), and entering the new creds doesn't work. If I logout > > through the login/logout link and log back in with the web form, > everything > > is fine (and the new creds do work then). > > AFAIK this case is documented in the CC docs, also it's quite obvious > from the CookieCrumbler API: You need to call its credentialsChanged > method. > > Regards, > > Sascha > > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
Laurence Rowe wrote at 2008-10-6 09:52 -0400:
>IIRC CookieCrumbler just stores the username:password on the __ac
>cookie. You probably need to force it to set another cookie when you
>change the password, or move to a different implementation like
>plone.session that uses signed cookies and avoids the requirement to
>store the password on a cookie.
PAS has a standard method to indicate that credentials have been changed
("updateCredentials" or something like this).
If it is used (and the plugins set up correctly), then the
"Unauthorized" should not happen -- provided the password change
is at an appropriate place (the "updateCredentials" assumes to
be called in the normal request -- not somewhere during traversal).
--
Dieter
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
(Sun, Oct 05, 2008 at 09:48:20PM -0400) Thibaud Morel l'Horset wrote/schrieb/egrapse: > I'm trying to write a piece of code that just changes the password of a > user as they are logged in. This is in a Script(Python). I'm using PAS and > CookieCrumbler and the code is as follows: > container.acl_users.users.manage_updateUserPassword(user['id'],password,password) > > This does work and change the password, however what happens then is > anytime I try to access a resource that I could view prior to changing the > password, I get a basic pop-up auth login prompt (even though I'm using > CookieCrumbler), and entering the new creds doesn't work. If I logout > through the login/logout link and log back in with the web form, everything > is fine (and the new creds do work then). AFAIK this case is documented in the CC docs, also it's quite obvious from the CookieCrumbler API: You need to call its credentialsChanged method. Regards, Sascha ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
Hi,
what I do:
req=context.REQUEST
context.acl_users.manage_users('Change', {'name':req['name'],
'password':req['pswd'], 'confirm':req['cpswd'], 'roles': req
['roles'], 'domains':''})
On Oct 6, 2008, at 3:48 AM, Thibaud Morel l'Horset wrote:
> Hello all,
>
> I'm trying to write a piece of code that just changes the
> password of a user as they are logged in. This is in a Script
> (Python). I'm using PAS and CookieCrumbler and the code is as follows:
> container.acl_users.users.manage_updateUserPassword(user
> ['id'],password,password)
>
> This does work and change the password, however what happens then
> is anytime I try to access a resource that I could view prior to
> changing the password, I get a basic pop-up auth login prompt (even
> though I'm using CookieCrumbler), and entering the new creds
> doesn't work. If I logout through the login/logout link and log
> back in with the web form, everything is fine (and the new creds do
> work then).
>
> Here is the error that's thrown in the logs:
> Traceback (innermost last):
> Module ZPublisher.Publish, line 106, in publish
> Module ZPublisher.BaseRequest, line 468, in traverse
> Module ZPublisher.HTTPResponse, line 687, in unauthorized
>
>
> Unauthorized: You are not authorized to access this
> resource.
>
> So basically, I can't access any protected object until I log out
> and log back in.
>
> Anyone have any insight here? I've been trying to read the Plone
> source code to figure out how they do it but I can't get their code
> to work... I've been searching around for an answer to this all
> weekend but can't find anything :(
>
> Thanks for the help,
>
> - Teebes
> ___
> Zope maillist - Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change password through script messes up session
IIRC CookieCrumbler just stores the username:password on the __ac cookie. You probably need to force it to set another cookie when you change the password, or move to a different implementation like plone.session that uses signed cookies and avoids the requirement to store the password on a cookie. Laurence Thibaud Morel l'Horset wrote: > Hello all, > > I'm trying to write a piece of code that just changes the password of > a user as they are logged in. This is in a Script(Python). I'm using PAS > and CookieCrumbler and the code is as follows: > container.acl_users.users.manage_updateUserPassword(user['id'],password,password) > > This does work and change the password, however what happens then is > anytime I try to access a resource that I could view prior to changing > the password, I get a basic pop-up auth login prompt (even though I'm > using CookieCrumbler), and entering the new creds doesn't work. If I > logout through the login/logout link and log back in with the web form, > everything is fine (and the new creds do work then). > > Here is the error that's thrown in the logs: > > Traceback (innermost last): > Module ZPublisher.Publish, line 106, in publish > Module ZPublisher.BaseRequest, line 468, in traverse > Module ZPublisher.HTTPResponse, line 687, in unauthorized > > > Unauthorized: You are not authorized to access this resource. > > > So basically, I can't access any protected object until I log out and > log back in. > > Anyone have any insight here? I've been trying to read the Plone > source code to figure out how they do it but I can't get their code to > work... I've been searching around for an answer to this all weekend but > can't find anything :( > > Thanks for the help, > > - Teebes > > > > > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] change password through script messes up session
Hello all, I'm trying to write a piece of code that just changes the password of a user as they are logged in. This is in a Script(Python). I'm using PAS and CookieCrumbler and the code is as follows: container.acl_users.users.manage_updateUserPassword(user['id'],password,password) This does work and change the password, however what happens then is anytime I try to access a resource that I could view prior to changing the password, I get a basic pop-up auth login prompt (even though I'm using CookieCrumbler), and entering the new creds doesn't work. If I logout through the login/logout link and log back in with the web form, everything is fine (and the new creds do work then). Here is the error that's thrown in the logs: Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 468, in traverse Module ZPublisher.HTTPResponse, line 687, in unauthorized Unauthorized: You are not authorized to access this resource. So basically, I can't access any protected object until I log out and log back in. Anyone have any insight here? I've been trying to read the Plone source code to figure out how they do it but I can't get their code to work... I've been searching around for an answer to this all weekend but can't find anything :( Thanks for the help, - Teebes ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
