On Wed, Aug 10, 2005 at 11:59:34AM -0400, Tres Seaver wrote: | Sidnei da Silva wrote: | > On Sun, Aug 07, 2005 at 03:49:36PM -0700, Kapil Thangavelu wrote: | > | make the cookie auth plugin push form credentials into the the request | > | as basic auth headers ala cookie crumbler. | > | > I've tried that but have not succeeded for some reason. | > | > OTOH, replacing the root User Folder by a PAS equivalent (using | > PluggableAuthService/Extensions/upgrade.py + adding cookie extraction | > plugin) *does* do the trick. | > | > Anyone can think of a good reason not to do this and try harder at the | > cookie crumbler approach? | | Nope. If you are going to drink the PAS koolaid, you might as well go | all the way. ;)
Yes, I'm ok with that. However I *do* think there's a problem in there. Here's a description of the issue: - User exists at (unknown) user folder on / - PAS user folder at /foo - Client visits /foo/auth_required_page - PAS user folder challenges the client - Client sends credentials - PAS user folder successfully extracts credentials - PAS user folder cannot find the user - BaseRequest moves on to next user folder - (unknown) user folder on / cannot extract credentials because it's not a PAS user folder, or because it *IS* a PAS user folder but doesn't have the correct extraction plugin. So my current feeling is that PAS should have a way to pass the extracted credentials on to the next user folder somehow. This way seems to be using request._auth, which is what the Cookie Crumbler does, however the patch I've submitted on a separate email is required for this to work. Thoughts? -- Sidnei da Silva Enfold Systems, LLC. http://enfoldsystems.com _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas