Michael Bernstein wrote:
> I figured out how to get this to work (finally).
> In the acl_users LM, add the following two Python methods:
Well, I discovered another problem:
For some reason, when I create a PortalMembership member, add the two
Python methods as I described earlier, and use the local roles screen to
give them a role, they are subsequently authenticated regardless of
whether their password is correct.
Here's an example illustrating the bug:
- Create a new folder /hello
- Add a PortalMembership System
- Add the user_names and getUsernames Python Methods
- Use the joinForm to add a new member 'testuser'
- Create a subfolder /hello/hello2
- Go to the hello2 local roles screen, and add a manager local
role for testuser
- Exit your browser, and restart it.
- Go to /hello/hello2/manage
- You are presented with the PortalMembership loginForm
- login as testuser, but leave the password field blank
- You will be authenticated anyway, and see the management
Note that logging in using a non-existent username does not work, the
only problem seems to be that it ignores the password.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -