Am 22.06.2006 um 15:39 schrieb Tres Seaver:

The sequence which creates a user object is defined in the PAS.validate


Very good documentation snipped

I followed this path and found the culprit.

The cookie_auth_helper extends the credentials with the remote_addr only if it found something before.

# Look in the request for the names coming from the login form
            login = request.get('__ac_name', '')
            password = request.get('__ac_password', '')

            if login:
                creds['login'] = login
                creds['password'] = password

        if creds or 1: # or 1 added by jhauser
            creds['remote_host'] = request.get('REMOTE_HOST', '')

                creds['remote_address'] = request.getClientAddr()
            except AttributeError:
creds['remote_address'] = request.get('REMOTE_ADDR', '')

        return creds

So actually the question is, if the test for credentials is needed at all at this place.

I will further look into this, but thanks to Tres and ZAC to lead me to this place.

With regards,


Janko Hauser  email:  [EMAIL PROTECTED]
              mobile: +49 1721 641552

Attachment: PGP.sig
Description: Signierter Teil der Nachricht

Zope-PAS mailing list

Reply via email to