Re: [Zope] Lost user credentials

[Garito]

Sorry the gmail response send only to the original poster not to the list
(sorry Andreas)
The original post:

The question then (sorry):
I have a product called Yanged
This product has overrided:
__bobo_traverse__ who returns some objects and sometime a wrapper object
with the HTML code to the browser
__call__ who returns the HTML code to __bobo_traverse__ or if you call the
object itself
index_html who returns __call__
A TALES evaluator to evaluate some TALES expresion out of page templates

All works ok except when I try to delete some objects. When I try to launch
the delete method I raises an authorized error and ask for new login and
password

I try with my user who is manager and owner but logon doesn't work and
raises the same error

If I look the error log I could see this error:

Traceback (innermost last):
 Module ZPublisher.Publish
, line 106, in publish
 Module ZPublisher.BaseRequest, line 323, in traverse
 Module Products.Yanged.Yanged, line 61, in __bobo_traverse__
 Module Products.Yanged.Yanged, line 141, in __call__
 Module Products.Yanged.Yanged
, line 170, in Ejecutar
 Module Products.Yanged.Yanged, line 125, in __call__
 Module Products.Yanged.Yanged, line 170, in Ejecutar
 Module Shared.DC.Scripts.Bindings, line 311, in __call__
 Module Shared.DC.Scripts.Bindings
, line 348, in _bindAndExec
 Module Products.PythonScripts.PythonScript, line 325, in _exec
 Module None, line 2, in BorrarFuncionalidad
  - <PythonScript at
/sistes.net/clientes/escobarsl.com/Comandos/BorrarFuncionalidad used
for /sistes.net/clientes/escobarsl.com/Pagina/Borrar/BorrarCaso>

  - Line 2
 Module AccessControl.ImplPython, line 729, in guarded_getattr
 Module AccessControl.ImplPython, line 671, in aq_validate
 Module AccessControl.ImplPython, line 565, in validate
 Module AccessControl.ImplPython
, line 463, in validate
 Module AccessControl.ImplPython, line 810, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'manage_delObjects' of (Yanged at
/sistes.net/clientes/escobarsl.com/Pagina/Funcionalidades) denied.
Your user account, Anonymous User, exists at (unknown). Access
requires one of the following roles: ['Manager']. Your roles in this
context are ['Anonymous'].

If I try to delete the object the error is raised but if immediately I try
to create another object works ok

This are the code about BorrarFuncionalidad (the code who raises the error)
and CrearFuncionalidad (the code that works ok). Both are Python Scripts:

BorrarFuncinalidad
carpeta = getattr(context.Singular(), 'Funcionalidades')
carpeta.manage_delObjects(args['path'])
return args

CrearFuncionalidad
carpeta = getattr(context.Singular (), 'Funcionalidades')
Id = context.Dame(context.Id)

args['caso'] = carpeta.manage_addProduct['Yanged'].CrearYanged(Id)
return args

Both scripts are launched in the same way (the Ejecutar method you could see
at the traceback above)

I try to track the user from the __bobo_traverse__ to the __call__ and seems
the user credentials are lost when I call CrearFuncionalidad (in the whole
call)

Can you point me some clues to solve this problem?

Thanks!

2007/3/12, Dennis Allison <[EMAIL PROTECTED]>:

I did not catch the original post and so don't know any of the details,
but it sounds like a problem with the logging system, not a loss of
credentials.  We had long ago and resolved with the list's help.  This
patch is still in use with Zope 2.9.X.

You need to patch ../lib/python/ZServer/medusa/http_server.py

--- ./v0.0/http_server.py       2004-12-25 22:39:31.000000000 -0800
+++ ./v0.1/http_server.py       2004-12-25 22:39:31.000000000 -0800
@@ -36,6 +36,9 @@
from counter import counter
from urllib import unquote

+# Paul's Patch (a shameful thing) to make names register properly
+from ZPublisher.HTTPRequest import parse_cookie
+
#

===========================================================================
#                                                      Request Object
#

===========================================================================
@@ -277,6 +280,7 @@

         auth=self.get_header('Authorization')
         name='Anonymous'
+
         if auth is not None:
             if string.lower(auth[:6]) == 'basic ':
                 try: decoded=base64.decodestring(auth[6:])
@@ -286,10 +290,35 @@
                     name = 'Unknown (bad auth string)'
                 else:
                     name = t[0]
+        else:
+        # start of patch
+            try:
+                auth_cookie_name='__ac'
+                cookie= None
+                try:
+                    cookies = {}
+                    header_value = self.get_header("Cookie")
+                    if header_value:
+                        parse_cookie(header_value, cookies)
+                        cookie = cookies.get(auth_cookie_name, None)
+                except:
+                    name = 'Anonymous'
+
+                if cookie is not None:
+                    cookie = unquote(cookie)
+                    try:
+                        cookie = base64.decodestring(cookie)
+                        name, password = tuple( cookie.split(':',1))
+                    except: name= "Unknown (bad auth cookie)"
+            except:
+                name = "Failure!"
+        # end of patch

+       # log the host domain too
         self.channel.server.logger.log (
             self.channel.addr[0],
-            '- %s [%s] "%s" %d %d "%s" "%s"\n' % (
+            '%s %s [%s] "%s" %d %d "%s" "%s"\n' % (
+               self.get_header('Host'),
                 name,
                 self.log_date_string (time.time()),
                 self.request,

Hope this helps.



On Mon, 12 Mar 2007, Garito wrote:

> Could any charitable soul take pity on this poor sinner, please...?
>
> 2007/3/12, Garito <[EMAIL PROTECTED]>:
> >
> > Hi Andreas!
> > What kind of information do you need?
> > On my last messages to the list I send the tracebacks and some other
> > information (need to resend them?)
> >
> > Could you point me what details do you need?
> >
> > Thank you so much for you interest!
> >
> > 2007/3/12, Andreas Jung <[EMAIL PROTECTED]>:
> > >
> > >
> > >
> > > --On 12. März 2007 04:04:31 +0100 Garito <[EMAIL PROTECTED]> wrote:
> > >
> > > > Hi all!
> > > > Some days ago I send to the list a question about a problem
losting
> > > user
> > > > credentials
> > > >
> > > > In my code I don't use nothing about security and nothing is
changed
> > > on
> > > > zmi's security tab
> > > >
> > > > But when I launch a method (Borrar if you remember) the user who
> > > launches
> > > > the action is anonymous not the logged one
> > >
> > > Somewhat hard to believe without a detailed description....
> > >
> > > -aj
> > >
> >
> >
> >
> > --
> > Mis Cosas: http://blogs.sistes.net/Garito
> >
>
>
>
>

--

--
Mis Cosas: http://blogs.sistes.net/Garito

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )