Authentication Conundrum

  • Sheppard Norfleet

    I have created an authenticate source that points to an ORACLE database using DCOracle2.  I can access lists of users fine through exUserFolder from the Oracle database.
    That actual authentication problem I am having has to do with the process of authentication.  You see the tool has to a single cookie called "session_hash" created by a common login outside of zope.  The session hash contains the user_id that logged in and the IP address they logged from.  Since I don't want User/Password logins I was hoping to find a way to get zope through the exUserFolder to automatically check for this cookie. 

    I have had partial success by creating a remoteAuthMethod and changing to pass the request object into it so it could read the cookie and return the username to the user, or None if the session hash was not found.  In turn the a not None value was returned to exUserFolder's validate methods.  I have tried both std_validate and cookie_validate and neither seem to work automatically. 

    With std_validate, I would have to actually click on the login link and put dummy data into the fields and submit for the user to be recognized. 

    The cookie_validate, seems to work but the user name does not apear on the bar beneth the top banner as it should, even though member variable 'name' has been changed.

    Any help at all would be appreciated. thanks.

    Warm Regards

    • Sheppard Norfleet

      I found a solution.

      I created a new method in called myauth_validate that uses the hash key as the username in the cache, because its always available via the Request object.  The User Name is set inside the authenticate method as it is returned by the remoteAuthMethod.

      Since some users of exUserFolder may want to have there own validation consider moving
      the validate function to the currentAuthSource as a remoteValidate method as you did with remoteAuth.  Further the User should pass itself and the request object into the remoteAuthMethod so that user of exUserFolder can change the user attributes and access request information.

      Just a thought.


Log in to post a comment.