Niklas Andersson
2011-01-06 13:24:00 UTC
Hello,
Apologies if I send this to the wrong list. Please advise a better
list if this is the case.
I have a problem with making z3c.password register failed attempts
with an InternalPrincipal and PrincipalFolder within a PAU.
I have set up the PAU like this
pau.credentialsPlugins = ( "No Challenge if Authenticated", "Session
Credentials", "Zope Realm Basic-Auth" )
This works fine for users logging in through a browser. The
InternalPrincipals registers failedAttempts as expected. The PAU also
authenticates XMLRPC requests correctly and worked fine until I tried
to integrate z3c.password features.
However, it does not seem to persist changes to failedAttempts through XMLRPC..
Through simple testing (with an XMLRPC-client running outside of the
test framework) I see that the z3c.password principal mix-in is
executing the self.failedAttempts += 1 just as when authenticating a
normal logging in through a browser, but the change does not stick?
Am I trying to do something there is not support for, or have I set
something up in a wrong way?
I am pretty knew to the internals and mechanisms of the publisher and
how XMLRPC requests differ from normal HTTP ones..
Any ideas?
/Niklas
Apologies if I send this to the wrong list. Please advise a better
list if this is the case.
I have a problem with making z3c.password register failed attempts
with an InternalPrincipal and PrincipalFolder within a PAU.
I have set up the PAU like this
pau.credentialsPlugins = ( "No Challenge if Authenticated", "Session
Credentials", "Zope Realm Basic-Auth" )
This works fine for users logging in through a browser. The
InternalPrincipals registers failedAttempts as expected. The PAU also
authenticates XMLRPC requests correctly and worked fine until I tried
to integrate z3c.password features.
However, it does not seem to persist changes to failedAttempts through XMLRPC..
Through simple testing (with an XMLRPC-client running outside of the
test framework) I see that the z3c.password principal mix-in is
executing the self.failedAttempts += 1 just as when authenticating a
normal logging in through a browser, but the change does not stick?
Am I trying to do something there is not support for, or have I set
something up in a wrong way?
I am pretty knew to the internals and mechanisms of the publisher and
how XMLRPC requests differ from normal HTTP ones..
Any ideas?
/Niklas