Zope authentication from python scripts

[Mike McGavin]

Hi everyone.

I'm experimenting with Zope but after a few weeks trying on and off, I'm 
still quite confused with how the user authentication works. Sorry if 
this is a straightforward question.

I've been trying to make an experimental website using page templates 
and python scripts where a user can log in by entering a username and 
password via a web form. If possible I'd like to use a standard Zope 
user folder to store the users in, and use Zope as much as possible to 
keep track of who's logged in in what session.

The specific problem I'm having is that I can't figure out how to get 
the code that handles the submitted web form to authenticate and log the 
user in so that Zope recognises an Authenticated User in the session. I 
have discovered that if I call:

  u=container.acl_users.authenticate("myusername","mypassword",request)

from a script, then u will be assigned a User object if the password was 
correct, or None otherwise.

Comments around the source code for the authenticate() method imply that 
it's not meant to be public though, so I'm not sure if it's even correct 
to use it. In any case, it still doesn't seem to get Zope to recognise a 
specific Authenticated User in the session, or do anything besides 
confirm that the password is correct. In particular, running 
request['AUTHENTICATED_USER'] still returns a user object containing an 
Anonymous User, implying that nobody was logged in.


I could kludge my own login system by storing the current user in a 
session variable, but this seems to side-step all of the security that 
Zope has built in. It'll forever be seeing the user as anonymous even if 
my session variable knows who it is.


I'd appreciate any help on this or a pointer to a good reference. I 
haven't been able to figure much out from the online documentation or 
reading the source code.

Thanks.
Mike.