Ticket #8304 (confirmed Bug)

Opened 8 years ago

Last modified 4 years ago

zope clock-server and manage_createNewSecret

Reported by: hauki Owned by:
Priority: minor Milestone: 4.x
Component: General Version:
Keywords: Cc: interra

Description

In the ZMI for the PAS-Plugin "session" following it is stated :

It is a good idea to regularly create a new signing secret.
This can be done manually using the above command, 
or automated using Zope's clock server. To do this add a stanza like the following to your zope.conf: 
<clock-server>
  method /lutsch/acl_users/session/manage_createNewSecret
  period 14400
  user admin
  password <admin password>
  host localhost
</clock-server>

However, in lib/python/plone/session/plugins/session.py manage_createNewSecret() is defined as a form, leading to following error-message in log/event.log :

2008-07-22T15:44:15 ERROR Zope.SiteErrorLog http://localhost/lutsch/acl_users/session/manage_createNewSecret
Traceback (innermost last):
  Module ZPublisher.Publish, line 119, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 42, in call_object
  Module <string>, line 4, in _facade
  Module plone.protect.utils, line 32, in _curried
  Module plone.protect.authenticator, line 60, in check
Forbidden: Form authenticator is invalid.
------

Since I guess the clock-server will not be able to handle forms correctly, the only solution I see is to implement a method which is not embedded in a hmtl-form ?

Thanks,

Christof

Change History

comment:1 Changed 8 years ago by limi

  • Keywords clock-server session removed
  • Owner set to wichert
  • Component changed from Permissions to Users/Groups

comment:2 Changed 7 years ago by hauki

ping! Any news on that ? Still fails with :

  • Plone 3.2.1
  • CMF 2.1.2
  • Zope (Zope 2.10.6-final, python 2.4.5, linux2)
  • Python 2.4.5 (#1, Dec 10 2008, 16:08:38) [GCC 4.1.2 20071124 (Red Hat 4.1.2-42)]
  • PIL 1.1.6

Thanks, Christof

comment:3 Changed 7 years ago by hannosch

  • Component changed from Users/Groups to Infrastructure

comment:4 Changed 6 years ago by inakkhunbi

Yes Stil fails

comment:5 Changed 5 years ago by interra

  • Cc interra added

There was duplicate bug #9449.

Some googling revealed recent discussion on the topic:  http://thread.gmane.org/gmane.comp.web.zope.plone.user/105527

comment:6 Changed 4 years ago by kleist

  • Status changed from new to confirmed
  • Version set to 3.3
  • Component changed from Infrastructure to General

Still an issue in Plone 4?

comment:7 Changed 4 years ago by hannosch

  • Version 3.3 deleted
  • Milestone changed from 3.3.x to 4.x

This is most likely still an issue.

Note: See TracTickets for help on using tickets.