[MKDoc-dev] Using cookie/ticket authentication rather than Basic Auth

Chris Croome chris at webarchitects.co.uk
Tue Sep 28 16:39:37 BST 2004 

Hi

On Wed 29-Sep-2004 at 01:01:15AM +1000, Charlie Garrison wrote:
> 
> >> >If there is a variable that we can access in the templates
> >> >based on which authentication method is being used they we can
> >> >serve a login form via the login template fragment when it's
> >> >needed for cookie authentication. 
> >> 
> >>I think that would be easy enough. Maybe the
> >>Handler::Authenticate*Tkt modules could set a variable
> >>($::AUTH_METHOD). The method called from templates would return
> >>a value based on that variable (or a default value).
> >
> >That sounds good to me.
> 
> And that's how I've got it working. 

Great!

> It has uncovered another issue I hadn't thought about. There are
> other templates/plugins that are hard-coded to use Plugin::Login
> (and indirectly .login.html). So all the other templates/plugins
> would need to be updated to also check which AUTH_METHOD is being
> used and act accordingly. 

That sounds OK to me.

> Or, the Auth::Handler::Authenticate and Auth::Plugin::Login
> modules should delegate to to other modules. I was thinking along
> the lines of the AnyDB module which uses the appropriate Berkely
> DB implementation.

Um, you have lost me here... but I'm happy with it being done the
way you think is best :-) 

> I would need help with the logic/theory to create delegation for
> the Auth modules. So suggestions would be appreciated.

Sorry I'll have to pass on this, my Perl isnt up to it...

> On a related note, the translation strings for the sign-up and
> login instructions need to be slightly different for the ticket
> based authentication. Should I create new entries in the locale
> file? Where should I look for instructions on working with locale
> files? I have not used them before.

This is for 1.8 right? If so it's a matter of using the i18n
attributes and then the i18nFool tools to generate the various
files, for some info on this:

  http://search.cpan.org/author/JHIVER/Petal-2.14/lib/Petal/I18N.pm

  http://search.cpan.org/~jhiver/I18NFool-0.2/lib/I18NFool.pm

If you have any questions about this stuff just shout!

> Safari, OmniWeb and Mozilla. Mozilla's behaviour was erratic so I
> can't give any useful comments. My use with Safari was very
> short-lived, but (from memory) was very similar to OmniWeb (not
> surprising since they both use the WebKit api). OmniWeb will
> successfully prompt for new authentication details, and will load
> the next page correctly. But subsequent requests will revert back
> to previous authentication details. 

Hmm, I'll see if I can do some testing with these browsers when I
have a chance, I haven't had any problems with mozilla. One thing
that maks life easier is installing the webdevelopers toolbar since
this gives you a clear http authentication option and saves shutting
the browser all the time...

  http://www.chrispederick.com/work/firefox/webdeveloper/

> PS. If I didn't make it clear above; I've got the ticket based
> authentication working with MKDoc the way I wanted. I need to
> clean up some of the code though before I submit the files.

Looking forwards to the files :-)

Chris

-- 
Chris Croome                               <chris at webarchitects.co.uk>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/

More information about the MKDoc-dev mailing list