Errors in setting passwords with collective-folderprotection 2.1 in plone 5.2.1 built with Python 3.6

I am trying to use collective-folderprotection 2.1 to put password protections on certain folders in a plone 5.2.1 site built using Python 3.6. I followed the directions in https://pypi.org/project/collective-folderprotection/ and collective-folderprotection 2.1 appears to install properly. I can activate the option and set a password on a folder. However when I come in as an anonymous user and try to access the protected folder, I get an error screen instead of being prompted for a password.

Note I had tried this in an old test site also using plone 5.2.1 but built using Python 2.7. In that site everything worked properly and the anonymous user was prompted for the password.

I include below a brief description of the two different systems and the relevant parts of the different buildout.cfg from the 2 sites. Can you see where the problem may be occurring in the site built using Python 3.6?

Thanks


test site: (collective-folderprotection 2.1 works)

CentOS release 6.6 (Final)
Python-2.7

buildout


eggs =
    Plone
    Pillow
    Products.PloneHotfix20200121
    collective_folderprotection
...
parts =
    zeoserver
    client1
    client2
    backup
    zopepy
    unifiedinstaller
    precompiler
    setpermissions
...
[zeoserver]
<= zeoserver_base
recipe = plone.recipe.zeoserver
zeo-address = 127.0.0.1:8100

[client1]
<= client_base
recipe = plone.recipe.zope2instance
zeo-address = ${zeoserver:zeo-address}
http-address = 8080

[client2]
<= client_base
recipe = plone.recipe.zope2instance
zeo-address = ${zeoserver:zeo-address}
http-address = 8081
...
buildout.sanitycheck = 1.0.2
collective.recipe.backup = 4.1.0
plone.recipe.unifiedinstaller = 5.2b1
Products.PloneHotfix20200121 = 1.0

Active site: (collective-folderprotection 2.1 does not correctly prompt for password)

CentOS Linux release 7.6.1810 (Core)
Python-3.6

buildout

eggs =
    Plone
    Pillow
    Products.PloneHotfix20200121
    zodbverify
    collective_folderprotection
...
parts =
    zeoserver
    client1
    client2
    backup
    zopepy
    unifiedinstaller
    precompiler
    setpermissions
    zodbupdate

auto-checkout +=
    zodbupdate
...
[zeoserver]
<= zeoserver_base
recipe = plone.recipe.zeoserver
zeo-address = 127.0.0.1:7100

[client1]
<= client_base
recipe = plone.recipe.zope2instance
zeo-address = ${zeoserver:zeo-address}
http-address = 7080

[client2]
<= client_base
recipe = plone.recipe.zope2instance
zeo-address = ${zeoserver:zeo-address}
http-address = 7081

[zodbupdate]
recipe = zc.recipe.egg
eggs =
    zodbupdate
    ${buildout:eggs}
...
buildout.sanitycheck = 1.0.2
collective.recipe.backup = 4.1.0
plone.recipe.unifiedinstaller = 5.2b1
Products.PloneHotfix20200121 = 1.0

Looking at the log file from one incident, it appears as if it's skipping asking for a password and going right to the error state if a wrong password was received:

2020-07-13 23:48:34,164 ERROR [Zope.SiteErrorLog:251][waitress] 1594698514.16349650.5974742846426992 http://mseas.mit.edu:7080/MURI_ML_SCOPE/news/ocean-tuturials/listing_view
Traceback (innermost last):
Module ZPublisher.WSGIPublisher, line 156, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 338, in publish_module
Module ZPublisher.WSGIPublisher, line 244, in publish
Module ZPublisher.BaseRequest, line 662, in traverse
Module ZPublisher.BaseRequest, line 701, in exec_callables
Module collective_folderprotection.events, line 65, in checkPassword
collective_folderprotection.exceptions.PasswordProtectedUnauthorized: You need a password to access 'news'

Tried running this on another test page with the debugging options on and client1 in "fg" mode. Got some more messages that may (or may not) be related to this error, that precede the error traceback messages above.

2020-07-28 10:49:49,194 INFO    [Products.CMFPlone:117][waitress] Cooking js ++plone++plone.app.discussion.javascripts/comments.js
2020-07-28 10:49:49,328 INFO    [Products.CMFPlone:117][waitress] Cooking js ++plone++plone.app.event/event.js
2020-07-28 10:49:49,429 INFO    [Products.CMFPlone:165][waitress] Writing cooked resource: static/plone-legacy-compiled.js
2020-07-28 10:49:49,429 INFO    [Products.CMFPlone:165][waitress] Writing cooked resource: static/plone-legacy-compiled.css
2020-07-28 10:49:49,547 INFO    [Products.CMFPlone.resources.browser.combine:121][waitress] Wrote combined JS bundle "default".
2020-07-28 10:49:49,562 INFO    [Products.CMFPlone.resources.browser.combine:121][waitress] Wrote combined JS bundle "logged-in".
2020-07-28 10:49:49,566 WARNING [Products.CMFPlone.resources.browser.combine:53][waitress] Could not find resource ++plone++static/plone-datatables-compiled.css. You may have to create it first.
2020-07-28 10:49:49,573 INFO    [Products.CMFPlone.resources.browser.combine:156][waitress] Wrote combined CSS bundle "default".
2020-07-28 10:49:49,586 INFO    [Products.CMFPlone.resources.browser.combine:156][waitress] Wrote combined CSS bundle "logged-in".
2020-07-28 10:49:49,586 INFO    [Products.CMFPlone.resources.browser.combine:184][waitress] Finished bundle compilation.
<string>:387: DeprecationWarning: Using len() is deprecated. Use the `length` attribute for the size of the current page, which is what we return now. Use the `sequence_length` attribute for the size of the entire sequence. 
/srv/www/plone_5.2.1/buildout-cache/eggs/Chameleon-3.6.2-py3.6.egg/chameleon/tal.py:471: DeprecationWarning: Using len() is deprecated. Use the `length` attribute for the size of the current page, which is what we return now. Use the `sequence_length` attribute for the size of the entire sequence. 
  iterable = list(iterable) if iterable is not None else ()
<string>:387: DeprecationWarning: Using len() is deprecated. Use the `length` attribute for the size of the current page, which is what we return now. Use the `sequence_length` attribute for the size of the entire sequence. 
<string>:125: DeprecationWarning: Using len() is deprecated. Use the `length` attribute for the size of the current page, which is what we return now. Use the `sequence_length` attribute for the size of the entire sequence.

To Whom It May Concern,

I am having the same problem with our Plone site.
The collective-folderprotection plugin does not seem to be working correctly.

Like the OP, we are trying to restrict access to certain parts of our site.
Some ideas:

  • We could use the "nondeveloper-user" and password to get to restricted subpages, but this doesn't seem to be working with Python 3.
  • Bank/real estate website model: Developers develop the Plone site somewhere, then push the results somewhere else. The login for the user is only to be able to see details or download information, not to design the site or to upload. A version of this could be achieved with a user type in Plone that can only download and see details (if one does not login, one can only see the front page).

Thanks in advance, and any help would be greatly appreciated!

Plone Foundation Code of Conduct