Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.

pypm install products.onetimetokenpas

How to install Products.OneTimeTokenPAS

  1. Download and install ActivePython
  2. Open Command Prompt
  3. Type pypm install products.onetimetokenpas
 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
0.2 Available View build log
Windows (64-bit)
0.2 Available View build log
Mac OS X (10.5+)
0.2 Available View build log
Linux (32-bit)
0.2 Available View build log
Linux (64-bit)
0.2 Available View build log
Lastest release
version 0.2 on Jan 5th, 2011


The One Time Token PAS allows users to login using a special token. The token is generated and can only be used one. This allows members to login without supplying their username and password. You can send an e-mail with the special login url, so the member can access the portal easily.


This product is written for Plone 2.5 but can easily be used for 3.x.

  • Install thru the quick installer
  • Activate Authentication and Extraction in the OTT plugin, move this plug-in

System Message: WARNING/2 (<string>, line 18)

Bullet list ends without a blank line; unexpected unindent.

to the top.


  1. Generate a token:

getToolByName(self, 'onetimetoken_storage')

token = tokenTool.setToken(userId) logincode = '?logincode=%s' % tokenTool.setToken(userId)

'http://myplone/supersecret%s' % logincode

  1. Send url with logincode to user

The user can use the token only once and it's valid for three weeks. The expiration time can be set in the tool.

Manager's usage

Users with Manage portal permission on Plone site root are allowed to login as any other user by visiting @@login_as browser view and entering target user name. This feature has been taken from niteoweb.loginas package and modified.


Why not let users login themselves instead of using this plug-in? In specific cases it's usefull to auto-login the user. For example; a member participates in a program to save energy and keep track of his energy usage. Every month he receives an email to auto-login and updates his usage. Another example; a portal is used for informing members of newly published newsletters, these letters aren't public. The member get's a link with auto-login to the newsletter so he can read it.

It's all about making it easier for the user and there's no obstacle to login. In above cases the members are normal users with no elevated rights. Ofcourse there could be cases where a one time token is not usefull and/or safe.

The logincode that is included in the url contains the loginname and the token in base64. Every token is a uniquely generated md5 hash of random data and can only be used once. If there's is a succesfull match between the given username, token and the stored token with username you're authenticated.

Clearing old tokens

Old tokens can be cleared bij calling clearExpired on the token storage. Using crontick and cron4plone this job can be automated.

Add this call in cron4plone: portal/onetimetoken_storage/clearExpired


  • Some doc or unit tests would be nice
  • Control panel for setting expriation time.
  • Checking a member is disabled when generating a token. This is because we had

System Message: WARNING/2 (<string>, line 77)

Bullet list ends without a blank line; unexpected unindent.

performance problems with generating large amounts of keys (> 15,000) and SQL PAS. Add this as an option in the control panel.


0.2 - 2009-10-12
  • added @@login_as browser view which allows to login as any user. Idea and

System Message: WARNING/2 (<string>, line 87)

Bullet list ends without a blank line; unexpected unindent.

part of code taken from niteoweb.loginas. Thanks! [naro]

0.1.1 - 2009-09-02
  • re-released, added metadata.xml
0.1 - Unreleased
  • Initial release

Subscribe to package updates

Last updated Jan 5th, 2011

Download Stats

Last month:2

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.