Re: Can't reconnect until invalid transaction is rolled back with repoze.who / repoze.what
Hello, Daniel. Thanks, that's a good suggestion! I've just changed it https://github.com/repoze/repoze.who-sqlalchemy/commit/3c30dba8daeed461a6b61f9c986e08030e6b831f. Cheers. On 20/04/11 15:09, Daniel Holth wrote: I notice you begin building the query with one dbsession which must be a ScopedSession, then call dbsession.remove(), and then execute the query. It would probably be better to put dbsession.remove() at the top of the function. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en. -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Can't reconnect until invalid transaction is rolled back with repoze.who / repoze.what
Hello, I finally got some time today to investigate this further and fix it. I think the only way to solve this at the repoze.who.plugins.sa level is by rolling back the transaction *before* issuing a query. I agree that, ideally, this would've been handled in the repoze.who-friendlyform plugin, but the problem is that these two plugins and independent from each other. I'll wait 24 hours before releasing this, to allow time to get some feedback on the change: https://github.com/repoze/repoze.who-sqlalchemy/commit/b327b426125859dff9eccd05611c1143912c554d I've tested it and all the tests pass, but maybe I missed a reason why this solution is not a good one. Cheers, - Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Logging failed login attempts
Hello, Jason. On Apr 15, 9:49 pm, Jason McKellar ja...@deadtreepages.com wrote: I'm using Repoze.what with Pylons 1.0 and I can't figure out how to log failed login attempts. This would be extremely useful to see if there are any brute force attempts on the application. I have logging in the method that checks the password, but this will not help if the username is incorrect. Had anyone figured out how to do this? This is handle by repoze.who and I think you'd have two options: - If you're using the repoze.who SQLAlchemy plugin, then you have method in the User class to check the password, which you can use to log wrong passwords. - If you're using another repoze.who authenticator plugin, you'd have to replace the existing authenticator with a subclass like thus: http://pastebin.com/HN7ngHeM HTH, - Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Repoze
Hello, I was replying to you, when I noticed you found the problem as you've reported in a comment to that wiki page. (BTW, I don't understand why someone would need to protect the entire application like that (using that RepozeMiddleware).) - Gustavo. On Mar 21, 10:46 pm, mani sabri mani.sa...@gmail.com wrote: Hi I followed this tutorialhttp://wiki.pylonshq.com/display/pylonscookbook/Pylons+1.0+and+repoze... and it's working except now every controller redirects me to to the login page and wont work until some user is loged in. It acts the same even if I add @ActionProtector(is_anonymous()) before it! Am I missing something ? should I read the documentations more carefully or ... ?! Any help? Kind Regards Mani Sabri -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: repoze.what with https
Hello, I'm afraid the only solution would be to write a WSGI middleware like: class SSLOnlyLoginMiddleware(object): def __init__(self, app): self.app = app def __call__(self, environ, start_response): if environ['PATH_INFO'].startswith(/login/) and environ['wsgi.url_scheme'] != https: headers = [(Location, https://example.org/login;)] start_response(301 Moved Permanently, headers) body = [] else: body = self.app(environ, start_response) return body And put it before repoze.what/who. HTH, - Gustavo -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: No 'repoze.who.logins' key in request.environ
Hello, Jeremy.
That item in the environment is set by the FriendlyFormPlugin, which
is an alternative to the built-in RedirectingFormPlugin (the one
you're using):
http://code.gustavonarea.net/repoze.who-friendlyform/
All you need to do is replace the RedirectingFormPlugin with
FriendlyFormPlugin, and pass more arguments if you'd like to do more
advanced things.
The examples should help you implement what you need, but let me know
if you have more questions :)
HTH,
- Gustavo.
On Nov 23, 9:46 am, Jeremy morel.jer...@gmail.com wrote:
Hello,
I am using repoze.who, repoze.what and repoze.who.openid for my
authentication and authorization needs. Since I needed to integrate
repoze.who.openid, I did not use repoze.what-quickstart but merely
configured repoze.who and repoze.what by hand.
Here is the configuration I use:
def add_auth(app, app_conf):
# Setting up repoze.who plugins
auth_tkt = AuthTktCookiePlugin(
secret = 'xx',
cookie_name = 'oatmeal')
openid = OpenIdIdentificationPlugin(
store = 'file',
store_file_path = app_conf['cache_dir']+'/sstore',
openid_field = 'openid',
came_from_field = 'came_from',
error_field = 'error',
session_name = 'beaker.session',
login_form_url = '/login',
login_handler_path = '/dologin_openid',
logout_handler_path = '/logout',
logged_in_url = '/login',
logged_out_url = '/login',
rememberer_name = 'auth_tkt')
form = RedirectingFormPlugin(
login_form_url = '/login',
login_handler_path = '/dologin',
logout_handler_path = '/logout_form',
rememberer_name = 'auth_tkt')
usermodelplugin = UserModelPlugin()
# Defining identifiers
identifiers = [('auth_tkt', auth_tkt), ('openid', openid),
('form', form)]
# Defining authenticators
authenticators = [('authenticator', usermodelplugin)]
# Defining challengers
challengers = [('openid', openid)]
# Defining metadata providers
mdproviders=[('mdproviders', usermodelplugin)]
# Setting up repoze.what
groups = SqlGroupsAdapter(Group, User, Session)
# we need to map some of the attributes to the default model
groups.translations['section_name'] = 'name' # the group name is
stored into group.name instead of group.group_name
groups.translations['item_name'] = 'id' # we are using user.id to
identify a user instead of user.user_name
permissions = SqlPermissionsAdapter(Permission, Group, Session)
permissions.translations['section_name'] = 'name'
permissions.translations['item_name'] = 'name'
groups_adapter = {'all_groups': groups}
permissions_adapter = {'all_perms': permissions}
app_with_auth = setup_auth(
app,
group_adapters=groups_adapter,
permission_adapters=permissions_adapter,
# set up repoze.who
classifier=default_request_classifier,
challenge_decider=openid_challenge_decider,
identifiers=identifiers,
authenticators=authenticators,
challengers=challengers,
# enable logging on stdout for easy debug
log_level = logging.DEBUG,
log_stream = sys.stdout)
return app_with_auth
Authentification and authorization both work great : I can log in, log
out, both with openid and a login and password. However I'd like to
implement some more features, among which notifying the user when he
provided a non valid login or password (it would be even better if
those could be two different errors) or a non registered openid.
I thought of using pylons.tmpl_context, but of course it is not
available in the authenticator (if I understood correctly, since the
authenticator is part of the middleware, it is executed before pylons,
thus preventing any use of the tmpl_context variable). I looked at
some tutorials, and found that there is a 'repoze.who.logins' key in
request.environ which acts as a login counter. My problem is: this key
is not present in my application.
Would you know why it isn't ? And do you know of any mean by which I
could implement the error notifying I talked about ?
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-disc...@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: Can't reconnect until invalid transaction is rolled back with repoze.who / repoze.what
Hello, Josh. On Nov 17, 4:34 am, Josh Kelley josh...@gmail.com wrote: On Nov 16, 5:45 pm, Gustavo Narea m...@gustavonarea.net wrote: Thanks for the information. I couldn't find the message Can't reconnect until invalid transaction is rolled back in the output you pasted and I think the link to the FAQ refers to another type of issue. Sorry. There are actually two exceptions; the first I already posted, and here's the second, with the Can't reconnect until invalid transaction is rolled back error. http://pastie.org/1304673 I don't know why I got two exceptions on a single request? I assumed the Pylons / repoze stack would have aborted after the first. (Unless the second exception was while trying to render the error page? If that is what's happening, is there a way to keep repoze.who from breaking rendering the error page?) I've been reading about that error on the MySQL documentation and it seems like all the possible causes are external to the application:http://dev.mysql.com/doc/refman/5.0/en/gone-away.html You can try and tweak the Session if you want; it may or may not help. I don't think handling the exception in repoze.who.plugins.sa is an appropriate solution because we'd silencing a problem that should be fixed. I understand that the causes of the MySQL server has gone away are external to the app and will work on that later; my concern right now is that (as far as I can tell) repoze.who.plugins.sa isn't cleaning up when this happens, which causes the app to get stuck in the Can't reconnect until invalid transaction is rolled back state (and I have to restart the app to get anything working again). The FAQ I linked to does appear to be a different specific issue, but its solution of using a try/except block to properly handle rollbacks seems to apply here too. If I make repoze.who.plugins.sa handle the exception, I'd be silencing that error, which I'd rather not do as that sort of things always make debugging harder. If you had another WSGI middleware that uses SA, chances are you'd get the same error, so I think a better solution for you would be to subclass ErrorMiddleware like this: class MyErrorMiddleware(ErrorMiddleware): def exception_handler(self, exc_info, environ): exception_class = exc_info[0] if exception_class in (InvalidRequestError, OperationalError): # rollback... return super(MyErrorMiddleware, self).exception_handler(exc_info, environ) That should avoid the second exception, allowing the error page to be returned without problems. And it'd also work if that error happens within your application and you're not expecting it. I'm happy to reconsider handling the exception if more hit the same problem, though. HTH, - Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Can't reconnect until invalid transaction is rolled back with repoze.who / repoze.what
Hello, Josh.
Thanks for the information.
I couldn't find the message Can't reconnect until invalid transaction
is rolled back in the output you pasted and I think the link to the
FAQ refers to another type of issue.
According to the traceback, the exception is raised when the user
object is loaded. Before that, the plugin would've issued another
query to verify the username and password, and it seems like that
query did succeed (you can see it by increasing the verbosity of the
SQLAlchemy logger). So somehow, the connection is lost between those
two queries (while the repoze.who middleware is being executed).
I can't see anything on the plugin that would cause that -- in fact,
as I mentioned yesterday, this is the first time I hear about this in
2 years.
I've been reading about that error on the MySQL documentation and it
seems like all the possible causes are external to the application:
http://dev.mysql.com/doc/refman/5.0/en/gone-away.html
There's some troubleshooting information there. If you can't still
find the problem, I'd recommend writing to the SQLAlchemy mailing list
with the output of the logger at the INFO level -- You can CC me on
that email so that I can keep an eye on it and see if I can help.
You can try and tweak the Session if you want; it may or may not help.
I don't think handling the exception in repoze.who.plugins.sa is an
appropriate solution because we'd silencing a problem that should be
fixed.
HTH.
- Gustavo.
On Nov 16, 2:07 am, Josh Kelley josh...@gmail.com wrote:
On Nov 15, 4:54 pm, Gustavo Narea m...@gustavonarea.net wrote:
The only thing I can think of is that the repoze.who middleware was
added in the wrong order. Please have a look at this
example:https://bitbucket.org/Gustavo/whatpylonsproject/src/tip/pylonssecured...
I don't remember seeing that error before. Can you please paste the
traceback if the location of the middleware is not the problem?
Thanks for the reply.
My middleware.py looks very similar to the one you linked. The middle
is slightly different (I haven't done anything with caching, and I
added ToscaWidgets; neither looks like it should be a problem):
# Routing/Session/Cache Middleware
app = RoutesMiddleware(app, config['routes.map'], singleton=False)
app = SessionMiddleware(app, config)
# CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares)
app = twa.make_middleware(app, {
'toscawidgets.framework': 'pylons',
'toscawidgets.framework.default_view': 'mako',
})
app = add_auth(app)
if asbool(full_stack):
# Handle Python exceptions
app = ErrorHandler(app, global_conf,
**config['pylons.errorware'])
My add_auth uses repoze.what.plugins.quickstart.setup_sql_auth, like
the one you linked. (Actually, I think I followed your cookbook
article.)
I posted the traceback tohttp://pastie.org/1301390.
After investigating a bit more, here's my understanding of the
problem. Please correct me if I'm wrong:
As described
athttp://www.sqlalchemy.org/trac/wiki/FAQ#Thetransactionisinactivedueto...,
uses of Session should make sure that they end with a call to
rollback(), close(), or remove(). Pylons does this in its
BaseController, but because repoze.who.plugins.sa is configured as
middleware, it executes outside of BaseController's try/finally block,
so any errors it encounters are never rolled back.
I can think of three solutions:
1) Give repoze.what.quickstart a Session object with autocommit=True,
so that it never has to rollback. I guess this would mean creating
two session objects (one for Pylons with autocommit=False, one for
repoze.who / repoze.what with autocommit=True); are there any caveats
with doing this?
2) Initialize and close the Session within middleware rather than
within the Pylons app (something
likehttp://pypi.python.org/pypi/SQLAlchemyManager/0.1.0?).
3) Add try/except blocks to repoze.who.plugins.sa.
#3 seems like the correct solution, but I'm very new to Pylons,
repoze, SQLAlchemy, and WSGI middleware, so I could easily be
misunderstanding something.
--
Josh Kelley
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-disc...@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: Can't reconnect until invalid transaction is rolled back with repoze.who / repoze.what
Hello, The only thing I can think of is that the repoze.who middleware was added in the wrong order. Please have a look at this example: https://bitbucket.org/Gustavo/whatpylonsproject/src/tip/pylonssecuredapp/config/middleware.py I don't remember seeing that error before. Can you please paste the traceback if the location of the middleware is not the problem? Cheers. On Nov 14, 4:25 am, Josh Kelley josh...@gmail.com wrote: I'm getting the dreaded MySQL server has gone away and Can't reconnect until invalid transaction is rolled back pair of errors in my Pylons application. From what I've read online, the Can't reconnect until invalid transaction is rolled back is supposed to be avoided by Pylons' default lib/base.py wrapping each controller's operations in a try: ... finally: Session.remove() block. However, from what I can tell, I'm getting this error within repoze.who's middleware (specifically, repose.who.plugins.sa's _BaseSQLAlchemyPlugin.get_user), which I assume is executing outside of this try / finally block, so Session is never removed or rolled back, so the Can't reconnect until invalid transaction is rolled back error is never cleared. How do I fix this invalid transaction state? I've read all of the suggestions on handling MySQL server has gone away and will work on those, but before I do so, I'd like to know that if an error does somehow slip through, it won't leave my app in a broken invalid transaction state. -- Josh Kelley -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Big picture with repoze.who/what?
Hello, John. On Oct 21, 7:39 pm, JohnWShipman j...@nmt.edu wrote: If there isn't currently anything online that discusses these big- picture details, I'd be happy to write one, once I understand it well enough. I think Richard did a good job answering your individual questions, so I'd like to point you to this article I wrote which I think will give you a full picture: http://gustavonarea.net/blog/posts/repoze-auth/ I think it's similar to the article he mentioned, but probably a bit more deep. HTH, - Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Big picture with repoze.who/what?
On Oct 24, 2:53 pm, Gustavo Narea m...@gustavonarea.net wrote: I think Richard did a good job answering your individual questions, so I'd like to point you to this article I wrote which I think will give you a full picture: http://gustavonarea.net/blog/posts/repoze-auth/ You'll probably find the first part useful (everything before Creating a Web application protected with repoze.who and repoze.what). -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: repoze auth on Opera
Hello, Anders. These are the only Opera-specific problems that we're aware of, AFAIR: http://bugs.repoze.org/issue89 http://bugs.repoze.org/issue66 There seem to be workarounds for each of them. HTH, - Gustavo. On Sep 22, 5:01 pm, Anders Eide a...@iserv.no wrote: I used this guide (http://sarafsaurabh.wordpress.com/2010/08/10/pylons-authentication-an...) to setup auth in my project. Login works fine in Firefox and IE, but when I login using Opera, I'm getting incorrect username or password. Anyone else who have experienced this? mvh Anders Eide -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Kerberos using AuthKit, repoze.who or something else
Hello. Just a small clarification: On Jul 16, 9:34 pm, Aurynn Shaw as...@commandprompt.com wrote: The flow is, the Identifier tests for the user credentials (can look in the HTTP environment, as well as cookies), and if the user is not logged in, passes to the Challenger. The Challenger requests credentials (a 401 Not Authorized), as you'd expect. If the user is not authenticated and is not trying to log in in the current request, nothing happens; the WSGI application will work as usual. The challenger only comes into play when so is requested by the WSGI application (the identifier has no influence); by default it happens when the application itself returns 401. Or in a graphical way, this is what happens before your application receives the request: http://gustavonarea.net/uploads/Figure2.png And this is what happens after your application returns a response: http://gustavonarea.net/uploads/Figure3.png - Gustavo. :) -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: How to use repoze and redis in pylons?
Hello, Gopalakrishnan. A repoze.who identifier is the component that checks whether the user was authenticated previously. A challenger is the component in charge of asking the user, somehow, to provide their credentials (e.g., username and password). So thanks to identifiers, we don't have to challenge on every request. HTH. - Gustavo. On Jul 7, 9:25 pm, Gopalakrishnan Subramani gopalakrishnan.subram...@gmail.com wrote: Hello Gustavo, Can you please let me understand what is identifiers, challengers? I will be using form based authentication, where the user name and password shall be stored in the redis database. I would store the group and permission also as part of redis. I can refer HTPasswdPlugin and try to make Redis based authentication.. Still I could not get identifiers and challengers Regards, Krish On Thu, Jul 8, 2010 at 1:32 AM, Gustavo Narea m...@gustavonarea.net wrote: Hello, On Jul 7, 7:11 pm, Gopalakrishnan Subramani gopalakrishnan.subram...@gmail.com wrote: Can you please tell me what is that extra argument .. contains? The arguments to configure repoze.who: http://tinyurl.com/repoze-what-setup-auth Like whatpylonsproject, if you have any sample app which uses redis for both authentication and authorization, it will be easy for me.. Do you have any sample app please? I'm sorry, but I haven't seen an application like that publicly available. :/ HTH. - Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.compylons-discuss%2bunsubscr...@go oglegroups.com . For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: How to use repoze and redis in pylons?
Hello, On Jul 7, 7:11 pm, Gopalakrishnan Subramani gopalakrishnan.subram...@gmail.com wrote: Can you please tell me what is that extra argument .. contains? The arguments to configure repoze.who: http://tinyurl.com/repoze-what-setup-auth Like whatpylonsproject, if you have any sample app which uses redis for both authentication and authorization, it will be easy for me.. Do you have any sample app please? I'm sorry, but I haven't seen an application like that publicly available. :/ HTH. - Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: How to use repoze and redis in pylons?
Hello,
Basically, once you create an instance of the Redis source adapter for
repoze.what [1], you need to pass it to the repoze.what middleware.
The following illustrates how it could be done:
from redis import Redis
from repoze.what.middleware import setup_auth
from repoze.what.plugins.redis import adapters
def make_app():
# ...
# PUT WSGI MIDDLEWARE UNDER THIS LINE
# Configuring repoze.what:
redis_groups = adapters.RedisGroupAdapter(Redis())
redis_permissions = adapters.RedisPermissionAdapter(Redis())
groups = {'redis': redis_groups}
permissions = {'redis': redis_permissions}
app = setup_auth(app, groups, permissions, ...)
AFAIK there's no authenticator plugin for repoze.who, though. You can
either use another storage mechanism for authentication, or write a
simple Redis-based repoze.who authenticator plugin [3].
You may find the following links useful too:
http://wiki.pylonshq.com/display/pylonscookbook/Authorization+with+repoze.what
http://what.repoze.org/docs/1.0/Manual/GettingStarted.html
HTH. :)
- Gustavo.
[1] http://pypi.python.org/pypi/repoze.what.plugins.redis/1.0rc1
[2] http://tinyurl.com/repoze-auth-no-quickstart
[3] http://docs.repoze.org/who/1.0/narr.html#writing-an-authenticator-plugin
On Jul 5, 4:24 pm, Gopalakrishnan S
gopalakrishnan.subram...@gmail.com wrote:
Hi,
I want to use the redis as my database backend and repoze.what and
repoze.who for user login. I could not identify the right application
which uses redis and repoze with pylons.
There is repoze.what.plugins.redis plugins availble, but I don't know
to use it.
Please help me out.
Regards,
Krish
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-disc...@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: Struggling with Authkit Authentication
Hello, Mike. I agree it's not a common situation, but I think some things are simpler than they seem; for example, if you have two metadata plugins (e.g., SQL and LDAP), they both would be used regardless of the successful authentication method. If I got it all right, you'd need at least 5 repoze.who plugins: 1 identifier, the one that handles the login form. 1 LDAP authenticator. 1 SQL authenticator. 1 LDAP metadata provider. 1 SQL metadata provider. Of which only the identifier and the LDAP metadata provider should be customized. The identifier would be customized in order to remove everything after the at sign (e.g., gust...@example.org becomes gustavo). And the LDAP metadata provider would be customized to filter/process the attributes retrieved. This would be translated into Python as: http://pastebin.com/BGv7i5cU Or, if you want to make sure that it's save to remove everything after the at sign for internal users, you can customize both authenticators: http://pastebin.com/W35kJmeG I think that way everything will work. HTH, - Gustavo. On Jun 6, 8:20 pm, Mike Orr sluggos...@gmail.com wrote: Ok, I'll see, but I'm not sure how generally useful they'd be. My problem is the following. 1) Some users are internal and have LDAP accounts, and their roles are calculated from their LDAP properties. (Roles = metadata for the identity object, which will later be used for authorization. It also includes record IDs for users who have permission only to specific records.) 2) Some users are external, so their username, password, and roles are in a SQL database. 3) Some users are hybrid, in that their authentication is LDAP but their roles are in the database. (They have higher permissions than their LDAP properties would indicate.) This is indicated by a database record with a null password. 4) I distinguish internal vs external users by the syntax of the username. Internal users have to enter their full email address, because the domain indicates they're internal (i.e., authenticate via LDAP). This is to prevent two different users from having the same username, because there are thousands of LDAP users and we don't know when somebody joins or leaves or what future usernames will be. But we're getting pushback from users that they don't want to type the domain, which is different than how they log into other applications (those that don't have external users). So I'm thinking about just choosing a priority; i.e., consult the database first or consult LDAP first, and then deal with identical usernames when/if users complain they can't log in. (We could also use a separate form field to indicate internal/external, but users wouldn't like that either.) 6) The LDAP plugin puts the user's properties into the identity object I think, but I don't want to force the application to process the raw LDAP properties all the time, because they're obscure and squirrely. I want it to calculate the roles right when they log in, in the same format used for external users. It looks like I'd have to write a plugin for that. 7) The normal cascading seems to try one authentication method first, and use that if it succeeds, and otherwise try the other. It doesn't allow for the hybrid case where both succeed and their metadata is merged in the identity object. (Full name from LDAP, roles from database.) That's where it looks like I'd have to write a custom plugin that spans three or four of the standard plugins. 8) The whole identity structure (how the metadata is created and used) is not the way my application works. I'm not sure if changing the structure would lead to a reasonable compromise. So #7 and #8 may lead to generic patches, but I'm not sure if they'd be generic enough to be generally useful. On the other hand, I think other people may also benefit from a more flexible form of cascading and metadata handling.I'm not sure if I can design one that would make everybody happy, but if I can I'll send it in. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Struggling with Authkit Authentication
Mike said: So that would require two LDAP queries or two SQL queries for every login? The way I suggested, yes. If that's an issue, you could extend the authenticators (or create your own) so that you retrieve everything in one go, putting the metadata in a temporary location in the WSGI environ and then making a metadata provider that moves it to the identity dict. That brings up another issue I forgot. The LDAP plugin seems to assume a long-running connection that will never be broken, and has no provision to reconnect. (The constructor takes a connection rather than a factory.) I don't know if LDAP is as likely to close idle connections as MySQL is, but our server does go down occasionally. In my app, I connect to LDAP separately for each login attempt. I suppose that might increase the latency, but it does mean I don't have to worry about reconnecting. It should probably start with a long-lived connection but reconnect gracefully. The plugin only uses the simple_bind_s method of the connection object, so you could define a class with that method so that you can connect to the LDAP server on every login attempt. Or, the plugin could be modified to do it automatically when required. I can apply a patch to do it. -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Pylons 0.10 and 1.0 Beta 1 Released
Thank you guys for the hard work! Is the 0.9.7-0.10 change log available anywhere? - Gustavo. On 06/02/10 03:46, Ben Bangert wrote: Without further ado, I'm pleased to announced that Pylons 0.10b1 and 1.0b1 are now out. I have not put them on Cheeseshop to ensure they're not downloaded accidentally. Upgrading / Installing = I have updated upgrading instructions here: http://pylonshq.com/docs/en/1.0/upgrading/ The instructions to install from scratch on Pylons 1.0b1: http://pylonshq.com/docs/en/1.0/gettingstarted/#installing The upgrading page covers the important upgrading instructions that Mike Orr touched briefly on before. Note that these are *beta* releases, intended for us to discover remaining issues and continue updating any other documentation where applicable. Very little has actually changed in Pylons since 0.9.7, apart from 1.0 dropping all of the legacy functionality and a few explicit clean-ups. Updates === Routes, Beaker, and WebHelpers however have been seeing quite a bit of updates through the life of Pylons 0.9.7 so no one should think that the developers working on Pylons and its related parts have been hanging out doing nothing. :) Since Pylons 0.9.7 was released on February 23, 2009, almost one year ago now: * Routes 1.11 was released, and 1.12 with some great updates will be out shortly * Beaker has gone from 1.2.2 - 1.5 with 3 major updates substantially increasing its ease of use and reliability * WebHelpers is now at 1.0b4 with major updates, core functions rewritten, and new docs up * SQLAlchemy has gone from 0.4 to 0.5 (with 0.6 in beta) I believe this speaks a great deal about the benefits of keeping the core Pylons functionality separate from other parts, as a variety of bug fixes and features can be improved without requiring new Pylons releases to quickly address bug reports. How to Help! == To bring Pylons to 1.0, many docs likely need very small changes. Also, it would be great to take care of reference docs where people have commented about problems/tips. Helping is fairly easy, especially if you're familiar with restructured text. First: Clone the Pylons repository on Bitbucket: http://bitbucket.org/bbangert/pylons/ Then: Edit the documentation files under pylons/docs/en/ to read as appropriate, commit the fix, and push it to bitbucket. Finally: Issue a pull request on bitbucket so that we'll know your fix is ready. Ideally you should include a note in it about what your fix remedies. Bug Reports == Did your upgrade not go according to plan? Was there something missing that you needed to do from the upgrading docs? Let us know by filing a bug report (mark component as documentation, and milestone as 0.10: http://pylonshq.com/project/pylonshq/newticket You'll need to login to file a bug report, or feel free to reply to this announcement with the issue. Thanks (in alphabetical order) to Mike Bayer, Ian Bicking, Mike Burrows, Graham Higgins, Phil Jenvey, Mike Orr, and anyone else I missed for all their hard work on making Pylons and its various components what they are today. - Ben -- Gustavo Narea xri://=Gustavo. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Repoze.what and Max-Age
Thanks for the tip, Audrius! I wasn't aware of those arguments, so I've just released repoze.what- quickstart so people can customize the Max-Age both with Python code and .ini files: http://code.gustavonarea.net/repoze.what-quickstart/News.html Cheers! - Gustavo. Audrius said: On Sun, 2010-01-10 at 17:49:12 +, Gustavo Narea wrote: Hello, Justin. It seems like you're configuring repoze.what and repoze.who via repoze.what- quickstart [1]. That package configures authentication (i.e., repoze.who) so that the cookies are handled by the AuthTktCookiePlugin [2], but that repoze.who identifier plugin doesn't allow specifying that (yet). I'm not sure if OP needs login session expiration, but if he does, AuthTktCookiePlugin in latest repoze.who already supports that giving timeout and reissue_timeout arguments to its constructor method or make_plugin factory function. It looks like AuthTktCookiePlugin docs are not up to date on the website (Last updated on Jan 23, 2009.), also there's no way to set these arguments via repoze.what-quickstart. I think quite a few people would find that handy, although there's always a way to bypass quickstart and configure repoze.what by yourself (quickstart code could be used as example, it's not hard to understand). As for remember me functionality, OP is left to implement it himself or wait for someone to do that for him. So there are two options: 1.- Request this feature on http://bugs.repoze.org/. Chances are if you provide a patch, it'll get a applied and a new release will be done very soon. Then I'll update repoze.what-quickstart so you can pass this argument to AuthTktCookiePlugin. 2.- You use your own AuthTktCookiePlugin-based identifier. But then you will have to configure repoze.who/what manually, without repoze.what-quickstart. I would go for option 1. -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Repoze.what and Max-Age
Hello, Justin. It seems like you're configuring repoze.what and repoze.who via repoze.what- quickstart [1]. That package configures authentication (i.e., repoze.who) so that the cookies are handled by the AuthTktCookiePlugin [2], but that repoze.who identifier plugin doesn't allow specifying that (yet). So there are two options: 1.- Request this feature on http://bugs.repoze.org/. Chances are if you provide a patch, it'll get a applied and a new release will be done very soon. Then I'll update repoze.what-quickstart so you can pass this argument to AuthTktCookiePlugin. 2.- You use your own AuthTktCookiePlugin-based identifier. But then you will have to configure repoze.who/what manually, without repoze.what-quickstart. I would go for option 1. HTH, - Gustavo. [1] http://code.gustavonarea.net/repoze.what-quickstart/ [2] http://static.repoze.org/whodocs/narr.html#repoze.who.plugins.auth_tkt.AuthTktCookiePlugin Justin said: I am trying to use Repoze.what with pylons. I would like to be able to configure the expiration time for my site cookies as well as add a remember me button to the login view. I can not seem to find any documentation on where to configure these options though, when using the quickstart option. Anyhelp would be much appreciated. -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Authentication Authorization for multiple apps?
Hello, Regarding the authorization bit, as of repoze.what 1.1 (whose first alpha is going to be released by the end of this month), it's going to be possible to have that sort of pluggable authorization rules too thanks to the implementation of ACLs. With repoze.what 1.0.X, you can only have authorization rules have to be attached to your controllers or controller actions. Cheers, - Gustavo. flzz said: Greetings all, my company is currently in the process of migrating to python + pylons as our development platform of choice. We currently have a good bit of traffic to support and to help ease maintenance and operation overheads we will be creating multiple pylons applications to service certain aspects of our application on the whole. To the question. Is it possible to have a single Authentication and Authorization model (repoze.who repoze.what) that is shared among multiple pylons applications? We currently utilize the debian packaging system (Ubuntu) to handle software deployment, so the approach I can see us taking is to abstract out the AA portion of the system into its own package (deb/egg). Then from that point we will create our own pylons template that includes the use of this system. Am I off base with this approach at all? it seems uniformity of WSGI and the modular nature of pylons should make this doable. Thanks! -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Access to root WSGI application
Hi, Wyatt. Wyatt said: I want to get access to the root WSGI middleware, the one that is hit first when a request is made. In this example: [pipeline:main] pipeline = somefilter auth urlmap ...I want access to `somefilter`. I couldn't find a reference to the root app anywhere in the environ. Does anyone know how to access this? You can't, because it works like this: class Middleware1(object): def __init__(self, app): self.app = app def __call__(self, environ, start_response): # ... do something ... return self.app(environ, start_response) class Middleware2(object): def __init__(self, app): self.app = app def __call__(self, environ, start_response): # ... do something ... return self.app(environ, start_response) class Middleware3(object): foo = some value def __init__(self, app): self.app = app def __call__(self, environ, start_response): # ... do something ... return self.app(environ, start_response) pylonsapp = make_app(...) pylonsapp = Middleware1(pylonsapp) pylonsapp = Middleware2(pylonsapp) pylonsapp = Middleware3(pylonsapp) So in Middleware1, for example, you cannot access Middleware3 and vice versa. For now, I created a wrapper app that saves a reference to itself in the environ. If you really want it, the standard way to do it is to put in the environ whatever you need from that middleware, not the whole middleware. For example, if what you need is the foo argument of Middleware3 in Middleware1, you can use this: class Middleware1(object): def __init__(self, app): self.app = app def __call__(self, environ, start_response): # ... do something ... if middleware3.foo in environ: # here it is! return self.app(environ, start_response) class Middleware2(object): def __init__(self, app): self.app = app def __call__(self, environ, start_response): # ... do something ... return self.app(environ, start_response) class Middleware3(object): foo = some value def __init__(self, app): self.app = app def __call__(self, environ, start_response): # ... do something ... environ[middleware3.foo] = self.foo return self.app(environ, start_response) pylonsapp = make_app(...) pylonsapp = Middleware1(pylonsapp) pylonsapp = Middleware2(pylonsapp) pylonsapp = Middleware3(pylonsapp) Then this value will be available in any middleware* and the application itself. HTH, PS: Not exactly any middleware; it will be available for any middleware under it... So if we had a fourth middleware, it wouldn't be able to access environ[middleware3.foo]. -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Repoze.what Implementing permission system based on reputation
Hello, If, for example, the reputation score is stored in a column of the users' table as an integer, you could write the following repoze.what predicate checker: from repoze.what.predicates import Predicate class minimum_reputation(Predicate): message = Your minimum score reputation must be of at least \ %(minimum_score)s, but you have %(current_score)s def __init__(self, minimum_score, **kwargs): super(minimum_reputation, self).__init__(**kwargs) self.minimum_score = minimum_score def evaluate(self, environ, credentials): current_user = get_user_db_object_from_somewhere() if current_user.score self.minimum_score: self.unmet(current_score=current_user.score) For more info: http://static.repoze.org/whatdocs/Manual/Predicates/index.html Then you can use it in your actions, like this: from repoze.what.plugins.pylonshq import ActionProtector from somewhere import minimum_reputation class MyCoolController(BaseController): @ActionProtector(minimum_reputation(5)) def some_action(self): # This code is executed if the current user has # a reputation score of at least 5. If not, authorization # will be denied and s/he will see a message that reads: # Your minimum score reputation must be of at least 5 # but you have X (where X is her/his current score) For more info about this, check: http://code.gustavonarea.net/repoze.what-pylons/Manual/Protecting.html By the way, if you may want to create the following aliases: class good_reputation(minimum_reputation): def __init__(self, **kwargs): super(good_reputation, self).__init__(3, **kwargs) class excellent_reputation(minimum_reputation): def __init__(self, **kwargs): super(excellent_reputation, self).__init__(5, **kwargs) HTH, - Gustavo. On Thursday April 23, 2009 15:56:22 karikris...@gmail.com wrote: We are developing social networking application in Pylons. We use username-password system and permission which comes part of repoze.what/who. Now we need to give permission to certain resources based on user reputation score. What is the architecture required using repoze.what? Can some one through sample/example code? We are first time web developers and getting hard into Pylons but managing well.. Any help shall be greatly appreciated -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Repoze.what Implementing permission system based on reputation
On Thursday April 23, 2009 16:32:35 Gustavo Narea wrote: By the way, if you may want to create the following aliases: class good_reputation(minimum_reputation): def __init__(self, **kwargs): super(good_reputation, self).__init__(3, **kwargs) class excellent_reputation(minimum_reputation): def __init__(self, **kwargs): super(excellent_reputation, self).__init__(5, **kwargs) Better yet: good_reputation = minimum_reputation(3) excellent_reputation = minimum_reputation(5) ... so you can use them as in: class CoolController(BaseController): @ActionProtector(good_reputation): def something_for_people_with_good_reputation(self): # do something... @ActionProtector(excellent_reputation): def something_for_people_with_excellent_reputation(self): # do something... -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: (Repoze.what) Checking section and items
Hello, Kless. If you want to try the source adapter you're writing, you should use its methods without the slash in the beginning. For example, if you already defined _create_section, you should call create_section: http://static.repoze.org/whatdocs/Manual/ManagingSources.html#adding-a-section-to-a-source HTH ;-) Cheers! On Sunday April 19, 2009 18:36:24 Kless wrote: I'm creating a repoze.what source adapter for Mongo [1]. In several methods its says [2]: When implementing this method, don’t check whether the section really exists; that’s already done when this method is called. When are being called those checks? I've implemented '_section_exists' and '_item_is_included', and they works ok. But if I call to i.e. '_create_section' the anterior methods are not being called. [1] http://www.mongodb.org/homepage.action [2] http://static.repoze.org/whatdocs/Manual/ManagingSources.html#writing-your- own-source-adapters -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.what how to check the user has permission or not
I have no idea, to be honest -- Did you modify repoze.what itself too?
Please make sure the level of the logger used by repoze.what is at least INFO
and then run Pylons this way:
AUTH_LOG=1 paster serve development.ini
Finally, visit that controller action again and post the log of that request
(well, at least the part where the permissions are printed).
This will help us find what's going wrong.
Cheers.
On Friday April 17, 2009 21:27:25 karikrishni wrote:
I will try translation changes and let you know.
Any idea why is_met fails but @ActionProtecter pass the permission?
if is_met(has_permission('admin_post')):
post.user_can_suspend = True
else:
post.user_can_suspend = False
fails.. I have given the permission to the logged in user but still it
fails. But in the ActionProtector, it works
@ActionProtector(has_permission('admin_post'),cool_handlers)
def edit(.)
.
.
Sorry, I mess up two questions with the single post..
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: repoze.what how to check the user has permission or not
Hello,
Those two functions were introduced in repoze.what-pylons v1.0rc4; make sure
you're not using an older release:
easy_install -U repoze.what-pylons
The latest stable release is v1.0.
Please let me know if it worked for you :)
- Gustavo.
On Friday April 17, 2009 20:28:51 karikrishni wrote:
Hi Gustavo Group,
I could not find is_met with my latest pylons repoze which is
installed using easy_install. Am I missing something?
It will be great help for me to get answer for this to hack more into
pylons on my weekend :-).
Thanks
On Apr 15, 8:25 pm, karikrishni karikris...@gmail.com wrote:
I imported from 'repoze.what.plugins.pylonshq import is_met' but I am
getting error 'ImportError: cannot import name is_met'.
Thanks
On Apr 15, 12:06 pm, karikrishni karikris...@gmail.com wrote:
Thanks Gustavo. This is what I am expecting.. Thanks a lot..
On Apr 15, 12:04 pm, Gustavo Narea m...@gustavonarea.net wrote:
Hello,
In addition to protecting your action with a predicate, you want to
evaluate the has_predicate inside that action -- am I right?
If so, you can use a code like this:
from repoze.what.plugins.pylonshq import is_met
# (...)
@ActionProtector(has_permission('post'), cool_denial_handler)
def view(self, id):
# ...
if is_met(has_permission('whatever')):
# Do something
Please let me know if this is not what you want.
Cheers.
On Wednesday April 15, 2009 04:49:31 karikris...@gmail.com wrote:
I have a view method which needs to enable certain html for the
super user to edit/modify/unpublish the content.
def view(self, id):
identity = request.environ.get('repoze.who.identity')
db_session = meta.Session()
data_model = db_session.query(model.DataModel).filter_by
(id=id).first()
??
How to check whether user has appropriate permission to enable html
tags?
I am successfully using decorator to protect the action like below.
I want to know how to call has_permission method?
@ActionProtector(has_permission('post'), cool_denial_handler)
def edit(self, id):
db_session = meta.Session()
.
Thanks
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: repoze.what how to check the user has permission or not
Hello,
You can change that without changing the original source code:
http://code.gustavonarea.net/repoze.what-quickstart/#changing-attribute-names
If you're using repoze.what.plugins.quickstart:setup_sql_auth(), you can use
the following code:
# Create a dictionary for the so-called translations:
translations = {
# You said you didn't want the underscore
'user_name': 'username',
}
# Then somewhere in your middleware setup...
app = setup_sql_auth(..., translations=translations, ...)
Then you can try again -- and don't forget to revert any modification on the
source code of repoze.who/what or their plugins; if there's something else
that you don't like, it's most likely that you can change it easily.
Please let me know if it works now.
- Gustavo.
On Friday April 17, 2009 21:09:28 karikrishni wrote:
Thank you for quick response. I updated my repoze.what-pylons with
latest. Now it is not giving any error but functionally, it is not
working.
if is_met(has_permission('admin_post')):
post.user_can_suspend = True
else:
post.user_can_suspend = False
fails.. I have given the permission to the logged in user but still it
fails. But in the ActionProtector, it works
@ActionProtector(has_permission('admin_post'),cool_handlers)
def edit(.)
.
.
I did few changes to the User class but this is not related to
permission issue. I need your comment.
class User(DeclarativeBase):
Reasonably basic User definition. Probably would want
additional
attributes.
__tablename__ = 'users'
id = Column(Integer(), primary_key=True)
#TODO: Unique constraint
user_name = Column(Unicode(100))
I added id column 'id' which is primary key. In the sample, user_name
was primary key.
I didn't like underscore in user_name.. I want it to be simply
'username'. Is recommended to do that? any side effect?
Thanks
On Apr 17, 11:40 pm, Gustavo Narea m...@gustavonarea.net wrote:
Hello,
Those two functions were introduced in repoze.what-pylons v1.0rc4; make
sure you're not using an older release:
easy_install -U repoze.what-pylons
The latest stable release is v1.0.
Please let me know if it worked for you :)
- Gustavo.
On Friday April 17, 2009 20:28:51 karikrishni wrote:
Hi Gustavo Group,
I could not find is_met with my latest pylons repoze which is
installed using easy_install. Am I missing something?
It will be great help for me to get answer for this to hack more into
pylons on my weekend :-).
Thanks
On Apr 15, 8:25 pm, karikrishni karikris...@gmail.com wrote:
I imported from 'repoze.what.plugins.pylonshq import is_met' but I am
getting error 'ImportError: cannot import name is_met'.
Thanks
On Apr 15, 12:06 pm, karikrishni karikris...@gmail.com wrote:
Thanks Gustavo. This is what I am expecting.. Thanks a lot..
On Apr 15, 12:04 pm, Gustavo Narea m...@gustavonarea.net wrote:
Hello,
In addition to protecting your action with a predicate, you want
to evaluate the has_predicate inside that action -- am I right?
If so, you can use a code like this:
from repoze.what.plugins.pylonshq import is_met
# (...)
@ActionProtector(has_permission('post'), cool_denial_handler)
def view(self, id):
# ...
if is_met(has_permission('whatever')):
# Do something
Please let me know if this is not what you want.
Cheers.
On Wednesday April 15, 2009 04:49:31 karikris...@gmail.com wrote:
I have a view method which needs to enable certain html for the
super user to edit/modify/unpublish the content.
def view(self, id):
identity = request.environ.get('repoze.who.identity')
db_session = meta.Session()
data_model =
db_session.query(model.DataModel).filter_by (id=id).first()
??
How to check whether user has appropriate permission to enable
html tags?
I am successfully using decorator to protect the action like
below. I want to know how to call has_permission method?
@ActionProtector(has_permission('post'), cool_denial_handler)
def edit(self, id):
db_session = meta.Session()
.
Thanks
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~-~--~~~---~--~~
You received
Re: repoze.what how to check the user has permission or not
Hello,
In addition to protecting your action with a predicate, you want to evaluate
the has_predicate inside that action -- am I right?
If so, you can use a code like this:
from repoze.what.plugins.pylonshq import is_met
# (...)
@ActionProtector(has_permission('post'), cool_denial_handler)
def view(self, id):
# ...
if is_met(has_permission('whatever')):
# Do something
Please let me know if this is not what you want.
Cheers.
On Wednesday April 15, 2009 04:49:31 karikris...@gmail.com wrote:
I have a view method which needs to enable certain html for the super
user to edit/modify/unpublish the content.
def view(self, id):
identity = request.environ.get('repoze.who.identity')
db_session = meta.Session()
data_model = db_session.query(model.DataModel).filter_by
(id=id).first()
??
How to check whether user has appropriate permission to enable html
tags?
I am successfully using decorator to protect the action like below. I
want to know how to call has_permission method?
@ActionProtector(has_permission('post'), cool_denial_handler)
def edit(self, id):
db_session = meta.Session()
.
Thanks
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: Accessing REMOTE_ADDR during unit tests
On Friday April 3, 2009 19:10:09 Bryan wrote:
Some of my controllers look in the request for 'REMOTE_ADDR' to get
the client's ip address for logging. When I run my unit tests with
nosetests, REMOTE_ADDR is not present in the request object, causing
an error.
I would like to insert a fake ip address into the request in my unit
tests so that I don't have to change my controllers to accommodate
testing. Anyone know how I can do this?
def test_something(self):
environ = {'REMOTE_ADDR': 127.0.0.1}
self.app.get(url_for('something'), extra_environ=environ)
...
HTH.
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: Accessing REMOTE_ADDR during unit tests
Yes, I think you shouldn't rely on that variable because it may not be present
even on live sites because theoretically it's not mandatory, although I
haven't see the first case yet where it's not available.
On Friday April 3, 2009 20:20:11 Bryan wrote:
Thanks, that works. I think I am going to change my controller code
to ip = request.environ.get('REMOTE_ADDR', 'No IP address?') instead.
That will be less work that appending special arguments to all of my
requests in testing. I was hoping there was a way to do it for all
functional test get() calls.
On Apr 3, 10:39 am, Gustavo Narea m...@gustavonarea.net wrote:
On Friday April 3, 2009 19:10:09 Bryan wrote:
Some of my controllers look in the request for 'REMOTE_ADDR' to get
the client's ip address for logging. When I run my unit tests with
nosetests, REMOTE_ADDR is not present in the request object, causing
an error.
I would like to insert a fake ip address into the request in my unit
tests so that I don't have to change my controllers to accommodate
testing. Anyone know how I can do this?
def test_something(self):
environ = {'REMOTE_ADDR': 127.0.0.1}
self.app.get(url_for('something'), extra_environ=environ)
...
HTH.
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--
Gustavo Narea xri://=Gustavo.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: repoze.what-pylons working sample project
Hello, Andrius! I've just finished the sample application, which is available for download here: http://bitbucket.org/Gustavo/whatpylonsproject/overview/ Now it shows how to test the protected areas with repoze.who and repoze.what. I've also updated the HOWTO on the Pylons Wiki to mention this sample application: http://wiki.pylonshq.com/display/pylonscookbook/Authorization+with+repoze.what I'll try to updated the repoze.what-pylons docs to also explain how to configure the functional test suite. I hope you'll enjoy it! Please feel free to ask if you have further questions! Cheers, =Gustavo On Thursday March 26, 2009 14:30:47 Audrius Kažukauskas wrote: On Fri, 2009-03-13 at 01:45:35 +0100, Gustavo Narea wrote: Hello, I'm sorry about the delay, but I've been very busy this week. I've started a project at http://bitbucket.org/Gustavo/whatpylonsproject/overview/ The only thing it misses is a test suite using repoze.who-testutil. I'm stuck with a weird DB problem; I'll ask for help if I'm not able to fix it. I also wish to add more comments to it. Once it's finished, I'll update the HOWTO and post a message on this ML to let you know. I understand that right now is not the proper time to ask (PyCon and such), but I was wondering what's the progress with test suite? I'd like to use repoze.who-testutil, unfortunately the documentation regarding setting it up via repoze.what is missing (marked as TODO), and it's not clear to me how to do it properly. I would be very grateful for any help with that. -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.who CAS plugin
On Monday March 16, 2009 16:15:17 Eric Lemoine wrote: Does anyone know if there's a repoze.who plugin for CAS (Central Authentication Service)? Not yet. But if you want, you can create it by reading the repoze.who docs and posting your questions (if any) to the Repoze mailing list (or joining #repoze on Freenode). HTH, -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.what-pylons working sample project
Hello, Graham. On Saturday March 14, 2009 03:30:39 Graham Higgins wrote: On Mar 13, 12:45 am, Gustavo Narea m...@gustavonarea.net wrote: I'm sorry about the delay, but I've been very busy this week. Thanks for your efforts on this. I'd like to meet Gopal's request for a paster-ready repoze.what app. I already have a working repoze.who +repoze.what auth'n'auth template in Shabti [1] but it's based on an earlier how-to and I suspect that it would make more sense to use a Pylons-specific repoze.what plug-in if it can be made to work. Whoa, that's really nice. And yes, repoze.what-pylons makes some things simpler. I'll give you a hand, if you don't mind. I've created this fork for that: http://bitbucket.org/Gustavo/shabti-repozeauth/ [1] http://bitbucket.org/gjhiggins/shabti/src/tip/shabti/templates/auth_repozew ho/ Anyway, what was the exact problem you have? For me: 1. The action in the login form refers to a URL-cum-action: '/ login_handler' which is not mentioned anywhere else in the tutorial. That's right! I just fixed it. Thanks :) 2. When transcribed into a project, the plugin -- when configured according to the tutorial -- doesn't successfully authenticate. The log shows, somewhat cryptically: no identities found, not authenticating. In my Shabti template, in order to avoid a database issue, I ended up following mcdonc's advice and adopting a different config approach - see setup_sql_auth in [1]. Sorry, what did you exactly change? I see your add_auth() function looks like that in the HOWTO. I've started a project at http://bitbucket.org/Gustavo/whatpylonsproject/overview/ I can't seem to find any reference to a skip_authentication keyword parameter for setup_sql_auth in the plugin code but I'm probably looking in the wrong place. Any pointers? Oh, that's right. I inserted that keyword argument because I'll use the repoze.who-testutil plugin: http://code.gustavonarea.net/repoze.who-testutil/ That key is exactly used here: http://code.gustavonarea.net/repoze.who-testutil/API.html#repoze.who.plugins.testutil.make_middleware It makes testing repoze.who applications much, much easier. I'll include it in the repoze.who HOWTO when I have time, but if somebody else does it sooner, it'd be great ;-) Cheers! -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.what-pylons working sample project
Hello, I'm sorry about the delay, but I've been very busy this week. I've started a project at http://bitbucket.org/Gustavo/whatpylonsproject/overview/ The only thing it misses is a test suite using repoze.who-testutil. I'm stuck with a weird DB problem; I'll ask for help if I'm not able to fix it. I also wish to add more comments to it. Once it's finished, I'll update the HOWTO and post a message on this ML to let you know. Anyway, what was the exact problem you have? Cheers! On Saturday March 7, 2009 07:11:00 Krishgy wrote: Hi Gustavo Narea All, I couldn't make repoze.what working with my application when I am following http://wiki.pylonshq.com/display/pylonscookbook/Authorization+with+repoze.w hat Can you project a simple pylons project with the example? It is possible? Regards, Gopal -- Gustavo Narea xri://=Gustavo. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Authorization with repoze.what in Pylons
Hello, I'd make sure they're indeed installed in the current virtualenv: easy_install -U repoze.what-quickstart repoze.what-pylons This is the first time I see this problem, but I'm sure it's in the virtualenv. HTH. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Authorization with repoze.what in Pylons
On Tuesday February 24, 2009 23:26:58 dw wrote: Thanks for all your help. No worries! I'm glad to know it's working now! ;-) -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: dealing with cookies
Hello, Jonathan. Unfortunately you can't know where a cookie was defined because they are sent through the following HTTP header: Cookie: cookie1=value1cookie2=value2 Which doesn't specify the host where they were defined. Cheers. On Monday February 23, 2009 21:17:31 Jonathan Vanasco wrote: i've got an annoying issue with cookies... in my setup, i unfortunately had some cookies baked with www.domain.com and others with domain.com this didn't cause an issue in pylons, but it did cause an issue in a section of the site that was offloaded to php ( which was running a blog, and blocking if there was no preview cookie ). to consolidate things, I dropped www off our website, and am piping things through domain.com exclusively i have a few users with stray www.domain.com cookies that pylons is reading -- is there an easy way to invalidate these through pylons ? everything that i'm seeing in response.cookies is just k/v - there's no domain or other info. i can't remember if the domain info is supposed to be sent with cookies or not. anyone have a clue ? -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: dealing with cookies
On Monday February 23, 2009 21:38:53 Jonathan Vanasco wrote: I was afraid of that. I guess I just need to change the cookie name and have some sort conversion facility. Yes, I think that's the solution. Cheers. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: MySQL auth
On Friday February 20, 2009 10:58:13 menshikoval...@gmail.com wrote: I'm looking for autorization based at mysql. As I see authkit nornally support only sqlite and postgres. I'm newby in Pylons and can't to understand how to use this http://wiki.pylonshq.com/display/pylonscookbook/Advanced+Homegrown+Auth and how to change LDAP to MySQL. Any another blogs, examples, discussions are welcome. If you're looking for alternatives, you may try repoze.who and repoze.what for authentication and authorization, respectively. In the URL below you'll learn how to configure both quickly (most of that is just copypaste): http://wiki.pylonshq.com/display/pylonscookbook/Authorization+with+repoze.what I've never used AuthKit, but I guess it does support MySQL. Anyway, the plugins you'd be using with the tutorial above are DBMS-independent, so MySQL will work like a charm. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Authorization with repoze.what in Pylons
Thanks for spotting that, Roger! ;-)
Yes, you're right. I just fixed the HOWTO accordingly.
Cheers.
On Wednesday February 11, 2009 12:54:20 Roger Demetrescu wrote:
On Tue, Feb 10, 2009 at 17:51, Gustavo Narea m...@gustavonarea.net wrote:
Hello, everybody.
I'm pleased to announce that I have:
1.- Finished the guide on how to use repoze.what in Pylons:
http://wiki.pylonshq.com/display/pylonscookbook/Authorization+with+repoze
.what 2.- Created a plugin to integrate repoze.what in Pylons
applications: http://code.gustavonarea.net/repoze.what-pylons/
So hopefully now using repoze.what in Pylons-based applications will be
much easier. :)
Cheers!
Hi Gustavo,
I found 2 lines of code in your tutorial that says:
came_from = str(request.params.get('came_from')) or url_for('/')
If request doesn't have a 'came_from' param, the get() method should
return None, right ?
But doing a str(None) or failsafe_value would never reach the
failsafe_value, because None is evaluated as a True value in this
boolean expression.
Maybe you meant:
came_from = str(request.params.get('came_from') or url_for('/'))
Since I'm on a machine that doesn't have python installed, I didn't
test your code, so I may be missing something here.
Best regards,
Roger
--
Gustavo Narea http://gustavonarea.net/.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Authorization with repoze.what in Pylons
Hello, everybody. I'm pleased to announce that I have: 1.- Finished the guide on how to use repoze.what in Pylons: http://wiki.pylonshq.com/display/pylonscookbook/Authorization+with+repoze.what 2.- Created a plugin to integrate repoze.what in Pylons applications: http://code.gustavonarea.net/repoze.what-pylons/ So hopefully now using repoze.what in Pylons-based applications will be much easier. :) Cheers! -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: State of Auth with Pylons
Hello, On Tuesday January 27, 2009 15:16:36 TJ Ninneman wrote: Does the cookie get set within a custom Challenger plugin or within the Authenticator plugin? It's the way TurboGears itself deals with so-called flash messages, it's not specific to authentication messages. But I'd subclass the authenticator to flash the message you want (e.g., login succeeded, login failed). This conversation reminds me that logged in messages are not supported yet in TG2. Going to solve it now... Cheers. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: State of Auth with Pylons
Just for the record, there's already an SQLAlchemy/Elixir-based repoze.who authenticator: http://code.gustavonarea.net/repoze.who.plugins.sa/ So you don't have to write it yourself. Cheers. PS: Regarding your problem, I think RedirectingFormPlugin is a good solution. But anyway, I think this conversation deserves its own thread. On Monday January 26, 2009 20:18:04 TJ Ninneman wrote: Have you managed to deal with the problem of login handlers and error messages, that is what happens if a user tries to log in and for whatever reason, fails? I'm currently using repoze.who, and haven't managed to overcome this major point, even though I've discussed it at length with Chris McDonough. Cheers, Tom LOL, no I haven't. We are still early enough in development of this site that I just figured I'd go back and figure that out later. What about setting a session based flash message in your custom auth plugin: class UserModelPlugin(object): def authenticate(self, environ, identity): try: username = identity['login'] password = identity['password'] except KeyError: return None success = authenticate_user(model.User, model.meta.Session, username, password) if success: return success else: environ['beaker.session']['flash'] = Some sort of explanatory failure message return None Of course you have to be using the session middleware and put your auth middleware after your session middleware. TJ -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: FormEncode and International Languages
On Monday January 26, 2009 23:20:37 Jonathan Vanasco wrote: How are people dealing with FormEncode and International Languages? You write to an international mailing list talking about international languages. Then you assume English/Spanish/* means national language to us? Tell us where you're from so that we can know what languages are international to you. Better yet, stick to internationalization. Our project is dealing with a lot of French writers typing things like é , which fails many formencode tests. Use UnicodeString instead of String: http://www.formencode.org/class-formencode.validators.UnicodeString.html I don't think the problem will be present on other validators -- at least I guess so. This is more of an 'approach' issue: - how are you handling internationlization in Pylons from a business standpoint ? ie - what are you supporting and where ? In my case, I work for a non-profit and we try to support all possible languages. Translators are all volunteers. But anyway, I think the languages to be supported always depend your target audience. - how are you handling this technologically ? Given the context, I think you're looking for this: http://pylonsbook.com/alpha1/internationalization_and_localization HTH. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: State of Auth with Pylons
On Friday January 23, 2009 22:34:25 Mike Orr wrote: repoze.what can handle authorization for at least some sites, but I'm not sure how finished it is. Out-of-the-box, repoze.what v1 supports the groups/permissions authorization pattern like AuthKit, but allows you to store such groups/permissions in different sources (databases, XML files, ini files, etc.) and you may write so-called predicates to support additional authorization patterns. Regarding how finished it is, it's got its first stable release this week, it's been used in production websites for some time and has around 5 plugins to date. While I'm its author, I agree that right now it's not good/acceptable for every website whose core authorization mechanisms are not based on the groups/permissions pattern. Specially if you're searching for out-of-the-box support for: * Content-sensitivity authorization (e.g., make assertions like users that belong to the 'editors' group may edit blog posts but the blog post whose id is '1' can only be edited by the admin instead of a content-insensitive assertion like any user in the 'editors' group may edit blog posts). * Roles-based authorization. I mean, it *is* possible to do the above with repoze.what -- it's just not ready to use and you have to make it yourself. But if you feel comfortable creating your authorization system from scratch, I'd recommend you give r.what a try; I think it's very extensible -- but of course my opinion is biased ;-) Limitations like the ones above will be addressed in repoze.what v2. Cheers! -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: python -3 switch
On Thursday January 22, 2009 13:05:47 Jorge Vargas wrote: On Thu, Jan 22, 2009 at 5:59 AM, przemek.ch przemek...@gmail.com wrote: Hi, python 2.6 has a switch -3 which will show warnings about code that is not compatible with python 3 is ther a way to use tis switch with pylons? pylons don't use python directly and there's no such switch for paster many of pylons dependencies do not yet work on py3k therefore pylons itself still doesn't works there. that said we do run on 2.6. the simplest way I see of doing that is to change the shebang line of the paster command, which should be in $ENV/bin/paster, where ENV depends on your system and/or if you are using virtualenv. $ which paster will tell you. A work-around is to run your test suite with that switch (`python -3 setup.py test`). But of course, this won't be effective in projects that don't have a decent code coverage. Cheers. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Can't deploy with FastCGI on Apache2
Anyone? On Sunday January 18, 2009 23:29:31 Gustavo Narea wrote: Hello, I've tried the tutorial at http://wiki.pylonshq.com/display/pylonscookbook/Production+Deployment+Usin g+Apache, +FastCGI+and+mod_rewrite, but I can't get it to work. As suggested on the tutorial, I made a first try with CGI (using the attached script) but I get the error found in the attached log. What's the problem? Thanks in advance. PS: The last line is run_with_cgi(wsgi_app).run(), but I replaced it to run_with_cgi(wsgi_app) as you'll see in the script. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Can't deploy with FastCGI on Apache2
Hello,
I've tried the tutorial at
http://wiki.pylonshq.com/display/pylonscookbook/Production+Deployment+Using+Apache,
+FastCGI+and+mod_rewrite, but I can't get it to work.
As suggested on the tutorial, I made a first try with CGI (using the attached
script) but I get the error found in the attached log.
What's the problem?
Thanks in advance.
PS: The last line is run_with_cgi(wsgi_app).run(), but I replaced it to
run_with_cgi(wsgi_app) as you'll see in the script.
--
Gustavo Narea http://gustavonarea.net/.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
#!/home/gustavo/public_html/tg2-app/tg2appenv/bin/python
from paste.deploy import loadapp
wsgi_app =
loadapp('config:/home/gustavo/public_html/tg2-app/app/production.ini')
import os, sys
def run_with_cgi(application):
environ = dict(os.environ.items())
environ['wsgi.input']= sys.stdin
environ['wsgi.errors'] = sys.stderr
environ['wsgi.version'] = (1,0)
environ['wsgi.multithread'] = False
environ['wsgi.multiprocess'] = True
environ['wsgi.run_once']= True
if environ.get('HTTPS','off') in ('on','1'):
environ['wsgi.url_scheme'] = 'https'
else:
environ['wsgi.url_scheme'] = 'http'
headers_set = []
headers_sent = []
def write(data):
if not headers_set:
raise AssertionError(write() before start_response())
elif not headers_sent:
# Before the first output, send the stored headers
status, response_headers = headers_sent[:] = headers_set
sys.stdout.write('Status: %s\r\n' % status)
for header in response_headers:
sys.stdout.write('%s: %s\r\n' % header)
sys.stdout.write('\r\n')
sys.stdout.write(data)
sys.stdout.flush()
def start_response(status,response_headers,exc_info=None):
if exc_info:
try:
if headers_sent:
# Re-raise original exception if headers sent
raise exc_info[0], exc_info[1], exc_info[2]
finally:
exc_info = None # avoid dangling circular ref
elif headers_set:
raise AssertionError(Headers already set!)
headers_set[:] = [status,response_headers]
return write
result = application(environ, start_response)
try:
for data in result:
if data:# don't send headers until body appears
write(data)
if not headers_sent:
write('') # send headers now if body was empty
finally:
if hasattr(result,'close'):
result.close()
# Deploy it using FastCGI
run_with_cgi(wsgi_app)
[Sun Jan 18 23:15:58 2009] [error] [client 127.0.0.1] /home/gustavo/public_html/tg2-app/tg2appenv/lib/python2.6/site-packages/PEAK_Rules-0.5a1.dev_r2582-py2.6.egg/peak/rules/indexing.py:220: DeprecationWarning: object.__new__() takes no parameters
[Sun Jan 18 23:15:58 2009] [error] [client 127.0.0.1] /home/gustavo/public_html/tg2-app/tg2appenv/lib/python2.6/site-packages/ToscaWidgets-0.9.5dev_20081026-py2.6.egg/tw/core/view.py:202: DeprecationWarning: object.__new__() takes no parameters
[Sun Jan 18 23:15:58 2009] [error] [client 127.0.0.1] obj = object.__new__(cls, *args, **kw)
[Sun Jan 18 23:15:59 2009] [error] [client 127.0.0.1] /home/gustavo/public_html/tg2-app/app/app/model/auth.py:7: DeprecationWarning: the md5 module is deprecated; use hashlib instead
[Sun Jan 18 23:15:59 2009] [error] [client 127.0.0.1] import md5
[Sun Jan 18 23:15:59 2009] [error] [client 127.0.0.1] /home/gustavo/public_html/tg2-app/app/app/model/auth.py:8: DeprecationWarning: the sha module is deprecated; use the hashlib module instead
[Sun Jan 18 23:15:59 2009] [error] [client 127.0.0.1] import sha
[Sun Jan 18 23:15:59 2009] [error] [client 127.0.0.1] Error - class 'genshi.template.eval.UndefinedError': {'inputs': {}, 'errors': {}, 'locale': ['en-US', 'en'], 'flash': '', 'request': Request at a7226ac GET http://localhost:8080/%7Egustavo/tg2-app/app/dispatch.cgi/, 'quote_plus': function quote_plus at 0xb7b8f4fc, 'session': {'flash_status': '', '_accessed_time': 1232316959.220782, '_creation_time': 1232316959.220782, 'flash_message': ''}, 'url': function url at 0xa4743e4, 'auth_stack_enabled': True, 'config': {'error_email_from': 'pa...@localhost', 'pylons.app_globals': app.lib.app_globals.Globals object at 0xa6a7dec, 'pylons.paths': {'templates': ['/home/gustavo/public_html/tg2-app/app/app
Re: Problems with AuthKit (was: Django or Pylons - comparison details)
Hello.
On Wednesday December 10, 2008 07:56:18 Dalius Dobravolskas wrote:
I personally think that it is not possible to
write universal authorization system that will satisfy everyone but it
is possible to simplify writing one to very low level.
Agreed.
Let me advertise repoze.what a little bit... Sales are decreasing lately ;-)
Let's analyze your case in light of those helper functions:
- Customisable table names
In repoze.what, you can customize table and column names, reuse tables from
different databases and hopefully customize anything you may ever want to
customize.
Or you may use no database at all and store your groups and permissions in
files (for example) using Ini files:
http://pypi.python.org/pypi/repoze.what.plugins.ini
- Users, Roles and Permissions
repoze.what supports them out-of-the-box. And in v1.0 final version they will
be optional, for those who prefer a different authorization pattern.
- Hide/show menu items pulled from the DB, based on permissions
repoze.what ships with so-called predicates, including one called
has_permission.
For example, TurboGears 2 developers use that predicate as:
class SomeController(BaseController):
@require(has_permission('editor'))
def index(self):
flash('You are an editor!')
# ...
(@require is a rather small trivial decorator provided by TG, which can be
used in other WSGI frameworks if you copy/paste it)
For more info: http://static.repoze.org/whatdocs/
Cheers.
--
Gustavo Narea http://gustavonarea.net/.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: repoze.what -- Authorization for WSGI applications
On Thursday November 27, 2008 11:31:08 Lawrence Oluyede wrote: On Wed, Nov 26, 2008 at 8:03 PM, Gustavo Narea [EMAIL PROTECTED] wrote: Cheers! Slight point about the documentation: you use the same color for hyperlinked text and non-hyperlinked text and I think it somewhat misleading. HTH Thanks, I'll try to correct it asap. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.what -- Authorization for WSGI applications
On Thursday November 27, 2008 14:13:06 Dalius Dobravolskas wrote: I agree with that. Even more REMOTE_USER is not enough to distinguish between different authentication methods when multiple methods are used. Because of that I offer to do following in r.who: Set REMOTE_USER as username. Usually all authentication systems provides one or another form of username. Set x-wsgiorg.user_data with data dict (e.g. certificate details, OpenID SREG data and etc.). Name was proposed by Ian Bicking. That sounds good to me, but I don't why that's not done. There must be a good reason, I think. This way r.who and r.what will be compatible with other authentication and authorization solutions. Right. :) Cheers. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.what -- Authorization for WSGI applications
On Thursday November 27, 2008 23:26:06 Graham Dumpleton wrote: Does that mean you ignore AUTH_TYPE variable passed in from Apache where Apache module performs the authentication? repoze.who sets that variable when it performs the authentication. However, if you want to bypass r.who authentication when the server already authenticated the user, you'll have to specify it explicitly (create a rather simple r.who identifier to do so). Cheers. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: repoze.what -- Authorization for WSGI applications
Hello, Graham. On Thursday November 27, 2008 11:07:00 Graham Dumpleton wrote: Why is it dependent on repoze.who? A nicely decoupled system would only need to know that authentication had succeeded which generally is identifiable by REMOTE_USER being set in the WSGI environment dictionary passed from outer middleware, On the one hand, because I wanted to take advantage of the repoze.who system to run certain authorization-related actions during the process of identification (this is, prepare the authorization system). On the other hand, because REMOTE_USER (which isn't set by r.who) is not always enough and also some of the future features will rely on future/existing repoze.who plugins, for example: - I'll write an X.509-based repoze.who identifier which will authenticate the user if she has a valid SSL cert issued by a trusted Certificate Authority; also, there will be a r.who metadata provider which will load the properties of her certificate. Then, with r.what, you'll have X.509-based predicates [1] which will use the data loaded by the MD provider (e.g., The user must work at ABC, The user's certificate must have been signed by our own Certificate Authority). - Likewise, the repoze.who LDAP plugin will also load the attributes of the current user (e.g., Organization Units) and such data may be very useful for authorization through r.what predicates [1] (e.g., Only the Human Resources department can access the payroll). Trying to achieve the above independently of repoze.who will require much too more code/effort for the developer because she will have to (1) take care of the X.509/LDAP authentication (possibly using an authentication framework), (2) extract the attributes required by the predicates she's going to use and (3) pass such data to repoze.what so that the predicates can work. On the contrary, this way everything will work out-of-the-box. Authentication and identification is absolutely independent of authorization, but authorization very often relies on identification. This is why the goal is to leave r.who as an independent authentication/identification-only project, but make an authorization framework based on its powerful and extensible identification system. where outer middleware has performed authentication, or even where it didn't and REMOTE_USER was set by a web server capable of doing authentication itself such as Apache. For example, in such a situation, you'd just need to configure repoze.who with an identifier that takes that value as the userid, which is very trivial and authorization through r.what will work as usual. I would have thought seriously about decoupling it if I knew of any limitation in the authentication and identification systems of r.who, but I can't think of a situation that cannot be even solved by extending it. Cheers! [1] http://static.repoze.org/whatdocs/Manual/Predicates.html -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
repoze.what -- Authorization for WSGI applications
Hello, everybody. I'm writing to let you know about the authorization framework I have been working on, repoze.what: http://static.repoze.org/whatdocs/ Some of its features are: * Web framework independent. * Authorization only. It will only do authorization and nothing else. * _Highly_ extensible. * _Fully_ documented. * Your application's `groups` and `permissions` may be stored in an SQLAlchemy managed database, thanks to the SQL plugin (repoze.what.plugins.sql). * The only requirement is that you use the repoze.who authentication framework (which is configured for you by repoze.what). * It's not hard to get started! It's not a stable software yet, but it's just reached its first beta. Cheers! -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ signature.asc Description: This is a digitally signed message part.
Re: auth and auth
On Tuesday November 25, 2008 07:18:56 Dalius Dobravolskas wrote: repoze.what: Looks like TurboGears 1. The main mistake makes everyone when they implement authorization plugin/middleware, they think that everyone builds social networks or simple sites where you have users in groups with roles. In real world that does not work sometimes. I think it much better to leave control for user: http://trac.sandbox.lt/auth/wiki/AuthorizeMiddleware I guess you've only read the outdated documentation at static.repoze.org. I'm currently preparing the first beta and the new documentation, but here's an excerpt from the main page: .. topic:: Overview :mod:`repoze.what` is an `authorization framework` for WSGI applications, based on :mod:`repoze.who` (which deals with `authentication`). On the one hand, it enables an authorization system based on the groups to which the `authenticated or anonymous` user belongs and the permissions granted to such groups by loading these groups and permissions into the request on the way in to the downstream WSGI application. And on the other hand, it enables you to manage your groups and permissions from the application itself or another program, under a backend-independent API. For example, it would be easy for you to switch from one back-end to another, and even use this framework to migrate the data. It's highly extensible, so it's very unlikely that it will get in your way. Among other things, you can extend it to check for many other conditions (such as checking that the user comes from a given country, based on her IP address, for example). Features Unless mentioned otherwise, the following features are available in :mod:`repoze.what` and its official plugins: * ``Web framework independent``. You can use it on any WSGI application and any WSGI framework (or no framework at all). Web frameworks may provide integration with it (like `TurboGears 2 http://turbogears.org/2.0/docs/`_, which features a strong integration with :mod:`repoze.what`). * ``Authorization only``. It doesn't try to be an all-in-one auth monster -- it will only do `authorization` and nothing else. * ``Highly extensible``. It's been created with extensibility in mind, so that it won't get in your way and you can control authorization however you want or need, either with official components, third party plugins or your own plugins. * ``Fully documented``. If it's not described in the manual, it doesn't exist. * ``Reliable``. We are committed to keep the code coverage at 100%. * ``Control access to any resource``. Although it's only recommended to control authorization on action controllers, you can also use it to restrict access to other things in your package (e.g., only allow access to a database table if the current user is the admin). * Your application's `groups` and `permissions` may be stored in an SQLAlchemy managed database, thanks to the SQL plugin (:mod:`repoze.what.plugins.sql`). * The only requirement is that you use the powerful and extensible `repoze.who http://static.repoze.org/whodocs/`_ authentication framework. * `It's not hard to get started!` And according to the to-do list, we *will* have official plugins to: * Enable `OAuth http://oauth.net/`_ support. * Enable authorization based on certain network conditions (e.g., grant access if the user's IP address belongs to a given IP range, deny access if the user's host name is example.org, grant access based on the user's ISP). * Enable authorization based on `client-side SSL certificates http://en.wikipedia.org/wiki/X.509`_ (e.g., allow access if the `Certificate Authority` is XYZ, allow access if the user is called John Smith or Foo Bar). * Enable authorization based on LDAP attributes of the authenticated user's entry (e.g., allow access if the user can be reached at a cellular phone, allow access if the user belongs to the ABC organization). * Enable a highly extensible `CAPTCHA http://en.wikipedia.org/wiki/CAPTCHA`_ driven authorization mechanism to restrict access to a given resource (possibly the hardest to create plugin). * Store groups in ``Htgroups`` and ``ini`` files, and re-use LDAP `Organizational Units` as groups. * Store permissions in ``ini`` files. Oh, and it already provides a module to get started very quickly with repoze.who and repoze.what at the same time, which is used in TurboGears 2. Cheers. -- Gustavo Narea. General Secretary. GNU/Linux Matters http://gnulinuxmatters.org/. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group
Re: auth and auth
On Tuesday November 25, 2008 12:29:17 Dalius Dobravolskas wrote: What if you need to combine multiple authentication schemes in the same site? You can add multiple middlewares. The problem is when middlewares or plugins conflict with each other (e.g. because of lack of options). repoze.who does not help to solve this problem. Can you please provide one example in which that problem is present in repoze.who? Just one. In all honesty, I don't like that approach of loading middleware just to add authentication methods. repoze.who's approach is elegant because it has broken up the various components involved in authentication (the so-called identifiers, authenticators, challengers and metadata providers) so that they can all work _harmoniously_, controlled by repoze.who itself. That's why repoze.who scales up and scales down. Cheers. -- Gustavo Narea. General Secretary. GNU/Linux Matters http://gnulinuxmatters.org/. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: auth and auth
On Tuesday November 25, 2008 20:55:15 Dalius Dobravolskas wrote: E.g. similar patches or similarly named cookies while they should be different. I have accidentally named my AuthKit cookie and beaker session the same name once and have had time until I have understood where is problem. I have not checked that but I doubt that there is any mechanism preventing user from doing such simple mistakes in repoze.who. Or am I wrong? Yes, you are wrong, as Gael pointed in the previous message. Come on, there's no such a problem with repoze.who. Based on the your statements on this thread, I'd say you barely read the repoze.who documentation. In all honesty, I don't like that approach of loading middleware just to add authentication methods. And instead you do the *same* just in slightly different way. repoze.who specifies in config which plugins to load. AuthKit specifies in config which middlewares to load. I offer to specify in code which middlewares to load. Technically I can write AuthKit-like middleware that allows to do the same as AuthKit (but I don't see value in that). As I have already written repoze.who adds another level of complication (components) to WSGI. repoze.who's approach is elegant because it has broken up the various components involved in authentication (the so-called identifiers, authenticators, challengers and metadata providers) so that they can all work _harmoniously_, controlled by repoze.who itself. That's why repoze.who scales up and scales down. It looks like you are the person who understands something here. Could you explain to me why this division into components is good? Why is it not enough WSGI for this task? Whatever you say. This is turning into an endless debate with the same arguments on both sides -- you vs. everybody else. -- Gustavo Narea. General Secretary. GNU/Linux Matters http://gnulinuxmatters.org/. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
