Re: AuthKit using database for users, groups, roles?
Hi Chris, Chris Shenton wrote: My implementation may not be the cleanest and I'm still uncertain about doing auth in my account.py controller versus doing something with valid() in app_globals.py. Well, you only need to use valid() if you want the AuthKit middleware to handle the authentication. Since you are using the forward method your application has to handle authentication itself so your setup is correct! I've written a HOWTO on what I did at http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitDatabase This is really useful actually, thanks! I'm going to see if I can find a simple way to package it up so that it can form part of AuthKit itself, perhaps using Elixir and ToscaWidgets to make it look a bit simpler. Cheers, James --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: AuthKit using database for users, groups, roles?
On Thu, 2007-03-22 at 18:48 -0400, Chris Shenton wrote: I've written a HOWTO on what I did at http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitDatabase Feedback, sanity checks and corrections welcomed. I'm sure it's far from optimal but hope it will help other folks get started with this common chore. Very minor nit. You specify that the username is unique in the model, but then explicitly test in valid() whether more than one user is returned (which is theoretically impossible). Cliff --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: AuthKit using database for users, groups, roles?
James Gardner [EMAIL PROTECTED] writes: I extracted all the lifeproject code into the AuthDemo code here. http://authkit.org/svn/AuthKit/trunk/examples/pylons/AuthDemo/ Well, the AuthDemo code is a full example of how to store user data in an SQLAlchemy database but other than that I think you will have to do the work yourself. If you have some specific requirements perhaps we can try to build the appropriate code into AuthKit 0.4? In another reply James Gardner wrote: I always implement my own database, permissions and valid() function in my code. The users API is simply meant for use in small systems where there isn't any need for a more sophisticated solution. I've followed the code in AuthDemo and stripped it down quite a bit so that it sorta mirrors the stock user API: username, password; group; roles. I've got it requiring authentication with an: @authorize(RemoteUser()) so that's going well. Now I'd like to create other Permissions like RoleIn(['role1','role2']) GroupIn(['group1', 'group2']) to mirror UserIn(). The docs say to subclass Permission, but I'm not sure where to do that so it's available to me. Any suggestions? Also, I don't understand where -- or if -- I need to define valid(). Currently, I have an account.py controller with action signin which does the DB lookup and comparison of username/password. I could certainly pull that out into a valid() function but where should it be defined so the rest of AuthKit can use it? Thanks again for any pointers. Once I get this going a bit more with Group and Role authorization I'll write up a HOWTO or something. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: AuthKit using database for users, groups, roles?
On 16 maalis, 23:16, Chris Shenton [EMAIL PROTECTED] wrote: I need to be able to create/modify/delete my AuthKit users through my webapp. The documented built-in users can come from the .ini file config vars or their own file. While I could conceivably change user info and write it back out to a stand-alone file, I'm a bit concerned about race conditions or other problems corrupting my file upon save. Maintaining users in a database makes sense, and for AuthKit a simple schema in SQLite seems like a good fit. But I can't find any docs for AuthKit which describe how you'd do this. There are some mentions in old versions about lifeproject but I don't see and current database examples. Got any pointers? I've also been wondering what is the best way to use Authkit when the user database is an external one. There's this page [1] about how to make Authkit forward authentication and authorization fully to your application. One way so seems to use this forward method, and handle all authentication and authorization by yourself, [2] i.e., implement the login/logout actions, and on start of each request put the user info to c.user, for example, based on environ['REMOTE_USER'] (which is set by Authkit). It's quite easy to write your own set of authkit Permissions for checking whether user is in given group or has a given role. But I'm not really sure whether this is the best way to go, or would it be more sensible to leverage Authkit's user system. A starting point for this seems to be the authkit.users.object other config settings [3] that allow defining a custom class that implements the authkit user database API custom password validation. [1] http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitForward [2] http://authkit.org/docs/manual.html#manually-handling-user-management [3] http://authkit.org/docs/manual.html#using-the-user-management-api -- Pauli Virtanen --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: AuthKit using database for users, groups, roles?
Hi Pauli, I always implement my own database, permissions and valid() function in my code. The users API is simply meant for use in small systems where there isn't any need for a more sophisticated solution. Although you could create your own implementation of the API to use a database, it is really just as easy to start from scratch and use the lower-level tools AuthKit provides. Cheers, James I've also been wondering what is the best way to use Authkit when the user database is an external one. There's this page [1] about how to make Authkit forward authentication and authorization fully to your application. One way so seems to use this forward method, and handle all authentication and authorization by yourself, [2] i.e., implement the login/logout actions, and on start of each request put the user info to c.user, for example, based on environ['REMOTE_USER'] (which is set by Authkit). It's quite easy to write your own set of authkit Permissions for checking whether user is in given group or has a given role. But I'm not really sure whether this is the best way to go, or would it be more sensible to leverage Authkit's user system. A starting point for this seems to be the authkit.users.object other config settings [3] that allow defining a custom class that implements the authkit user database API custom password validation. [1] http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitForward [2] http://authkit.org/docs/manual.html#manually-handling-user-management [3] http://authkit.org/docs/manual.html#using-the-user-management-api -- Pauli Virtanen --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---