Re: [Zope-dev] Acquisition wrapped objects do not behave well on unicode call
On 2011-02-19 17:17:44 +0100, Hanno Schlichting said: On Thu, Feb 17, 2011 at 8:27 AM, Christian Zagrodnick c...@gocept.com wrote: On 2011-02-16 22:22:53 +0100, Hanno Schlichting said: svn+ssh://svn.zope.org/repos/main/Acquisition/branches/zagy-unicode-should-be-called Sure. I'll review, merge and release. Should be sometime this week, cannot promise a day. Branch reviewed, merged and released in Acquisition 2.13.6. Could you remove the merged branch once you updated your buildout config? Done. Thanks for releasing! -- Christian Zagrodnick · c...@gocept.com gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PAS, AuthEncoding and zope.password
On Fri, Feb 18, 2011 at 22:19, Martijn Pieters m...@zopatista.com wrote:
We should at the very least convert PAS to use zope.password instead
of AccessControl.AuthEncoding.
There is a snag. The zope.password API doesn't provide any way to
detect what scheme was used for a given hash.
Say you have a SSHA hash, it'll start with the string {SSHA}, while
a bcrypt encryption starts with $2a$. Unfortunately, the
zope.password IPasswordManager only provides methods to encode the
password and check if a given password is correct. The only consumer
of the interface, zope.app.authentication.principalfolder only
supports one password manager at a time so never had a need to detect
schemes.
I'll just go ahead and expand then IPasswordManager interface to
provide a match method that returns a boolean if a given hash uses the
specific encoding scheme. Presumably this'll be zope.password 4.0.0.
What does this mean for the versioning of AccessControl however? Will
that'll be a 2.14 release? What version of Zope2 can start using the
new AccessControl package with a zope.password = 4.0.0 dependency?
Zope2 primarily uses the ZTK, so a version pin would be needed there
until the new zope.password release makes it into the ZTK.
--
Martijn Pieters
___
Zope-Dev maillist - Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PAS, AuthEncoding and zope.password
Hi. On Sun, Feb 20, 2011 at 11:41 AM, Martijn Pieters m...@zopatista.com wrote: On Fri, Feb 18, 2011 at 22:19, Martijn Pieters m...@zopatista.com wrote: We should at the very least convert PAS to use zope.password instead of AccessControl.AuthEncoding. I'll just go ahead and expand then IPasswordManager interface to provide a match method that returns a boolean if a given hash uses the specific encoding scheme. Presumably this'll be zope.password 4.0.0. Yes, changing the existing interface would require a 4.0. If you'd add a new interface extending the IPasswordManager one, we could do it in a 3.x release. A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a backwards incompatible 4.0 would have to wait for ZTK 1.2. What does this mean for the versioning of AccessControl however? Will that'll be a 2.14 release? Introducing a new dependency on zope.password will mean a 2.14 release. What version of Zope2 can start using the new AccessControl package with a zope.password = 4.0.0 dependency? This depends on the changes in AccessControl and how backwards compatible they are. If backwards compatibility is preserved, this can go into Zope 2.13 and trunk, since we allow minor feature additions in the stable series. Zope 2.12 is at a 2.12.15 release now and at the end of its lifecycle - it'll only see bugfixes. Hanno ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PAS, AuthEncoding and zope.password
On Sun, Feb 20, 2011 at 11:56, Hanno Schlichting ha...@hannosch.eu wrote:
Yes, changing the existing interface would require a 4.0. If you'd add
a new interface extending the IPasswordManager one, we could do it in
a 3.x release.
A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a
backwards incompatible 4.0 would have to wait for ZTK 1.2.
Right. What would be a suitable name for the extended interface?
IMatchingPasswordManager?
I've committed a revision that implements this as an extension to the
existing interface:
http://zope3.pov.lt/trac/changeset/120458/zope.password/trunk
but that's easy enough to change.
I've also found that the SHA1 scheme in zope.password uses the {SHA1}
prefix, which is incompatible with LDAP and
AccessControl.AuthEncoding, which both use {SHA} instead. I'll change
zope.password to support {SHA} as well, defaulting to that prefix.
What version of Zope2 can start using the
new AccessControl package with a zope.password = 4.0.0 dependency?
This depends on the changes in AccessControl and how backwards
compatible they are.
If backwards compatibility is preserved, this can go into Zope 2.13
and trunk, since we allow minor feature additions in the stable
series. Zope 2.12 is at a 2.12.15 release now and at the end of its
lifecycle - it'll only see bugfixes.
It'll be backwards compatible. I'm planning to keep supporting legacy
schemes registered with registerScheme, with listSchemes listing
zope.password managers as well.
The only thing that could perhaps be removed are the SSHADigestScheme
and SHADigestSCheme classes, as these will be completely redundant
with zope.password support.
--
Martijn Pieters
___
Zope-Dev maillist - Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Zope Tests: 101 OK, 21 Failed, 2 Unknown
Summary of messages to the zope-tests list. Period Sat Feb 19 12:00:00 2011 UTC to Sun Feb 20 12:00:00 2011 UTC. There were 124 messages: 8 from Zope Tests, 4 from buildbot at pov.lt, 31 from buildbot at winbot.zope.org, 11 from ccomb at free.fr, 5 from ct at gocept.com, 65 from jdriessen at thehealthagency.com. Test failures - Subject: FAILED : winbot / ztk_dev py_270_win64 From: buildbot at winbot.zope.org Date: Sat Feb 19 15:45:25 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032495.html Subject: FAILED : winbot / ztk_10 py_244_win32 From: buildbot at winbot.zope.org Date: Sat Feb 19 15:54:52 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032496.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.1_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Sat Feb 19 18:47:27 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032537.html Subject: FAILED : Total languishing bugs for zopeapp: 2 From: ct at gocept.com Date: Sat Feb 19 20:30:13 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032561.html Subject: FAILED : Total languishing bugs for zopetoolkit: 195 From: ct at gocept.com Date: Sat Feb 19 20:37:01 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032563.html Subject: FAILED : Total languishing bugs for zope: 48 From: ct at gocept.com Date: Sat Feb 19 20:40:35 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032564.html Subject: FAILED : Total languishing bugs for zope2: 2 From: ct at gocept.com Date: Sat Feb 19 20:45:06 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032565.html Subject: FAILED: Repository policy check found errors in 317 projects From: ct at gocept.com Date: Sat Feb 19 21:13:41 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032570.html Subject: FAILED : winbot / z3c.form_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 22:11:57 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032580.html Subject: FAILED : winbot / z3c.rml_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 22:39:53 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032583.html Subject: FAILED : Zope Buildbot / zopetoolkit-py2.5 slave-osx From: jdriessen at thehealthagency.com Date: Sat Feb 19 22:43:32 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032584.html Subject: FAILED : winbot / z3c.template_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:02:36 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032586.html Subject: FAILED : winbot / z3c.layer.ready2go_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:11:25 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032587.html Subject: FAILED : winbot / z3c.formui_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:12:45 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032588.html Subject: FAILED : winbot / z3c.tabular_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:14:56 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032589.html Subject: FAILED : winbot / z3c.contents_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:15:50 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032590.html Subject: FAILED : winbot / z3c.ptcompat_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:33:22 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032591.html Subject: FAILED : winbot / z3c.pdftemplate_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:37:18 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032592.html Subject: FAILED : winbot / z3c.coverage_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:38:39 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032593.html Subject: FAILED : winbot / z3c.macro_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:39:23 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032594.html Subject: FAILED : winbot / z3c.pagelet_py_265_32 From: buildbot at winbot.zope.org Date: Sat Feb 19 23:43:48 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032595.html Unknown --- Subject: UNKNOWN : Zope Buildbot / zopetoolkit-1.1-py2.6 slave-osx From: jdriessen at thehealthagency.com Date: Sat Feb 19 21:38:19 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032572.html Subject: UNKNOWN : Zope Buildbot / zopetoolkit-py2.6 slave-osx From: jdriessen at thehealthagency.com Date: Sat Feb 19 23:55:13 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-February/032596.html Tests passed OK --- Subject: OK : winbot / ztk_dev py_254_win32 From: buildbot at winbot.zope.org Date: Sat Feb 19
Re: [Zope-dev] PAS, AuthEncoding and zope.password
On Sun, Feb 20, 2011 at 12:39, Martijn Pieters m...@zopatista.com wrote:
Yes, changing the existing interface would require a 4.0. If you'd add
a new interface extending the IPasswordManager one, we could do it in
a 3.x release.
A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a
backwards incompatible 4.0 would have to wait for ZTK 1.2.
Right. What would be a suitable name for the extended interface?
IMatchingPasswordManager?
I've committed a revision that implements this as an extension to the
existing interface:
http://zope3.pov.lt/trac/changeset/120458/zope.password/trunk
but that's easy enough to change.
I've also found that the SHA1 scheme in zope.password uses the {SHA1}
prefix, which is incompatible with LDAP and
AccessControl.AuthEncoding, which both use {SHA} instead. I'll change
zope.password to support {SHA} as well, defaulting to that prefix.
I've implemented the {SHA} prefix change, as well as implement {CRYPT}
support, making zope.password useful for all schemes explicitly named
in RFC 2307, except the MD5 scheme.
The latter uses a salt by default, making it incompatible with LDAP
{MD5}. Open LDAP implements a salted MD5 scheme ({SMD5}) but places
the salt at the end of the hash, not at the beginning as the
zope.password manager implements it.
I think I can keep that one backwards compatible but disable support
for generating hashes with a salt, and add a SMD5 manager to implement
a compatible scheme.
With all the new password managers, this will be at least a 3.7
release, with a separate extended interface.
--
Martijn Pieters
___
Zope-Dev maillist - Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope )
