Sebastian Noack and I were discussing the Gitorious::Authentication
plugins, and Sebastian brought up an interesting point.
Sebastian noticed that the Kerberos plugin only replaces dots ('.') in
usernames, but there are more invalid characters. In his SSL
Authentication plugin, he uses a regex to replace all invalid
characters. He also has a configurable option to allow admins to
transform "s.noack" to either "snoack" or "s-noack", for example.
This brings up a larger point with the Gitorious::Authentication code:
now that we have all these G::A plugins, a lot of code duplication has
sprung up. The username sanitation is a prefect example, because I
myself copied the code from the G::A::LDAPAuthentication class. If we
follow Sebastian's suggestion to fix the username sanitation in one
plugin, we really ought to fix it in all plugins. Another problem is
with security: see
https://gitorious.org/gitorious/mainline/merge_requests/205 for
example. It is tedious to have to make identical changes across
plugins.
Sebastian suggested that we could use mixins to provide common
features like username transformation or auto-registration. We decided
to take the discussion to the list to get more feedback. Gitorious
devs: What do you think? Do you have any feedback on the naming or
locations of such mixins?
(Please keep Sebastian CC'd, as he's not currently subscribed to the list)
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
