On Friday, September 14, 2012 6:06:15 PM UTC-4, Chris McDonough wrote: > > On 09/14/2012 03:37 PM, Florian R�chel wrote: > > Hi Domen, > > > > I would agree with you if it would really complicate things much, but I > > can't see why it would. All those cases are really simple to implement > > and I don't see any security risks either as the configuration of the > > hash algorithm is under full control of the application developer using > > it. However, if Chris disagrees, I can remove all those features and > > really restrict it to basic algorithms (in this case I would prefer to > > offer all those currently supported by hashlib. > > > > Now on to the work: I have finished the code and also implemented some > > new tests to assure it works. But here is where I will now need help > > from more experienced developers: How can I make sure I have full > > coverage of all situations? This seems to be the most tricky part. In > > fact, I think I should have covered all parts but this is because I > > assume that there is no interaction between the hashalg and the > > parameters I put in (e.g. should I test with and without tokens > > explicitly? I chose not to). > > > > Before I submit a patch for pyramid on github, I would kindly ask for > > some code review by experienced developers. Under > > https://github.com/Javex/pyramid/tree/feature.auth_multiple_hashalgsyou > > will find my cloned repository's feature branch. Please have a look at > > it, maybe clone it and tell me what I possibly missed. If feedback is > > positive, I will submit a pull request to pyramid. > > > > Please note: *I consider this finished, so I now await feedback. > > > This is a lot more code that I thought it would be. A few things: > > - You dont need to implement your own dotted name resolver. We have > one of those in pyramid (named DottedNameResolver or something). > > - You probably dont even need to resolve dotted names. I'd just > make people pass the callable that returns a new hash or something, > don't bother with trying to figure out what they mean, just make > them pass a single kind of thing. > > - C >
"valid argument to hashlib.new()" is good enough. Then you just make the default def fn(hashalg='md5') All simple. -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-devel/-/LAhZhCtnoVcJ. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
