On 21 June 2010 17:31, Wyatt Baldwin <[email protected]> wrote: > On Jun 21, 7:40 am, Eugueny Kontsevoy <[email protected]> wrote: >> The reason I picked Pylons is precisely because it's not polluted with >> all-size-fits-all solutions for trivial problems. Coding an authentication >> from scratch takes less than an hour: with "remember me" feature, >> bcrypt-based hashing, password recovery, etc. And you have to do it just >> once during your "Pylons career" and carry over from one app to another. > > Would you be interested in posting your one-hour-auth solution? I'm > about to go down this road (roll my own vs repoze vs ?), and seeing a > simple roll-your-own example would be helpful, even though I know I > can figure it out myself. Also, is this solution authentication only, > or is there an authorization piece, too?
The authentication example (or plugin) was something I brought up in my "plugin" proposal from a few weeks back (apologies to the list for not following up more on this!): <http://groups.google.com/group/pylons-discuss/browse_thread/thread/f8969e28b0a007c7/> (Excerpted quote below). I can point to several specific cases where we do auth if that is useful: 1. Standard repoze.who + repoze.who.openid setup (can run this without a user object -- as in microfacts): <http://knowledgeforge.net/microfacts/hg/file/06cecaf71475/microfacts/controllers/user.py> <http://knowledgeforge.net/ckan/hg/file/b724b922755b/ckan/controllers/user.py> Use in: <http://weavinghistory.org/> and <http://ckan.net/> respectively. 2. Form + email confirmation (and state interruption e.g. if you were in the middle of doing something when asked to login or register it returns you there): <http://knowledgeforge.net/ckan/isitopen/file/bc82ec09f1c5/isitopen/controllers/account.py> Used in: <http://isitopendata.org/> Rufus <quote> ... However, there are some standard components which it would be nice to be able to "plugin" in a standard way -- e.g. users + auth, admin, settings, comments (more examples plus details below). ... Now, I'm well aware of Pylons different and more flexible (and IMO better) approach compared to e.g. django. And that this architecture may mitigate against providing any standard "plugin" (e.g. how do we know which template framework -- mako, genshi, jinja, etc -- a given pylons user is using ...). ... However, I think it is still possible to do something useful along these lines -- even if a formal plugin framework isn't possible/required just "packaging" up best-practice(s) *pattern* for how to do standard stuff it would be very valuable (especially if a pattern kept up to date!). ... ## Pylons plugin proposals ### 1. Users and Authentication - basic plugin to do users and authentication out of the box * Openid + Form (email confirmation etc) * Build on existing plugins (repoze.who, authkit, whatever) * Tie in to existing model (sqlalchemy) object (or provide demo code to create it) * Even if just a demo that *works* it would be useful * We've now done this ~ 6 times. There are commonalities and even if this were just a demo it would be useful </quote> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
