Re: [Qgis-developer] New authentication system ready

[Larry Shaffer]

Hi Tim,

On Mon, Sep 28, 2015 at 12:20 PM, Tim Sutton  wrote:

> Hi
>
> By the way I will use your response and snippets from this thread to
> create the visual changeling entry. Hope that is ok!
>

Sure. You can also pilfer the user documentation, as referenced in the QEP
[0]. It was the in-house doc for the Boundless version that was focused on
PKI, but still gives a pretty good overview of the user's perspective on
working with the system. (Oh so snazzy Win 10 screen snaps as well!)

The Authentication section of Options has graphically changed, but that's
about it, beyond the screen snap in this thread.

[0]
https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/extras/auth-system/pkiuser.rst

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota



> Regards
>
> Tim
>
> On 26 Sep 2015, at 20:51, Larry Shaffer  wrote:
>
> Forgot the attachment:
> http://drive.dakotacarto.com/qgis/auth-edit-authcfg-id.png
>
> That shows editing the auth config ID in the config editing widget, which
> can also be accessed from an auth config selector widget's Edit button. The
> selector is what would generally be the only widget needed in plugins or
> standalone apps for users to access and work with the auth system. You can
> see the selector embedded in the PostGIS and OWS service connection dialogs.
>
> Once a plugin has an auth config ID it just calls to QgsAuthManager,
> passing the ID, to 'expand' the auth config where needed, in a
> QNetworkRequest object for example. The auth method plugin associated with
> the config then manages what credentials gets expanded and how, after
> QgsAuthManager marshals a call to the plugin.
>
> Looks like I need to get busy finishing the auth system overview
> Lucidchart diagram I started!  :^)
>
> Regards,
>
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
>
> On Sat, Sep 26, 2015 at 12:04 PM, Larry Shaffer 
> wrote:
>
>> Hi Tim,
>>
>> On Sat, Sep 26, 2015 at 2:33 AM, Tim Sutton  wrote:
>>
>>> Hi Larry
>>>
>>>
>>> Great to see this new feature make its way into QGIS. One thing I am
>>> curious about is what happens when we want to publish a project in QGIS
>>> server. What is the standard workflow for that or similar situations (e.g.
>>> shared project stored on a network drive?
>>>
>>
>> For shared project scenarios, including the network drive setup, you can
>> edit the authentication configuration ID to something that is shared across
>> users. (Thanks to Nyall for pointing out that this, and the Handle Bad
>> Layers dialog, needed solved before feature freeze. [0])
>>
>> Since the authcfg ID is embedded in the project file, each user just
>> needs to make an auth config that has their specific credentials for that
>> resource, then edit the ID (upon creation or config or after) to the same
>> ID in the project file. Then, when when the resource loads, the same
>> configuration will be queried on everyone's QGIS, just with their
>> respective credentials for the authentication method used.
>>
>> With the very last feature I added, for the Handle Bad Layers dialog,
>> users can Add/Edit/Remove auth configs within the dialog and have the data
>> source URI updated to match. So, in the scenario of a shared project, the
>> user could immediately add an appropriate new auth config (and see exactly
>> what shared authcfg ID should be used) upon project loading .
>>
>> Also, see the discussion in the PR about other sharing scenarios, and how
>> the unimplemented Resource URL could help here  [1].
>>
>> Regarding the QGIS Server launch, I think a good fix would be to add
>> support for passing the master password as an environment variable to a
>> password file, like is done with Postgres and other setups. For example, an
>> env var like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In
>> QgsAuthManager::instance()->init() the variable could be read, password
>> loaded, then the variable unset in the env. This would also make a great
>> way to allow using Desktop without having to enter your master password
>> every session.
>>
>> Similarly, the master password could be in an OS's keychain or keyring
>> and be auto-input in the background on launch if that user's OS key cache
>> is unlocked. See Matthias's suggestion for that [2].
>>
>> Currently, the master password auto-set can be set via Python, or by way
>> of a custom C++ plugin, on launch setups using a call to
>> QgsAuthManager::instance()->setMasterPassword( "mypassword", true ).
>> However, I think many of the Python bindings should be blocked for the
>> initial release. So, setting an env variable to a password file path seems
>> like a good start, especially for QGIS Server.
>>
>> Note: for Server, you can also use QGIS_AUTH_DB_DIR_PATH to set the path
>> to a qgis-auth.db dir on the server.
>>
>> [0] https://github.com/qgis/QGIS/pull/2330#issuecomment-142252072
>> [1] https://github.com/qgis/QGIS/pull/2330#issuecomment-142673812
>> [2] https://github.com/qgis/QGIS/pull/

Re: [Qgis-developer] New authentication system ready

[Tim Sutton]

Hi

By the way I will use your response and snippets from this thread to create the 
visual changeling entry. Hope that is ok!

Regards

Tim
> On 26 Sep 2015, at 20:51, Larry Shaffer  wrote:
> 
> Forgot the attachment:
> http://drive.dakotacarto.com/qgis/auth-edit-authcfg-id.png 
> 
> 
> That shows editing the auth config ID in the config editing widget, which can 
> also be accessed from an auth config selector widget's Edit button. The 
> selector is what would generally be the only widget needed in plugins or 
> standalone apps for users to access and work with the auth system. You can 
> see the selector embedded in the PostGIS and OWS service connection dialogs.
> 
> Once a plugin has an auth config ID it just calls to QgsAuthManager, passing 
> the ID, to 'expand' the auth config where needed, in a QNetworkRequest object 
> for example. The auth method plugin associated with the config then manages 
> what credentials gets expanded and how, after QgsAuthManager marshals a call 
> to the plugin.
> 
> Looks like I need to get busy finishing the auth system overview Lucidchart 
> diagram I started!  :^)
> 
> Regards,
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
> 
> On Sat, Sep 26, 2015 at 12:04 PM, Larry Shaffer  > wrote:
> Hi Tim,
> 
> On Sat, Sep 26, 2015 at 2:33 AM, Tim Sutton  > wrote:
> Hi Larry
> 
> 
> Great to see this new feature make its way into QGIS. One thing I am curious 
> about is what happens when we want to publish a project in QGIS server. What 
> is the standard workflow for that or similar situations (e.g. shared project 
> stored on a network drive?
> 
> For shared project scenarios, including the network drive setup, you can edit 
> the authentication configuration ID to something that is shared across users. 
> (Thanks to Nyall for pointing out that this, and the Handle Bad Layers 
> dialog, needed solved before feature freeze. [0])
> 
> Since the authcfg ID is embedded in the project file, each user just needs to 
> make an auth config that has their specific credentials for that resource, 
> then edit the ID (upon creation or config or after) to the same ID in the 
> project file. Then, when when the resource loads, the same configuration will 
> be queried on everyone's QGIS, just with their respective credentials for the 
> authentication method used.
> 
> With the very last feature I added, for the Handle Bad Layers dialog, users 
> can Add/Edit/Remove auth configs within the dialog and have the data source 
> URI updated to match. So, in the scenario of a shared project, the user could 
> immediately add an appropriate new auth config (and see exactly what shared 
> authcfg ID should be used) upon project loading .
> 
> Also, see the discussion in the PR about other sharing scenarios, and how the 
> unimplemented Resource URL could help here  [1].
> 
> Regarding the QGIS Server launch, I think a good fix would be to add support 
> for passing the master password as an environment variable to a password 
> file, like is done with Postgres and other setups. For example, an env var 
> like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In 
> QgsAuthManager::instance()->init() the variable could be read, password 
> loaded, then the variable unset in the env. This would also make a great way 
> to allow using Desktop without having to enter your master password every 
> session.
> 
> Similarly, the master password could be in an OS's keychain or keyring and be 
> auto-input in the background on launch if that user's OS key cache is 
> unlocked. See Matthias's suggestion for that [2].
> 
> Currently, the master password auto-set can be set via Python, or by way of a 
> custom C++ plugin, on launch setups using a call to 
> QgsAuthManager::instance()->setMasterPassword( "mypassword", true ). However, 
> I think many of the Python bindings should be blocked for the initial 
> release. So, setting an env variable to a password file path seems like a 
> good start, especially for QGIS Server.
> 
> Note: for Server, you can also use QGIS_AUTH_DB_DIR_PATH to set the path to a 
> qgis-auth.db dir on the server.
> 
> [0] https://github.com/qgis/QGIS/pull/2330#issuecomment-142252072 
> 
> [1] https://github.com/qgis/QGIS/pull/2330#issuecomment-142673812 
> 
> [2] https://github.com/qgis/QGIS/pull/1838#issuecomment-70845116 
> 
> [3] 
> https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmanager.h#L105-L110
>  
> 
> 
> Regards,
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
> 
> Regards
> 
> Tim
> 
>> On 25 Sep 2015, at 14:59, Larry Shaffer > 

Re: [Qgis-developer] New authentication system ready

[Tim Sutton]

Hi

> On 26 Sep 2015, at 20:51, Larry Shaffer  wrote:
> 
> Forgot the attachment:
> http://drive.dakotacarto.com/qgis/auth-edit-authcfg-id.png 
> 
> 
> That shows editing the auth config ID in the config editing widget, which can 
> also be accessed from an auth config selector widget's Edit button. The 
> selector is what would generally be the only widget needed in plugins or 
> standalone apps for users to access and work with the auth system. You can 
> see the selector embedded in the PostGIS and OWS service connection dialogs.
> 
> Once a plugin has an auth config ID it just calls to QgsAuthManager, passing 
> the ID, to 'expand' the auth config where needed, in a QNetworkRequest object 
> for example. The auth method plugin associated with the config then manages 
> what credentials gets expanded and how, after QgsAuthManager marshals a call 
> to the plugin.
> 
> Looks like I need to get busy finishing the auth system overview Lucidchart 
> diagram I started!  :^)
> 


Thanks for this and your previous reply - wow it seems like you really have got 
all the angles covered!

Regards

Tim

> Regards,
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
> 
> On Sat, Sep 26, 2015 at 12:04 PM, Larry Shaffer  > wrote:
> Hi Tim,
> 
> On Sat, Sep 26, 2015 at 2:33 AM, Tim Sutton  > wrote:
> Hi Larry
> 
> 
> Great to see this new feature make its way into QGIS. One thing I am curious 
> about is what happens when we want to publish a project in QGIS server. What 
> is the standard workflow for that or similar situations (e.g. shared project 
> stored on a network drive?
> 
> For shared project scenarios, including the network drive setup, you can edit 
> the authentication configuration ID to something that is shared across users. 
> (Thanks to Nyall for pointing out that this, and the Handle Bad Layers 
> dialog, needed solved before feature freeze. [0])
> 
> Since the authcfg ID is embedded in the project file, each user just needs to 
> make an auth config that has their specific credentials for that resource, 
> then edit the ID (upon creation or config or after) to the same ID in the 
> project file. Then, when when the resource loads, the same configuration will 
> be queried on everyone's QGIS, just with their respective credentials for the 
> authentication method used.
> 
> With the very last feature I added, for the Handle Bad Layers dialog, users 
> can Add/Edit/Remove auth configs within the dialog and have the data source 
> URI updated to match. So, in the scenario of a shared project, the user could 
> immediately add an appropriate new auth config (and see exactly what shared 
> authcfg ID should be used) upon project loading .
> 
> Also, see the discussion in the PR about other sharing scenarios, and how the 
> unimplemented Resource URL could help here  [1].
> 
> Regarding the QGIS Server launch, I think a good fix would be to add support 
> for passing the master password as an environment variable to a password 
> file, like is done with Postgres and other setups. For example, an env var 
> like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In 
> QgsAuthManager::instance()->init() the variable could be read, password 
> loaded, then the variable unset in the env. This would also make a great way 
> to allow using Desktop without having to enter your master password every 
> session.
> 
> Similarly, the master password could be in an OS's keychain or keyring and be 
> auto-input in the background on launch if that user's OS key cache is 
> unlocked. See Matthias's suggestion for that [2].
> 
> Currently, the master password auto-set can be set via Python, or by way of a 
> custom C++ plugin, on launch setups using a call to 
> QgsAuthManager::instance()->setMasterPassword( "mypassword", true ). However, 
> I think many of the Python bindings should be blocked for the initial 
> release. So, setting an env variable to a password file path seems like a 
> good start, especially for QGIS Server.
> 
> Note: for Server, you can also use QGIS_AUTH_DB_DIR_PATH to set the path to a 
> qgis-auth.db dir on the server.
> 
> [0] https://github.com/qgis/QGIS/pull/2330#issuecomment-142252072 
> 
> [1] https://github.com/qgis/QGIS/pull/2330#issuecomment-142673812 
> 
> [2] https://github.com/qgis/QGIS/pull/1838#issuecomment-70845116 
> 
> [3] 
> https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmanager.h#L105-L110
>  
> 
> 
> Regards,
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
> 
> Regards
> 
> Tim
> 
>> On 25 Sep 2015, at 14:59, Larry Shaffer > 

Re: [Qgis-developer] New authentication system ready

[Larry Shaffer]

Forgot the attachment:
http://drive.dakotacarto.com/qgis/auth-edit-authcfg-id.png

That shows editing the auth config ID in the config editing widget, which
can also be accessed from an auth config selector widget's Edit button. The
selector is what would generally be the only widget needed in plugins or
standalone apps for users to access and work with the auth system. You can
see the selector embedded in the PostGIS and OWS service connection dialogs.

Once a plugin has an auth config ID it just calls to QgsAuthManager,
passing the ID, to 'expand' the auth config where needed, in a
QNetworkRequest object for example. The auth method plugin associated with
the config then manages what credentials gets expanded and how, after
QgsAuthManager marshals a call to the plugin.

Looks like I need to get busy finishing the auth system overview Lucidchart
diagram I started!  :^)

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota

On Sat, Sep 26, 2015 at 12:04 PM, Larry Shaffer 
wrote:

> Hi Tim,
>
> On Sat, Sep 26, 2015 at 2:33 AM, Tim Sutton  wrote:
>
>> Hi Larry
>>
>>
>> Great to see this new feature make its way into QGIS. One thing I am
>> curious about is what happens when we want to publish a project in QGIS
>> server. What is the standard workflow for that or similar situations (e.g.
>> shared project stored on a network drive?
>>
>
> For shared project scenarios, including the network drive setup, you can
> edit the authentication configuration ID to something that is shared across
> users. (Thanks to Nyall for pointing out that this, and the Handle Bad
> Layers dialog, needed solved before feature freeze. [0])
>
> Since the authcfg ID is embedded in the project file, each user just needs
> to make an auth config that has their specific credentials for that
> resource, then edit the ID (upon creation or config or after) to the same
> ID in the project file. Then, when when the resource loads, the same
> configuration will be queried on everyone's QGIS, just with their
> respective credentials for the authentication method used.
>
> With the very last feature I added, for the Handle Bad Layers dialog,
> users can Add/Edit/Remove auth configs within the dialog and have the data
> source URI updated to match. So, in the scenario of a shared project, the
> user could immediately add an appropriate new auth config (and see exactly
> what shared authcfg ID should be used) upon project loading .
>
> Also, see the discussion in the PR about other sharing scenarios, and how
> the unimplemented Resource URL could help here  [1].
>
> Regarding the QGIS Server launch, I think a good fix would be to add
> support for passing the master password as an environment variable to a
> password file, like is done with Postgres and other setups. For example, an
> env var like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In
> QgsAuthManager::instance()->init() the variable could be read, password
> loaded, then the variable unset in the env. This would also make a great
> way to allow using Desktop without having to enter your master password
> every session.
>
> Similarly, the master password could be in an OS's keychain or keyring and
> be auto-input in the background on launch if that user's OS key cache is
> unlocked. See Matthias's suggestion for that [2].
>
> Currently, the master password auto-set can be set via Python, or by way
> of a custom C++ plugin, on launch setups using a call to
> QgsAuthManager::instance()->setMasterPassword( "mypassword", true ).
> However, I think many of the Python bindings should be blocked for the
> initial release. So, setting an env variable to a password file path seems
> like a good start, especially for QGIS Server.
>
> Note: for Server, you can also use QGIS_AUTH_DB_DIR_PATH to set the path
> to a qgis-auth.db dir on the server.
>
> [0] https://github.com/qgis/QGIS/pull/2330#issuecomment-142252072
> [1] https://github.com/qgis/QGIS/pull/2330#issuecomment-142673812
> [2] https://github.com/qgis/QGIS/pull/1838#issuecomment-70845116
> [3]
> https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmanager.h#L105-L110
>
> Regards,
>
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
>
>
>> Regards
>>
>> Tim
>>
>> On 25 Sep 2015, at 14:59, Larry Shaffer  wrote:
>>
>> Hi devs,
>>
>> As you can see in the PR [0], I've fixed up some things, including adding
>> the ability to edit an authentication ID, which will help with workflows
>> where users need to share projects. I've also cleaned up the interface and
>> moved most PKI-related dialogs out of the main Options view.
>>
>> I am working on another widget that can be used for the Handle Bad Layers
>> and the Layers Properties dialogs. That should work for most issues
>> occurring when sharing projects and when users open projects with missing
>> authentication IDs. I've also added feedback in the selector widget when it
>> tries to load a config ID that is missing.
>>
>> I should have those bits do

Re: [Qgis-developer] New authentication system ready

[Larry Shaffer]

Hi Tim,

On Sat, Sep 26, 2015 at 2:33 AM, Tim Sutton  wrote:

> Hi Larry
>
>
> Great to see this new feature make its way into QGIS. One thing I am
> curious about is what happens when we want to publish a project in QGIS
> server. What is the standard workflow for that or similar situations (e.g.
> shared project stored on a network drive?
>

For shared project scenarios, including the network drive setup, you can
edit the authentication configuration ID to something that is shared across
users. (Thanks to Nyall for pointing out that this, and the Handle Bad
Layers dialog, needed solved before feature freeze. [0])

Since the authcfg ID is embedded in the project file, each user just needs
to make an auth config that has their specific credentials for that
resource, then edit the ID (upon creation or config or after) to the same
ID in the project file. Then, when when the resource loads, the same
configuration will be queried on everyone's QGIS, just with their
respective credentials for the authentication method used.

With the very last feature I added, for the Handle Bad Layers dialog, users
can Add/Edit/Remove auth configs within the dialog and have the data source
URI updated to match. So, in the scenario of a shared project, the user
could immediately add an appropriate new auth config (and see exactly what
shared authcfg ID should be used) upon project loading .

Also, see the discussion in the PR about other sharing scenarios, and how
the unimplemented Resource URL could help here  [1].

Regarding the QGIS Server launch, I think a good fix would be to add
support for passing the master password as an environment variable to a
password file, like is done with Postgres and other setups. For example, an
env var like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In
QgsAuthManager::instance()->init() the variable could be read, password
loaded, then the variable unset in the env. This would also make a great
way to allow using Desktop without having to enter your master password
every session.

Similarly, the master password could be in an OS's keychain or keyring and
be auto-input in the background on launch if that user's OS key cache is
unlocked. See Matthias's suggestion for that [2].

Currently, the master password auto-set can be set via Python, or by way of
a custom C++ plugin, on launch setups using a call to
QgsAuthManager::instance()->setMasterPassword( "mypassword", true ).
However, I think many of the Python bindings should be blocked for the
initial release. So, setting an env variable to a password file path seems
like a good start, especially for QGIS Server.

Note: for Server, you can also use QGIS_AUTH_DB_DIR_PATH to set the path to
a qgis-auth.db dir on the server.

[0] https://github.com/qgis/QGIS/pull/2330#issuecomment-142252072
[1] https://github.com/qgis/QGIS/pull/2330#issuecomment-142673812
[2] https://github.com/qgis/QGIS/pull/1838#issuecomment-70845116
[3]
https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmanager.h#L105-L110

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota


> Regards
>
> Tim
>
> On 25 Sep 2015, at 14:59, Larry Shaffer  wrote:
>
> Hi devs,
>
> As you can see in the PR [0], I've fixed up some things, including adding
> the ability to edit an authentication ID, which will help with workflows
> where users need to share projects. I've also cleaned up the interface and
> moved most PKI-related dialogs out of the main Options view.
>
> I am working on another widget that can be used for the Handle Bad Layers
> and the Layers Properties dialogs. That should work for most issues
> occurring when sharing projects and when users open projects with missing
> authentication IDs. I've also added feedback in the selector widget when it
> tries to load a config ID that is missing.
>
> I should have those bits done today, then it's mostly work on finishing
> the unit test migration to C++.
>
> **However, I would like to merge this now, since it is in a very good
> state for doing so. Does anyone have objections with me merging this?**
>
>
> [0] https://github.com/qgis/QGIS/pull/2330
>
> Regards,
>
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
>
>
> On Wed, Sep 23, 2015 at 4:38 AM, Luca Manganelli  wrote:
>
>> On Tue, Sep 22, 2015 at 10:02 PM, Régis Haubourg
>>  wrote:
>> > Wh. that's huge work Larry. Will need quite some time to inspect
>> all that
>> > and give some feedback. Any way , bravo!
>> > Régis
>>
>> +1. The documentation is a MASSIVE job. Compliments!
>> ___
>> Qgis-developer mailing list
>> Qgis-developer@lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
> —
>
>
>
>
> Tim Sutton
>
> Visit http://kartoza.com to find out about open source:
>
> * Desktop GIS progra

Re: [Qgis-developer] New authentication system ready

[Tim Sutton]

Hi Larry


Great to see this new feature make its way into QGIS. One thing I am curious 
about is what happens when we want to publish a project in QGIS server. What is 
the standard workflow for that or similar situations (e.g. shared project 
stored on a network drive?

Regards

Tim

> On 25 Sep 2015, at 14:59, Larry Shaffer  wrote:
> 
> Hi devs,
> 
> As you can see in the PR [0], I've fixed up some things, including adding the 
> ability to edit an authentication ID, which will help with workflows where 
> users need to share projects. I've also cleaned up the interface and moved 
> most PKI-related dialogs out of the main Options view.
> 
> I am working on another widget that can be used for the Handle Bad Layers and 
> the Layers Properties dialogs. That should work for most issues occurring 
> when sharing projects and when users open projects with missing 
> authentication IDs. I've also added feedback in the selector widget when it 
> tries to load a config ID that is missing.
> 
> I should have those bits done today, then it's mostly work on finishing the 
> unit test migration to C++.
> 
> **However, I would like to merge this now, since it is in a very good state 
> for doing so. Does anyone have objections with me merging this?**
> 
> 
> [0] https://github.com/qgis/QGIS/pull/2330 
> 
> 
> Regards,
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
> 
> 
> On Wed, Sep 23, 2015 at 4:38 AM, Luca Manganelli  > wrote:
> On Tue, Sep 22, 2015 at 10:02 PM, Régis Haubourg
>  > wrote:
> > Wh. that's huge work Larry. Will need quite some time to inspect all 
> > that
> > and give some feedback. Any way , bravo!
> > Régis
> 
> +1. The documentation is a MASSIVE job. Compliments!
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org 
> http://lists.osgeo.org/mailman/listinfo/qgis-developer 
> 
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer

—





Tim Sutton

Visit http://kartoza.com  to find out about open source:

* Desktop GIS programming services
* Geospatial web development
* GIS Training
* Consulting Services

Skype: timlinux Irc: timlinux on #qgis at freenode.net
Tim is a member of the QGIS Project Steering Committee

Kartoza is a merger between Linfiniti and Afrispatial



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] New authentication system ready

[Larry Shaffer]

Hi devs,

As you can see in the PR [0], I've fixed up some things, including adding
the ability to edit an authentication ID, which will help with workflows
where users need to share projects. I've also cleaned up the interface and
moved most PKI-related dialogs out of the main Options view.

I am working on another widget that can be used for the Handle Bad Layers
and the Layers Properties dialogs. That should work for most issues
occurring when sharing projects and when users open projects with missing
authentication IDs. I've also added feedback in the selector widget when it
tries to load a config ID that is missing.

I should have those bits done today, then it's mostly work on finishing the
unit test migration to C++.

**However, I would like to merge this now, since it is in a very good state
for doing so. Does anyone have objections with me merging this?**


[0] https://github.com/qgis/QGIS/pull/2330

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota


On Wed, Sep 23, 2015 at 4:38 AM, Luca Manganelli  wrote:

> On Tue, Sep 22, 2015 at 10:02 PM, Régis Haubourg
>  wrote:
> > Wh. that's huge work Larry. Will need quite some time to inspect all
> that
> > and give some feedback. Any way , bravo!
> > Régis
>
> +1. The documentation is a MASSIVE job. Compliments!
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] New authentication system ready

[Luca Manganelli]

On Tue, Sep 22, 2015 at 10:02 PM, Régis Haubourg
 wrote:
> Wh. that's huge work Larry. Will need quite some time to inspect all that
> and give some feedback. Any way , bravo!
> Régis

+1. The documentation is a MASSIVE job. Compliments!
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] New authentication system ready

[Régis Haubourg]

Wh. that's huge work Larry. Will need quite some time to inspect all that
and give some feedback. Any way , bravo!
Régis



--
View this message in context: 
http://osgeo-org.1560.x6.nabble.com/New-authentication-system-ready-tp5225486p5225514.html
Sent from the Quantum GIS - Developer mailing list archive at Nabble.com.
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-developer

[Qgis-developer] New authentication system ready

[Larry Shaffer]

Hi,

The authentication system I have been working on for about a year is now
available for testing [PR 2330, QEP 14]. Would like to get people's
opinions on whether I can push this to master for upcoming release (and
maybe a vote on the QEP). Most of the code is bolt-on extra classes or
spliced-in GUI widgets, with very little actual core integration (see
second commit of PR).

Here's what is included:

* Master-password-encrypted authentication configurations stored in an
SQLite database
* Authentication method plugin architecture (like data providers)
* Basic auth method plugin
* Basic plugin integrated with PostGIS and OWS provider connections
* Inline with current username/password setup (still fully functional)
* SSL server connection configurations (save exceptions or custom configs
for SSL connection errors)

Check out the "6. Further Improvements" section of the rendered QEP.


PKI authentication related (why I was originally tasked to build the
system):

* Import extra Certificate Authorities, intermediate cert issuers and
personal identity bundles
* Manage certificate components like in Firefox
* Authentication method plugins for PEM and PKCS#12 bundles on disk, and
for stored personal identities
* Integrated with OWS provider connections (PostGIS and other databases
will take a bit more work)

Check out the example docs on PKI for a quick introduction to the whole
authentication system.


PR #2330:
https://github.com/qgis/QGIS/pull/2330

QEP #14:
https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst
https://github.com/qgis/QGIS-Enhancement-Proposals/pull/17

PKI example docs:
https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/extras/auth-system/pkiuser.rst

Previous discussion:
http://osgeo-org.1560.x6.nabble.com/QEP-and-PR-for-new-Authentication-Configuration-System-tp5182411.html

Best regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/qgis-developer