[pylons-discuss] AuthTktAuthenticationPolicy: Behaviour of "wild_domain" option unclear.

[Torsten Irländer]

Hi,

I'm in doubt how to use the "wild_domain" option in 
AuthTktAuthenticationPolicy correct or if I found a defect. Before opening 
a ticket I want to ask here.

I'm using for AuthTktAuthenticationPolicy cookie-based authentification for 
a site hosted under "my-app.foo.example.com"

As described in the documentation[0] I receive two cookie after 
authentification on default configuration:

1. my-app.foo.example.com (host-only)
2. .my-app.foo.example.com

I expect when setting the "wild_domain" option to false only one cookie 
(the host-only) is set. But the wild_domain option seems to have no effect 
for me. I always get those two cookies.
I do not use any of the interferring option like "domain" or 
"parent_domain".

How to use the "wild_domain" option correct to only receive one host-only 
cookie?

I'm using Pyramid 1.5.2.

Some context:
However using "domain" has some effect as I only get one cookie, but this 
is the wildcard and *not* the host-only one. Which isn't my expected 
behaviour but might be another issue.

regards 
Torsten

[0] 
https://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/api/authentication.html


-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/717ee1f9-4092-4841-adab-3eb331b9e7ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[pylons-discuss] best rest framework/library for pyramid

[Chris Withers]

Hi All,

Perennial question for me: what's the best library to use for building 
REST servers with Pyramid?


Ideally looking for:

- username/password auth
- token-based auth
- introspection from sqlalchemy models

Cornice still the best? Doesn't seem to have obvious versions of any of 
the above...


cheers,

Chris

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/37cb7c54-c4cb-ad22-357a-328e85b69e63%40withers.org.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Bert JW Regeer]

You can grab it from a .ini or wherever when using the latest Pyramid with 
plaster support (write your own loader to load it from yaml files for example).


I guess it is not entirely clear, but here’s docs for the two methods: 
https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#using-pastedeploy
 


**settings is provided by your launcher, pserve will use plaster and call 
main() on your application that is registered with setup tools and provide the 
settings dictionary to do with as you please.

Bert

> On Aug 3, 2017, at 12:08, Chris Withers  wrote:
> 
> Hi All,
> 
> Once more determined to actually build something in pyramid, going to settle 
> on a REST server to feed a web front end and likely a cli tool too.
> Looking for advice on best bits to use, but in the meantime, looking at:
> 
> https://docs.pylonsproject.org/projects/pyramid_ldap/en/latest/#usage
> 
> ...I see a bunch of config in a python file, which is what I hate most about 
> Django.
> 
> I would expect to see AuthTktAuthenticationPolicy's secret and ldap queries 
> and password all coming from a config file.
> What's the pattern for this with Pyramid? Also curious what the best way is 
> to structure an app beyond a trivial one-file-r like that ;-)
> In my head, I'm surprised to see the configurator growing ldap_* methods (I 
> guess added by the config.include('pyramid_ldap')?)
> 
> My ageing memory has something in it about .ini format files, but I know 
> there was some talk of making the config file format pluggable, how did that 
> pan out?
> 
> Excitedly yours,
> 
> Chris
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-discuss+unsubscr...@googlegroups.com.
> To post to this group, send email to pylons-discuss@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/pylons-discuss/fd1d91f4-8e6b-cf46-232d-4b9e05f0ac9f%40withers.org.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/A70D0947-EE8B-4254-869F-5B123509C1F4%400x58.com.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] AuthTktAuthenticationPolicy: Behaviour of "wild_domain" option unclear.

[Bert JW Regeer]

We shouldn’t be sending two cookies anymore since browsers treat both 
.my-app.foo.example.com and my-app.foo.example.com the same, so we could save 
some request bandwidth, but that is another ticket for later.

In other words, wild_domain being set to True or False makes no difference 
anymore.

https://tools.ietf.org/html/rfc6265#section-5.2.3

>  If the first character of the attribute-value string is %x2E (".”):
> Let cookie-domain be the attribute-value without the leading %x2E
> (".") character.

and:

https://tools.ietf.org/html/rfc6265#section-5.1.3

That being said, it should only be setting one cookie if wild_domain is False.

Bert

> On Aug 3, 2017, at 02:09, Torsten Irländer  wrote:
> 
> Hi,
> 
> I'm in doubt how to use the "wild_domain" option in 
> AuthTktAuthenticationPolicy correct or if I found a defect. Before opening a 
> ticket I want to ask here.
> 
> I'm using for AuthTktAuthenticationPolicy cookie-based authentification for a 
> site hosted under "my-app.foo.example.com"
> 
> As described in the documentation[0] I receive two cookie after 
> authentification on default configuration:
> 
> 1. my-app.foo.example.com (host-only)
> 2. .my-app.foo.example.com
> 
> I expect when setting the "wild_domain" option to false only one cookie (the 
> host-only) is set. But the wild_domain option seems to have no effect for me. 
> I always get those two cookies.
> I do not use any of the interferring option like "domain" or "parent_domain".
> 
> How to use the "wild_domain" option correct to only receive one host-only 
> cookie?
> 
> I'm using Pyramid 1.5.2.
> 
> Some context:
> However using "domain" has some effect as I only get one cookie, but this is 
> the wildcard and *not* the host-only one. Which isn't my expected behaviour 
> but might be another issue.
> 
> regards 
> Torsten
> 
> [0] 
> https://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/api/authentication.html
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-discuss+unsubscr...@googlegroups.com.
> To post to this group, send email to pylons-discuss@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/pylons-discuss/717ee1f9-4092-4841-adab-3eb331b9e7ed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/C791-58FB-41E4-B108-81A8A9F6A637%400x58.com.
For more options, visit https://groups.google.com/d/optout.

[pylons-discuss] config in config files?

[Chris Withers]

Hi All,

Once more determined to actually build something in pyramid, going to 
settle on a REST server to feed a web front end and likely a cli tool too.

Looking for advice on best bits to use, but in the meantime, looking at:

https://docs.pylonsproject.org/projects/pyramid_ldap/en/latest/#usage

...I see a bunch of config in a python file, which is what I hate most 
about Django.


I would expect to see AuthTktAuthenticationPolicy's secret and ldap 
queries and password all coming from a config file.
What's the pattern for this with Pyramid? Also curious what the best way 
is to structure an app beyond a trivial one-file-r like that ;-)
In my head, I'm surprised to see the configurator growing ldap_* methods 
(I guess added by the config.include('pyramid_ldap')?)


My ageing memory has something in it about .ini format files, but I know 
there was some talk of making the config file format pluggable, how did 
that pan out?


Excitedly yours,

Chris


--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/fd1d91f4-8e6b-cf46-232d-4b9e05f0ac9f%40withers.org.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Chris Withers]

Hey Steve,

Hope it's all going well too :-)

On 03/08/2017 20:27, Steve Piercy wrote:

On 8/3/17 at 8:12 PM, ch...@withers.org (Chris Withers) pronounced:


What's plaster?


https://docs.pylonsproject.org/projects/plaster/en/latest/


Cool, more out of curiosity than anything: how came montague had to be 
re-implemented as plaster rather than just being polished up to 1.0?


cheers,

Chris

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/e339c944-7a62-d6cc-bf86-0a707cb68a15%40withers.org.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Chris Withers]

On 03/08/2017 19:12, Bert JW Regeer wrote:

You can grab it from a .ini or wherever when using the latest Pyramid
with plaster support (write your own loader to load it from yaml files
for example).

I guess it is not entirely clear, but here’s docs for the two
methods: 
https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#using-pastedeploy

**settings is provided by your launcher, pserve will use plaster and
call main() on your application that is registered with setup tools and
provide the settings dictionary to do with as you please.


With Steve's pointer to plaster, this sounds great, but how do I tell 
pserve to use plaster?


cheers,

Chris

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/7f3fcdb8-655c-33bc-c516-b1a38488ea8d%40withers.org.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Chris Withers]

On 03/08/2017 22:04, Chris Withers wrote:

On 03/08/2017 19:12, Bert JW Regeer wrote:

You can grab it from a .ini or wherever when using the latest Pyramid
with plaster support (write your own loader to load it from yaml files
for example).

I guess it is not entirely clear, but here’s docs for the two
methods:
https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#using-pastedeploy


**settings is provided by your launcher, pserve will use plaster and
call main() on your application that is registered with setup tools and
provide the settings dictionary to do with as you please.


With Steve's pointer to plaster, this sounds great, but how do I tell
pserve to use plaster?


Sorry, also forgot to ask: I can see how the config.include(...) call 
can be triggered from settings, but how would I do the same for the 
ldap* methods?


cheers,

Chris

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/117c5e87-7148-0d1f-f781-2dcff35a86a6%40withers.org.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Chris Withers]

Hi Bert,

Long time no speak, hope you're well!

On 03/08/2017 19:12, Bert JW Regeer wrote:

You can grab it from a .ini or wherever


"or wherever" preferable ;-)


when using the latest Pyramid
with plaster support (write your own loader to load it from yaml files
for example).


What's plaster?



I guess it is not entirely clear, but here’s docs for the two
methods: 
https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#using-pastedeploy

**settings is provided by your launcher, pserve will use plaster and
call main() on your application that is registered with setup tools and
provide the settings dictionary to do with as you please.


Hoping plaster is something cool, not a typo...

cheers,

Chris


On Aug 3, 2017, at 12:08, Chris Withers > wrote:

Hi All,

Once more determined to actually build something in pyramid, going to
settle on a REST server to feed a web front end and likely a cli tool too.
Looking for advice on best bits to use, but in the meantime, looking at:

https://docs.pylonsproject.org/projects/pyramid_ldap/en/latest/#usage

...I see a bunch of config in a python file, which is what I hate most
about Django.

I would expect to see AuthTktAuthenticationPolicy's secret and ldap
queries and password all coming from a config file.
What's the pattern for this with Pyramid? Also curious what the best
way is to structure an app beyond a trivial one-file-r like that ;-)
In my head, I'm surprised to see the configurator growing ldap_*
methods (I guess added by the config.include('pyramid_ldap')?)

My ageing memory has something in it about .ini format files, but I
know there was some talk of making the config file format pluggable,
how did that pan out?

Excitedly yours,

Chris


--
You received this message because you are subscribed to the Google
Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/pylons-discuss/fd1d91f4-8e6b-cf46-232d-4b9e05f0ac9f%40withers.org.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google
Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to pylons-discuss+unsubscr...@googlegroups.com
.
To post to this group, send email to pylons-discuss@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/pylons-discuss/A70D0947-EE8B-4254-869F-5B123509C1F4%400x58.com
.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/f64259b8-323e-4aec-db45-dd448683b6ee%40withers.org.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Steve Piercy]

On 8/3/17 at 8:12 PM, ch...@withers.org (Chris Withers) pronounced:


What's plaster?


https://docs.pylonsproject.org/projects/plaster/en/latest/

--steve


Steve Piercy, Soquel, CA

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/r473Ps-10126i-942AA119C1544537A5F7B8254AC172B4%40Steves-iMac.local.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Michael Merickel]

pserve and all pyramid tools use plaster under the hood as of 1.9.

plaster was a significant enough redesign from montague that it felt like
it warranted being a new library.

- Michael

On Thu, Aug 3, 2017 at 4:06 PM, Chris Withers  wrote:

> Hey Steve,
>
> Hope it's all going well too :-)
>
> On 03/08/2017 20:27, Steve Piercy wrote:
>
>> On 8/3/17 at 8:12 PM, ch...@withers.org (Chris Withers) pronounced:
>>
>> What's plaster?
>>>
>>
>> https://docs.pylonsproject.org/projects/plaster/en/latest/
>>
>
> Cool, more out of curiosity than anything: how came montague had to be
> re-implemented as plaster rather than just being polished up to 1.0?
>
> cheers,
>
> Chris
>
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pylons-discuss+unsubscr...@googlegroups.com.
> To post to this group, send email to pylons-discuss@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/pylons-discuss/e339c944-7a62-d6cc-bf86-0a707cb68a15%40withers.org.
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwFXRJ42qBpOGZDrCm3JsEUgM882kiFbC9p11aNEVFicjw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-discuss] config in config files?

[Bert JW Regeer]

> On Aug 3, 2017, at 15:07, Chris Withers  > wrote:
> 
> 
> 
> On 03/08/2017 22:04, Chris Withers wrote:
>> On 03/08/2017 19:12, Bert JW Regeer wrote:
>>> You can grab it from a .ini or wherever when using the latest Pyramid
>>> with plaster support (write your own loader to load it from yaml files
>>> for example).
>>> 
>>> I guess it is not entirely clear, but here’s docs for the two
>>> methods:
>>> https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#using-pastedeploy
>>>  
>>> 
>>> 
>>> 
>>> **settings is provided by your launcher, pserve will use plaster and
>>> call main() on your application that is registered with setup tools and
>>> provide the settings dictionary to do with as you please.
>> 
>> With Steve's pointer to plaster, this sounds great, but how do I tell
>> pserve to use plaster?
> 
> Sorry, also forgot to ask: I can see how the config.include(...) call can be 
> triggered from settings, but how would I do the same for the ldap* methods?


You’d have to write some custom code to automatically make those calls, but you 
can use the settings dictionary to pull out the values you need.

> 
> cheers,
> 
> Chris
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-discuss+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to pylons-discuss@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/pylons-discuss/117c5e87-7148-0d1f-f781-2dcff35a86a6%40withers.org
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/825F6BC4-EC65-47F3-8BCC-A290C6F0821D%400x58.com.
For more options, visit https://groups.google.com/d/optout.