Re: AW: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user]
I have made many changes to the first version of this proposal and submitted a new version to the wiki. http://wiki.zope.org/zope3/SessionCredentialsAPIEnhancements I have checked in an example implementation to the Zope SVN repository. The code is at: svn://svn.zope.org/repos/main/Sandbox/kevingill2/zope.app.authentication Of via browser: http://svn.zope.org/Sandbox/kevingill2/zope.app.authentication/ I would appreciate any feedback on either the proposal or the implementation. Thanks Kevin ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
AW: AW: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user]
Hi Kevin > Betreff: Re: AW: [Zope-dev] Re: [Zope3-Users] How do I > automatically login a user] > > I have completed a first draft of an implementation of a > proposal for for changes to the SessionCredentials Access > code (zope.app.authentication). > > http://wiki.zope.org/zope3/SessionCredentialsAPIEnhancements Thanks a lot for pick up that work. Looks very promising. One imporant part whould be to prevent write access on each request. But you noticed that already on your wiki page. Regards Roger Ineichen ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: AW: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user]
I have completed a first draft of an implementation of a proposal for for changes to the SessionCredentials Access code (zope.app.authentication). http://wiki.zope.org/zope3/SessionCredentialsAPIEnhancements I want to put them somewhere so that they can be discussed. I think that a svn.zope.org/Sandbox is the appropriate place. Can I get committer access to the subversion repository to make changes to this area? [According to the faq, I ask for commiter access on this list]. Alternatively, is there another location where proposed changes to the core are generally posted. Thanks Kevin > On Apr 9, 2008, at 5:07 AM, kevin gill wrote: >> 1. IP Extraction >> >> Extract the IP Address from the credentials and store it. Return the >> IP Address in the dictionary from extractCredentials(). >> >> The value from request._environ['HTTP_X_FORWARDED_FOR'] will be used >> if present. otherwise request._environ['REMOTE_ADDR']. > > > On a basis of "privacy" of attributes starting with underscore, such > as _environ, I would suggest using request.headers (for X-Forwarded- > For) and request.environment instead. These are defined in the public > interface API. > > -- > Zvezdan Petkovic <[EMAIL PROTECTED]> > > ___ > Zope-Dev maillist - Zope-Dev@zope.org > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) > > -- > ** Email Scanned by Elive's Virus Scanning Service - > http://www.elive.net ** > > > > > ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: AW: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user
On Apr 9, 2008, at 5:07 AM, kevin gill wrote: 1. IP Extraction Extract the IP Address from the credentials and store it. Return the IP Address in the dictionary from extractCredentials(). The value from request._environ['HTTP_X_FORWARDED_FOR'] will be used if present. otherwise request._environ['REMOTE_ADDR']. On a basis of "privacy" of attributes starting with underscore, such as _environ, I would suggest using request.headers (for X-Forwarded- For) and request.environment instead. These are defined in the public interface API. -- Zvezdan Petkovic <[EMAIL PROTECTED]> ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: AW: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user
If values are not provided in the dictionary, the request is searched """ def setCredentials(overrides, mode=REQUEST_ONLY): """Store the credentials for the current session. Do not login the current transaction (interaction)""" 5. Tracking of Logged in Users The credentials data, stored for the session shall have two new values stored to support tracking of this information: o extractTime o accessTime The extractTime shall be the time that the credentials were actually extracted. The accessTime shall be the last time that the credentials were recovered. For performance reasons, the accessTime updates may be disabled. It shall have a granularity of 60 seconds so that the session data is not updated unnecessarily frequently. 5a. Report of logged in users A new adapter shall be written which can trawl the session records in the session store and locate records for logged in users. The adapter shall return a list of all logged in users, (login, extractTime and accessTime). A UI change will provide a simple view on logged in users. 5b. Idle time out If the access time is being tracked, the SessionCredential plugin can easily implement an idle timeout. This effectively does a server side logout of users who have not accessed the system for a configured interval. There would be a UL change to enable Idle timeout. > Ha David > >> Betreff: Re: [Zope-dev] Re: [Zope3-Users] How do I >> automatically login a user >> >> Thanks Jim for doing this. Actually, the domain is something >> I have been looking for also. These other features are really >> nice. I am hoping this >> can be worked into something like z3c.authentication for >> generic use. >> Hoping roger is following this. > > Yes, yes, just found no time to pickup this. But it's on the > top of my 1000 things to do list ;-) > > Note: > I started to make progress with z3c.authenticator. > This will become a replacement for z3c.authentication.simple > Does anybody think we will need a migration script? > > > Regards > Roger Ineichen > _ > END OF MESSAGE > >> Regards, >> David >> >> Jim Fulton wrote: >> > >> > Let's move this discussion to zope-dev. >> > >> > On Apr 2, 2008, at 5:36 AM, kevin gill wrote: >> >> Please check in the code to the sandbox and I will have a >> look at it. >> >> The coding looks straight-forward, but choosing how to >> work it into >> >> the existing components. >> >> >> >> I will look at the code and come back with questions. >> > >> > >> > I just checked 2 files, session.txt and session.py, into >> > >> > http://svn.zope.org/Sandbox/J1m/ >> > >> > These provide several features, most of which are of particular >> > interest >> > here: >> > >> > - An api to save session credentials independent of login, >> > >> > - saving sha-encoded passwords, >> > >> > - logout api >> > >> > - having an optional additional credential of a user domain, >> > (probably not of general interest) >> > >> > Jim >> > >> > -- >> > Jim Fulton >> > Zope Corporation >> > >> > >> > ___ >> > Zope-Dev maillist - Zope-Dev@zope.org >> > http://mail.zope.org/mailman/listinfo/zope-dev >> > ** No cross posts or HTML encoding! ** (Related lists >> > -http://mail.zope.org/mailman/listinfo/zope-announce >> > http://mail.zope.org/mailman/listinfo/zope ) >> > >> ___ >> Zope3-users mailing list >> [EMAIL PROTECTED] >> http://mail.zope.org/mailman/listinfo/zope3-users >> > > ___ > Zope3-users mailing list > [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope3-users > > -- > ** Email Scanned by Elive's Virus Scanning Service - > http://www.elive.net ** > > > > > ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
AW: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user
Ha David > Betreff: Re: [Zope-dev] Re: [Zope3-Users] How do I > automatically login a user > > Thanks Jim for doing this. Actually, the domain is something > I have been looking for also. These other features are really > nice. I am hoping this > can be worked into something like z3c.authentication for > generic use. > Hoping roger is following this. Yes, yes, just found no time to pickup this. But it's on the top of my 1000 things to do list ;-) Note: I started to make progress with z3c.authenticator. This will become a replacement for z3c.authentication.simple Does anybody think we will need a migration script? Regards Roger Ineichen _ END OF MESSAGE > Regards, > David > > Jim Fulton wrote: > > > > Let's move this discussion to zope-dev. > > > > On Apr 2, 2008, at 5:36 AM, kevin gill wrote: > >> Please check in the code to the sandbox and I will have a > look at it. > >> The coding looks straight-forward, but choosing how to > work it into > >> the existing components. > >> > >> I will look at the code and come back with questions. > > > > > > I just checked 2 files, session.txt and session.py, into > > > > http://svn.zope.org/Sandbox/J1m/ > > > > These provide several features, most of which are of particular > > interest > > here: > > > > - An api to save session credentials independent of login, > > > > - saving sha-encoded passwords, > > > > - logout api > > > > - having an optional additional credential of a user domain, > > (probably not of general interest) > > > > Jim > > > > -- > > Jim Fulton > > Zope Corporation > > > > > > ___ > > Zope-Dev maillist - Zope-Dev@zope.org > > http://mail.zope.org/mailman/listinfo/zope-dev > > ** No cross posts or HTML encoding! ** (Related lists > > -http://mail.zope.org/mailman/listinfo/zope-announce > > http://mail.zope.org/mailman/listinfo/zope ) > > > ___ > Zope3-users mailing list > [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope3-users > ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope3-Users] How do I automatically login a user
Thanks Jim for doing this. Actually, the domain is something I have been looking for also. These other features are really nice. I am hoping this can be worked into something like z3c.authentication for generic use. Hoping roger is following this. Regards, David Jim Fulton wrote: Let's move this discussion to zope-dev. On Apr 2, 2008, at 5:36 AM, kevin gill wrote: Please check in the code to the sandbox and I will have a look at it. The coding looks straight-forward, but choosing how to work it into the existing components. I will look at the code and come back with questions. I just checked 2 files, session.txt and session.py, into http://svn.zope.org/Sandbox/J1m/ These provide several features, most of which are of particular interest here: - An api to save session credentials independent of login, - saving sha-encoded passwords, - logout api - having an optional additional credential of a user domain, (probably not of general interest) Jim -- Jim Fulton Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists -http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope3-Users] How do I automatically login a user
Let's move this discussion to zope-dev. On Apr 2, 2008, at 5:36 AM, kevin gill wrote: Please check in the code to the sandbox and I will have a look at it. The coding looks straight-forward, but choosing how to work it into the existing components. I will look at the code and come back with questions. I just checked 2 files, session.txt and session.py, into http://svn.zope.org/Sandbox/J1m/ These provide several features, most of which are of particular interest here: - An api to save session credentials independent of login, - saving sha-encoded passwords, - logout api - having an optional additional credential of a user domain, (probably not of general interest) Jim -- Jim Fulton Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
