[Zope-dev] zope.password SSHAPasswordManager cannot handle unicode?

2010-05-25 Thread Jan-Wijbrand Kolman
Hi, When I define a principal in my site.zcml and have it use the SSHAPasswordManager, I cannot login as a TypeError: character mapping must return integer, None or unicode is raised in the checkPassword() methid. It took me quite a while to figure out what was going on... The site.zcml

Re: [Zope-dev] zope.password

2009-09-23 Thread Wichert Akkerman
On 2009-9-22 18:59, Daniel Holth wrote: At least on Python 2.6, SSHAPasswordManager().checkPassword(hash, password) fails if hash is unicode, which it always is if stored in some databases. SSHAPasswordManager should encode the hash to utf-8 before trying to un-base64. Isn't that a bug in

Re: [Zope-dev] zope.password

2009-09-23 Thread Daniel Holth
sqlite for example will always return strings as unicode strings, or it will always return strings as byte strings. It doesn't know how to return the username colum as one kind of string and the hash column as another kind of string. I think this is really a bug in the urlsafe base64 module. This

Re: [Zope-dev] zope.password

2009-09-23 Thread Wichert Akkerman
On 2009-9-23 13:29, Daniel Holth wrote: sqlite for example will always return strings as unicode strings, or it will always return strings as byte strings. It doesn't know how to return the username colum as one kind of string and the hash column as another kind of string. SQLite is an

Re: [Zope-dev] zope.password

2009-09-23 Thread Daniel Holth
You are right, it is an accident that unicode can be encoded to base64. It just annoys me that the Python 2.6 error for this is TypeError: character mapping must return integer, None or unicode. In that case, how would you feel about updating PlainTextPasswordManager instead? It is not like the

[Zope-dev] zope.password

2009-09-22 Thread Daniel Holth
At least on Python 2.6, SSHAPasswordManager().checkPassword(hash, password) fails if hash is unicode, which it always is if stored in some databases. SSHAPasswordManager should encode the hash to utf-8 before trying to un-base64. zope.password is conspicuously missing a DelegatingPasswordManager

Re: [Zope-dev] zope.password

2009-03-19 Thread Christian Theune
On Wed, 2009-03-18 at 13:07 -0600, Shane Hathaway wrote: Christian Theune wrote: I remember that at the sprint we used to identify packages which are always good. E.g. zope.interface is a declared no-brainer to add to your dependencies. The other two that keep popping up that we *might*

Re: [Zope-dev] zope.password

2009-03-18 Thread Christian Theune
On Wed, 2009-03-11 at 17:27 +0100, Martijn Faassen wrote: Hi there, Stephan Richter wrote: [snip] In my opinion going for an extra here just to avoid this is speculating a bit too much right now. Do we really have users that want to use zope.password and really don't want zope.component

Re: [Zope-dev] zope.password

2009-03-18 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Theune wrote: On Wed, 2009-03-11 at 17:27 +0100, Martijn Faassen wrote: Hi there, Stephan Richter wrote: [snip] In my opinion going for an extra here just to avoid this is speculating a bit too much right now. Do we really have users

Re: [Zope-dev] zope.password

2009-03-18 Thread Shane Hathaway
Christian Theune wrote: I remember that at the sprint we used to identify packages which are always good. E.g. zope.interface is a declared no-brainer to add to your dependencies. The other two that keep popping up that we *might* wanna white-list are zope.schema and zope.component. To

Re: [Zope-dev] zope.password

2009-03-11 Thread Martijn Faassen
Hanno Schlichting wrote: Dan Korostelev wrote: This was done to avoid dependency on zope.schema. However, I also find it very useful to have that vocabulary in zope.password. I think we can add it to the vocabulary submodule without adding dependency on zope.schema at egg level, because one

Re: [Zope-dev] zope.password

2009-03-11 Thread Martijn Faassen
Hey, If it's more convenient to have the vocabulary available in zope.password, by all means add it there. Regards, Martijn ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML

Re: [Zope-dev] zope.password

2009-03-11 Thread Martijn Faassen
Hi there, Okay, having read the whole thread, there seem to be two forces pulling on zope.password: * it'd be nice if zope.password had the vocabulary so that you didn't have to include zope.app.authentication anymore just to get it. * it'd be nice if zope.password didn't need any extra

Re: [Zope-dev] zope.password

2009-03-11 Thread Stephan Richter
On Wednesday 11 March 2009, Martijn Faassen wrote: I think the latter is the least important right now, especially since zope.component and zope.schema are already very foundational libraries. So just add the vocabulary to zope.password if that is the only new dependencies it will pull in as a

Re: [Zope-dev] zope.password

2009-03-11 Thread Martijn Faassen
Dan Korostelev wrote: [snip] Well, as I said before, I wanted to use zope.password in my old Pylons application that only uses zope.interface currently. I don't expect it to be developed in more zope-ish way (though I don't expect it to be developed much in near future :)), so I'd like to

Re: [Zope-dev] zope.password

2009-03-11 Thread Martijn Faassen
Hi there, Stephan Richter wrote: [snip] In my opinion going for an extra here just to avoid this is speculating a bit too much right now. Do we really have users that want to use zope.password and really don't want zope.component and zope.schema? If so, we'll hear from them when they speak up

Re: [Zope-dev] zope.password

2009-03-11 Thread Tres Seaver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martijn Faassen wrote: Hi there, Stephan Richter wrote: [snip] In my opinion going for an extra here just to avoid this is speculating a bit too much right now. Do we really have users that want to use zope.password and really don't want

Re: [Zope-dev] zope.password

2009-03-10 Thread Dan Korostelev
2009/3/10 Roger Ineichen d...@projekt01.ch: Hi steering group and Dan During update z3c.authenticator and replace the password with the new zope.apssword implementation, I saw that the vocabulary Passsword Manager Names is not available in the zope.password package. I think the password

Re: [Zope-dev] zope.password

2009-03-10 Thread Hanno Schlichting
Dan Korostelev wrote: This was done to avoid dependency on zope.schema. However, I also find it very useful to have that vocabulary in zope.password. I think we can add it to the vocabulary submodule without adding dependency on zope.schema at egg level, because one who wants to use the

Re: [Zope-dev] zope.password

2009-03-10 Thread Dan Korostelev
2009/3/10 Hanno Schlichting hanno...@hannosch.eu: Dan Korostelev wrote: This was done to avoid dependency on zope.schema. However, I also find it very useful to have that vocabulary in zope.password. I think we can add it to the vocabulary submodule without adding dependency on zope.schema at

Re: [Zope-dev] zope.password

2009-03-10 Thread Hanno Schlichting
Dan Korostelev wrote: 2009/3/10 Hanno Schlichting hanno...@hannosch.eu: Either you have a dependency and declare it or you don't have a dependency. Since we don't want to use extras anymore, I think this calls for another package which depends on zope.password and zope.schema. I still don't

Re: [Zope-dev] zope.password

2009-03-10 Thread Roger Ineichen
Hi Steering group, Hanno, Dan Betreff: Re: [Zope-dev] zope.password Dan Korostelev wrote: 2009/3/10 Hanno Schlichting hanno...@hannosch.eu: Either you have a dependency and declare it or you don't have a dependency. Since we don't want to use extras anymore, I think this calls

Re: [Zope-dev] zope.password

2009-03-10 Thread Dan Korostelev
2009/3/10 Roger Ineichen d...@projekt01.ch: Hi Steering group, Hanno, Dan Betreff: Re: [Zope-dev] zope.password Dan Korostelev wrote: 2009/3/10 Hanno Schlichting hanno...@hannosch.eu: Either you have a dependency and declare it or you don't have a dependency. Since we don't want to use

Re: [Zope-dev] zope.password

2009-03-10 Thread Stephan Richter
On Tuesday 10 March 2009, Dan Korostelev wrote: Either you have a dependency and declare it or you don't have a dependency. Since we don't want to use extras anymore, I think this calls for another package which depends on zope.password and zope.schema. I still don't like/get the idea of

Re: [Zope-dev] zope.password

2009-03-10 Thread Roger Ineichen
Hi Stephan Betreff: Re: [Zope-dev] zope.password On Tuesday 10 March 2009, Dan Korostelev wrote: Either you have a dependency and declare it or you don't have a dependency. Since we don't want to use extras anymore, I think this calls for another package which depends

Re: [Zope-dev] zope.password

2009-03-10 Thread Roger Ineichen
Hi Dan Betreff: Re: [Zope-dev] zope.password 2009/3/10 Roger Ineichen d...@projekt01.ch: Hi Steering group, Hanno, Dan Betreff: Re: [Zope-dev] zope.password Dan Korostelev wrote: 2009/3/10 Hanno Schlichting hanno...@hannosch.eu: Either you have a dependency and declare

[Zope-dev] zope.password

2009-03-09 Thread Roger Ineichen
Hi steering group and Dan During update z3c.authenticator and replace the password with the new zope.apssword implementation, I saw that the vocabulary Passsword Manager Names is not available in the zope.password package. I think the password package should also provide this vocabulary. Or at