ace but extending it (which is the pattern's intent).
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
-BEGIN PGP SIGNATURE-
rder at the
> cookie crumbler approach?
Nope. If you are going to drink the PAS koolaid, you might as well go
all the way. ;)
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "
t; TypeError: iteration over non-sequence
>
> Anyone sees the same problem?
Nope. I did fix an unrelated glitch in the testcase just now, but the
head doesn't show that error (it *does* spew a bunch of "The following
test left garbage:" warnings.
Note that I am not usi
ser, I think we *should* tell the test framework to handle errors,
which converts the Unauthorized traceback to an HTTP 401.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excelle
exception of the GRUF-migration code (I think).
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using
don't know of any in particular. The collector:
http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/
has a relatively small set of open bugs; we could work on driving that
down as part of a 1.2 release process.
Tres.
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sidnei da Silva wrote:
> On Sat, Nov 05, 2005 at 03:00:28PM -0500, Tres Seaver wrote:
> | I hope to get the "standard" plugins exportable / importable shortly, so
> | that you will be able to "snapshot" your PAS configu
echanisms" are supposed to kick in even if all the
plugins are hosed up (using the DumbHTTPExtractor and the
EmergencyUserAuthenticator; are you saying that you can get the site
into a state where the emergency user cannot repair it?
Tres.
- --
=
envision populating those registries via ZCML?
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Versio
Given that 2.7 is now almost two
releases back, keeping BBB code around for its benefit on the trunk of
PAS seems questionable (the "BBB" there is actually for 2.8-ish Zopes).
If you want to work out a patch which would keep it compatible with
2.7, we could incorporate it, but it is n
o try: enable VerboseSecurity ('verbose-security on' in your
zope.conf file), and retry -- it may give you more information about the
specific reason for the Unauthorized exception.
Tres.
- --
===
Tres Seaver +1
#x27;zopeadmin'; this assumes that your user source (a ZODBUserManager?)
uses the prefix, 'auth'. If you show 'user/getId', is it 'auth_zopeadmin'?
Tres.
- --
===
Tres Seaver +1 202-558-7113
extractCredentials stuff will then need to pick off whatever values
are needed from the URL passed from server.com, and somehow arrange to
persist them (e.g., in the session) for future requests.
Tres.
- --
===
Tres Seaver
this to be the default behavior but you
> should be able to override it.
Group -> role bindings *are* likely to be the domain of the user folder,
whether LDAP-based or not.
Tres.
- --
===
Tres Seaver +1 202-558-7113
n( info ) == 0:
> title = '<%s: not found>' % k
> else:
> title = info[0].get( 'title', k )
> result.append( ( k, title ) )
>
> return result
Tres.
- --
=
ue. Asserts happen outside of debug mode unless
> you've compiled somehow to .pyo's.
Running in production without -O? Surely nobody would do *that*, would
they? But you are right, this is not the same as turning off Zope's
debug-mode.
Tres.
- --
=====
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>We aren't "enforcing" anything: the plugin can't fulfill its own
>>contract (in this case, to return a list of (id, title) tuples) if the
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>Within a single PAS, it is an error to have two principals with the same
>>ID; otherwise you will end up granting permissions inappropriately. If
>>you have plug
an LDAP store) might not allow it.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using
plugin (which is what PAU does, actually, I think). I don't see
that making PAS a hyper-generic intermediary is a win for this problem.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladi
ort yet for configuring the
list of interfaces.
We could probably cut a 1.2 beta from the trunk right away. We might
also need to look at:
http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/
Tres.
- --
=======
Tres
uth'
CookieCrumbler (which is what is "stealing" your Unauthorized). That
should allow your plugins to handle the process correctly.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECT
uth' plugin to your PAS, but *name* it
'credentials_cookie_auth' (having moved the real one aside), do the
skins work? You will of course need to register the plugin in the
appropriate places, and unregister the cookie one.
Tres.
- --
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>My understanding of PlonePAS was that is was a "canned setup" for a PAS
>>instance. I didn't realize that it provided additional skins as well,
>>a
, then please submit it along with your problem report to the
PAS collector:
http://www.zope.org/Collectors/PAS/
(Actually, please submit the issue even if the patch doesn't work).
Tres.
--
===
Tres Seaver +1 202-558-71
SVN/CMF-2_0-branch/GenericSetup]
$ cat DEPENDENCIES.txt
Zope >= 2.8.5
Five >= 1.2
Note that it works fine to install tne newer Five version into
$INSTANCE_HOME/Products (and I would recommend Five 1.2 for all Zope
2.8.x users).
Tres.
- --
===
ns which are valid for those
protocols, allowing them to issue a challenge by modifying the
response. The protocol of the first plugin to issue a challenge
becomse the only protocol allowed for the remainder of processing.
Tres.
- --
her login name). After that, other
plugins might add groups, roles, or properties to the 'PropertiedUser'.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excelle
or
else by visiting the 'plugins' object and setting up its registry
entries for each interface.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by D
the
> script just hangs, so I am a little unsure what is happening.
Look at how the CookieAuthPlugin works (in fact, you might just use it).
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Florent Guillaume wrote:
> On 3 Aug 2006, at 23:27, Tres Seaver wrote:
>> Modified:
>> PluggableAuthService/branches/tseaver-pluggable_allowed/Pr
the issue in any case.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2
AP user to add additional groups. (I don't recall at present how
those LDAP groups are exposed on the user).
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by D
wrap another plugin, providing caching. It might be
possible to make it generic (like the ScriptablePlugin is).
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design&quo
ethods, etc., as well as a RAMCacheManager. You
could implement 'authenticateCredentials' to call an ExternalMethod, for
instance, and then cache the result. You still need to find a way to
deal with the edge case where the service is unavailable: for instance,
you might need to use a
llectors/PAS
- The PAS mailing list, 'zope-pas@zope.org', is where the developers
and users of PAS hang out.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excel
lled for all
> products and the output of that is used to do things like fill
> Products.meta_types. Since I forgot to add a five:registerPackage in my
> configure.zcml that was never called, hence the problem.
Cool, glad that works for you.
Tres.
- --
=
def exportPAS(context):
> """Export any PAS plugins with configurations."""
> uf = getToolByName(context.getSite(), 'acl_users')
> IFilesystemExporter(uf).export(context, 'PAS', True)
I don't understand the need for this handler, or why
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross Patterson wrote:
> Tres Seaver <[EMAIL PROTECTED]> writes:
>
>> Thanks! Can you please add to the PAS collector so we don't lose the patch:
>>
>> http://www.zope.org/Collectors/PAS
>
> Will do.
&
ggableAuthService/branches/1.4/doc/CHANGES.txt
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: Gnu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross Patterson wrote:
> Tres Seaver <[EMAIL PROTECTED]> writes:
>
>> Ross Patterson wrote:
>>> Tres Seaver <[EMAIL PROTECTED]> writes:
>>>
>>>> Thanks! Can you please add to the PAS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alec Mitchell wrote:
> On 12/19/06, Tres Seaver <[EMAIL PROTECTED]> wrote:
>> In general, you should prefer a 1.4.1 (to get bugfixes only). That
>> makes the PAS release cycle less coupled to your needs, as well.
>
> T
://svn.zope.org/PluggableAuthService/
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.
sful).
>
> Can you suggest me how to go about this problem?
I've CC'ed Rocky Burt, who is the maintainer of the SQLPASPlugin. I'm
afraid I don't know anything about how to configure that plugin.
Tres.
- --
people believe the
> semantics of (b) are a better default than (a)?
At the PAS level, we could add a new plugin interface, something like
'IIsUserValid', which would be called just after the roles plugins, and
which would block returning any user at all if "required" properti
of your
problem.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment
eneral at the root of the Zope database: the
complexity caused by nesting user folders outweighs any benefit I've
ever identified.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software &qu
in the root.
>> The problem seems to be that the PAS object that
>> exists in the context of the page request made is the only one asked for
>> information about the roles/credentials of the user making the request,
>> and so we are running into trouble.
>
>> Is i
ugin would be
doing something expensive in the case of a cache miss.
> Does anyone have a simple example for this task?
I don't know if it is simple, but the LDAPMultiPlugins product is
certainly one which uses caching in the way you are investigating:
http://www.dataflake.org/softwar
roles between the
> Security tab and /acl_users/roles or is it not possible?
I would just avoid the role plugin altogether.
> Am still searching the WEB and archives in the meantime.
The better list for this would be [EMAIL PROTECTED] (CC'ed), which
deals with PAS specifics.
Tres
e registration for IAuthenticateCredentials. That
list looks like the one for IExtractCredentials (the cookie plugin can't
actually authenticate, it only retrieves credentials from the request).
Tres.
- --
===
Tres Seaver +1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
robert rottermann wrote:
> Tres Seaver wrote:
>> robert rottermann wrote:
>>>> Hi there,
>>>>
>>>> I would like to use Session Auth Helper to authenticate a user after he
>>>> has logged into a
er
than stomping the root user folder, IMNSHO: really, that's an "iced tea
spoon" problem.
Patient: Doctor, when I drink iced tea, I get a cold stabbing
pain in my eye!
Doctor: Take out the spoon first. That'll be $200, please.
Tres.
- --
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sidnei da Silva wrote:
> On 4/19/07, Tres Seaver <[EMAIL PROTECTED]> wrote:
>> I doubt you would take my patch, which would just rip the whole thing out.
>>
>> The tradeoff (that users from the root acl_users get a "wei
in a form
digestible as basic auth.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG
Information
- Mailing list: http://lists.zope.org/mailman/listinfo/zope-pas/
- Collector: http://www.zope.org/Collectors/PAS/
- Subversion repository: http://svn.zope.org/PluggableAuthService/
- --
=======
Tres Seaver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tres Seaver wrote:
I have also released PluginRegistry 1.1.2, with the following fixes:
- Drop previously-activated plugins from the list returned from
listPlugins when they no longer implement the plugin interface.
(http://www.zope.org
llow yours.
> I can control which plugins fire by activating/deactivating the
> IUserAdder interface and changing the order of the plugins from within
> PAS, so the "only one plugin can create" restriction is already a bit
> redundant.
Event notification is best used when yo
release.
>
> Any other opinions out there?
+1 for a near-term 1.5 release, including the event-based changes.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Fulton wrote:
> On Sep 25, 2007, at 3:40 AM, Philipp von Weitershausen wrote:
>
>> Charlie Clark wrote:
>>> Am 25.09.2007 um 02:05 schrieb Tres Seaver:
>>>> I'd like to break the remaining CMF pack
because it processes dependencies incrementally,
rather than solving the "transitive closure" of the graph before
attempting to install anything.
> I agree it might be better if the index made dependency data
>> available.
Not exposing the dependency information in the index
s
> interface?
Yes, we would. You might look at the way the "extraction" plugin
interfaces work for a model: the ones which know about login /
password, etc., are specializations of the more general
IExtractionPlugin, which has a looser contract.
Tres.
- --
=====
entials() method
> they revert back by the time the REQUEST is finished.
Your plugin isn't even being *called* in t normal request.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion
e, as well.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla
don't use layers for
anything which is a pure "unit test," but can see the point for
"function" or "integration" tests.
Are there a specific set of tests you have in mind which have
significant setup / teardown costs?
Tres.
- --
====
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross Patterson wrote:
> Tres Seaver <[EMAIL PROTECTED]> writes:
>
>> Ross Patterson wrote:
>>
>>> I'd love to convert PAS's tests to layers for test setUp and tearDown.
>>> Any objections?
>>
#x27;sdist' version).
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GN
help!!
Try disabling the 'login_page' property of the cookie auth plugin, so
that a "normal" HTTP basic auth prompt happens. Then, enable
'verbose-security' (and 'security-policy-implementation python') in
zope.conf, and unmask Unauthorized in the error_lo
ng?
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>> I've just pushed PAS 1.5.3 to www.zope.org and the cheeseshop. Would
>> the folks who depend on automated downloads from either of those sites
>> please check th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Tres Seaver wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Wichert Akkerman wrote:
>>> Previously Tres Seaver wrote:
>>>> I've just pushed PAS 1.5.3 to w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Sidnei da Silva wrote:
>> On Fri, Feb 15, 2008 at 11:26 AM, Tres Seaver <[EMAIL PROTECTED]> wrote:
>>> The source dist is trivially convertible to an egg (easy_install does
>>> t
LOG.error('searchPrincipals() returned more than one result '
> + 'id=%s' % k)
> +assert len(info) <= 1
> if len( info ) == 0:
> title = '<%s: not found>'
ementing IUpdatePlugin
should not know about them, unless they are also actively registered for
ICredentialsUpdatePlugin.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Des
ter views directly for those plugins.
PlonePAS does some of theneeded UI work in a Plone context. I find
PlonePAS a bit frustrating to work with, however: some of its own
plugins have incomplete or missing GenericSetup support, and I strongly
question the fact that setup code replaces the parent user folder
(bre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tarek Ziadé wrote:
> On Thu, May 8, 2008 at 7:52 PM, Tres Seaver <[EMAIL PROTECTED]> wrote:
>> [cut]
>>
>> I don't think we know enough yet to do a good job of writing a similar
>> framework for *managing* users
was never really tested on 2.6: it was developed during
the same time that 2.7 was released.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"ht
utter in my brain.
Could you post a brief summary of the solution you found for the archives?
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"ht
need to have plugins registered which implement IUserEnumeration and
IGroupEnumeration for your site. Probably you are going to need to
share the set of valid users with that external program, though.
Tres.
- --
===
Tres Seaver
Did you activate the "ZODB user manager" plugin?
Tres.
- --
=======
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP
ugins it would search, which would remove
the requirement to splice the code directly into the PAS framework code.
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellenc
self.body = body
>
> @@ -100,8 +95,6 @@
> 'remote_host': '', 'remote_address': '' } )
>
> def test_challenge( self ):
> -from zExceptions import Unauthorized
> -
> helper = self._ma
1.4.
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/15/2012 08:27 PM, Matthew Wilkes wrote:
>
>
> Tres Seaver wrote:
>> +> class=".utils.CSRFToken" + permission="zope.Public" + />
>> +
>
> Is there any reason for making the user
, and Windows:
http://docs.python.org/2/library/os.html#os.urandom
Note that I lifted the implementation directly from Pyramid's default
session implementation.
Tres.
- --
===
Tres Seaver +1 540-429-0999
ntract: it is in
implemenataion detail of ZODBUserManager. A SQL-based user manager
plugin might use auto-generated primary keys as user IDs, for instance.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 tsea...@pallad
ne thing that would increase my confidence before releasing: can you
(or somebody else) confirm that the Plone trunk works with your branch?
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion
On 02/19/2013 10:43 AM, Maurits van Rees wrote:
> Op 22-01-13 11:40, Maurits van Rees schreef:
>> Op 21-01-13 20:49, Maurits van Rees schreef:
>>> Op 21-01-13 18:27, Tres Seaver schreef:
>>>> Thanks for your effort here: the branch looks good to me.
>>>>
88 matches
Mail list logo