On 2011-01-12 09:10:20 -0800, Branko Vukelić said:
One very good point: never use auth libraries that doesn't come with
extensive test coverate. Some have recommended to me repoze.who
(authentication) and repose.what (authorisation). Repoze comes with a
good reputation of being well-documented and well-tested code base, so
I think it's a better choice.
The TurboGears guys also thought repoze.{who,what} would be a good
idea. They later determined this to be one of the worst decisions for
TurboGears 2.1 and mention regretting that decision on both the mailing
list and IRC.
Customizing repoze.{who,what} is... difficult at best. The modular
encapsulation and assumed data structures make things complicated:
Simple is better than complex.
Complex is better than complicated.
I, of course, have my own authn/authz system. It's part of WebCore (my
own web framework), but can be easily factored out:
https://github.com/GothAlice/WebCore/tree/master/web/auth
web.auth makes no assumptions about the structure of your code, your
data model, or your authorization requirements. It uses callbacks to
request an account from your data model, and on each request, re-load
the user information from the session.
https://github.com/GothAlice/WebCore/blob/master/web/auth/__init__.py
The only included predicates are for authenticated/anonymous, and it
includes predicate factories for you to define your own authorization:
https://github.com/GothAlice/WebCore/blob/master/web/auth/predicates.py
It's MIT licensed, so WebPy can freely yoink a copy of it and adapt it
to the WebPy internals. In fact, I encourage this! (Though working
together to factor it out of WebCore and make it a generic solution for
all would be nice, too. ;)
Documentation is available:
http://packages.python.org/WebCore/core/intermediate/authentication.html
- Alice.
--
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/webpy?hl=en.
