Thanks so much William! No I am not talking about the worksheets but the notebook. What confused me was that a UserDatabase looked like the place were all the users were being stored. I saw user.py but that doesn't have a container class. There is clearly some redundancy between UserRecord and User.
What you seem to be saying is that rather than put my effort into user_db.py, I should be reworking users.py. What would be nice is to have a single containter class that holds the user information. I sort of started in this direction by making UserDatabase subclass dict. The password, rather than actually being a string or hash is its own class. That subclasses the new-style "object" class. The thing is we can override the __eq__ method. This means that when you check if two password objects are equal you can use what ever authentication method the system is configured to use. This pushes all the complication for authentication away from the notebook (which probably shouldn't have it) and into classes for managing user information. A first draft (messy prototype): class UserRecord(object): def __init__(self, username, passwd=None, email=None): self.username = username self.passwd = LDAP_Password(username,passwd) self.email = email class LDAP_Password(object): def __init__(self, username,passwd): self.uid = username if passwd: valid = authenticate_uid(base,server_ip,server_port,self.uid,passwd) if valid: #cache password self.passwd=passwd else: self.passwd=None else: self.passwd=None def __eq__(self,passwd): # Allows checking against either a string # or another LDAP_Password # object. if type(self)==type(passwd): pw=passwd.passwd else: pw = passwd #Password never checked if self.passwd == None: valid = authenticate_uid(base,server_ip,server_port,self.uid,pw) if valid: self.passwd=pw return str(self.passwd).__eq__(pw) def __repr__(self): # Really insecure return str(self.passwd) One thing I am not happy about is that I am implicitly using this as a caching method. If the plain text password is authenticated then I store it and use it to check instead of the ldap. More properly the caching mechanism should be at least hashing and probably pushed into authenticate_uid. -michael On Jul 18, 8:23 am, "William Stein" <[EMAIL PROTECTED]> wrote: > On Fri, Jul 18, 2008 at 2:17 AM, Michael_D_G <[EMAIL PROTECTED]> wrote: > > > I am in the processes of implementing ldap authentication as well... > > although it is not going so smoothly. > > I was trying to override the classes in user_db.py with some custom > > classes. > > Fine. That seems ok. The UserDatabase > > is used throughout twist.py which seemed to be the server software. > > avatars.py and guard.py > > rely heavily on this. Unfortunately there seems to be a somewhat > > independed db of users in > > notebook. This is really 'twisting' my head around. I have code using > > python-ldap for doing > > the queries (happy to share though it is not pretty) but the user > > Why is it not pretty? > > > management is very hard to follow. > > Is there some cruft here? > > Of course. > > > Do notebooks keep their own subsets of users > > for the purposes of limited collaborations? > > By "notebooks" do you mean "worksheets"? > If so, then yes each worksheet has a list of users that > are allowed to collaborate on that worksheet. It's > just a plain text list of usernames. > > Each complete notebook has a list of users. This is > completely independent of twisted, avatar.py, guard.py, > etc. except that those files will query this list to decide > whether login credentials are valid. > > Here is an example of using the users() method to get a list > of them: > > EXAMPLES: > sage: n = sage.server.notebook.notebook.Notebook(tmp_dir()) > sage: n.create_default_users('password') > Creating default users. > sage: list(sorted(n.users().iteritems())) > [('_sage_', _sage_), ('admin', admin), ('guest', guest), > ('pub', pub)] > sage: n.delete() > > The list of users for a notebook is a very very simple data > structure. A user is just an instance of the class User that > is defined in user.py. The list of users (the attribute > __users of the notebook instance) is just pickled as part > of the notebook object. That's all there is to > users in the Sage notebook. > > -- William --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---