Thanks so much William!
No I am not talking about the worksheets but the notebook.
What confused me was that a UserDatabase looked like
the place were all the users were being stored. I saw user.py
but that doesn't have a container class. There is clearly some
redundancy between UserRecord and User.
What you seem to be saying is that rather than
put my effort into user_db.py, I should be reworking users.py.
What would be nice is to have a single containter class that
holds the user information. I sort of started in this direction
by making UserDatabase subclass dict. The password,
rather than actually being a string or hash is its own
class. That subclasses the new-style "object" class.
The thing is we can override the __eq__ method. This
means that when you check if two password objects
are equal you can use what ever authentication
method the system is configured to use. This
pushes all the complication for authentication
away from the notebook (which probably
shouldn't have it) and into classes for
managing user information.
A first draft (messy prototype):
class UserRecord(object):
def __init__(self, username, passwd=None, email=None):
self.username = username
self.passwd = LDAP_Password(username,passwd)
self.email = email
class LDAP_Password(object):
def __init__(self, username,passwd):
self.uid = username
if passwd:
valid =
authenticate_uid(base,server_ip,server_port,self.uid,passwd)
if valid:
#cache password
self.passwd=passwd
else:
self.passwd=None
else:
self.passwd=None
def __eq__(self,passwd):
# Allows checking against either a string
# or another LDAP_Password
# object.
if type(self)==type(passwd):
pw=passwd.passwd
else:
pw = passwd
#Password never checked
if self.passwd == None:
valid =
authenticate_uid(base,server_ip,server_port,self.uid,pw)
if valid:
self.passwd=pw
return str(self.passwd).__eq__(pw)
def __repr__(self):
# Really insecure
return str(self.passwd)
One thing I am not happy about is that I am implicitly using this as a
caching method. If
the plain text password is authenticated then I store it and use it to
check instead
of the ldap. More properly the caching mechanism should be at least
hashing and
probably pushed into authenticate_uid.
-michael
On Jul 18, 8:23 am, "William Stein" <[EMAIL PROTECTED]> wrote:
> On Fri, Jul 18, 2008 at 2:17 AM, Michael_D_G <[EMAIL PROTECTED]> wrote:
>
> > I am in the processes of implementing ldap authentication as well...
> > although it is not going so smoothly.
> > I was trying to override the classes in user_db.py with some custom
> > classes.
> > Fine. That seems ok. The UserDatabase
> > is used throughout twist.py which seemed to be the server software.
> > avatars.py and guard.py
> > rely heavily on this. Unfortunately there seems to be a somewhat
> > independed db of users in
> > notebook. This is really 'twisting' my head around. I have code using
> > python-ldap for doing
> > the queries (happy to share though it is not pretty) but the user
>
> Why is it not pretty?
>
> > management is very hard to follow.
> > Is there some cruft here?
>
> Of course.
>
> > Do notebooks keep their own subsets of users
> > for the purposes of limited collaborations?
>
> By "notebooks" do you mean "worksheets"?
> If so, then yes each worksheet has a list of users that
> are allowed to collaborate on that worksheet. It's
> just a plain text list of usernames.
>
> Each complete notebook has a list of users. This is
> completely independent of twisted, avatar.py, guard.py,
> etc. except that those files will query this list to decide
> whether login credentials are valid.
>
> Here is an example of using the users() method to get a list
> of them:
>
> EXAMPLES:
> sage: n = sage.server.notebook.notebook.Notebook(tmp_dir())
> sage: n.create_default_users('password')
> Creating default users.
> sage: list(sorted(n.users().iteritems()))
> [('_sage_', _sage_), ('admin', admin), ('guest', guest),
> ('pub', pub)]
> sage: n.delete()
>
> The list of users for a notebook is a very very simple data
> structure. A user is just an instance of the class User that
> is defined in user.py. The list of users (the attribute
> __users of the notebook instance) is just pickled as part
> of the notebook object. That's all there is to
> users in the Sage notebook.
>
> -- William
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://www.sagemath.org
-~----------~----~----~----~------~----~------~--~---
