On Fri, Jul 18, 2008 at 2:17 PM, Michael_D_G <[EMAIL PROTECTED]> wrote: > > Thanks so much William! > > No I am not talking about the worksheets but the notebook. > What confused me was that a UserDatabase looked like > the place were all the users were being stored. I saw user.py > but that doesn't have a container class. There is clearly some > redundancy between UserRecord and User. > > What you seem to be saying is that rather than > put my effort into user_db.py, I should be reworking users.py. > > What would be nice is to have a single containter class that > holds the user information. I sort of started in this direction > by making UserDatabase subclass dict. The password, > rather than actually being a string or hash is its own > class. That subclasses the new-style "object" class. > > The thing is we can override the __eq__ method. This > means that when you check if two password objects > are equal you can use what ever authentication > method the system is configured to use. This > pushes all the complication for authentication > away from the notebook (which probably > shouldn't have it) and into classes for > managing user information. > > > A first draft (messy prototype): > > class UserRecord(object): > def __init__(self, username, passwd=None, email=None): > self.username = username > self.passwd = LDAP_Password(username,passwd) > self.email = email > > class LDAP_Password(object): > def __init__(self, username,passwd): > self.uid = username > if passwd: > valid = > authenticate_uid(base,server_ip,server_port,self.uid,passwd) > if valid: > #cache password > self.passwd=passwd > else: > self.passwd=None > else: > self.passwd=None > def __eq__(self,passwd): > # Allows checking against either a string > # or another LDAP_Password > # object. > if type(self)==type(passwd): > pw=passwd.passwd > else: > pw = passwd > #Password never checked > if self.passwd == None: > valid = > authenticate_uid(base,server_ip,server_port,self.uid,pw) > if valid: > self.passwd=pw > return str(self.passwd).__eq__(pw) > def __repr__(self): > # Really insecure > return str(self.passwd) > > One thing I am not happy about is that I am implicitly using this as a > caching method. If > the plain text password is authenticated then I store it and use it to > check instead > of the ldap. More properly the caching mechanism should be at least > hashing and > probably pushed into authenticate_uid. >
Hi, I don't like the really insecure storing of the plain text password at all; that's of course terrible since it will get pickled to disk probably. But I like the design strategy you suggest above, especially overloading __eq__ and improving user.py. I very very very strongly encourage you to create one single tiny patch that does something right in this direction and submit it to be reviewed and included in Sage. It will help you get a sense of how the Sage workflow goes without biting off more than you can easily chew. -- William --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
