Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-10 Thread Simon Hanna
On 04/10/2016 11:06 PM, Terri Oda wrote:
> On 2016-04-06 4:29 PM, Barry Warsaw wrote:
>> On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
>>
>>> Short version: it supports both external (social) and internal
>>> (django) auth
>>> systems and offers options to combine/switch between them . Allauth
>>> provides
>>> Signals that I used to verify the addresses in Mailman.
>>
>> I think we have to decide how and where addresses will be verified. 
>> Are they
>> going to be via confirmations emailed by core or via Postorius?
>>
>> I think the core has to support emailed confirmation messages because
>> Postorius is technically an optional component.  So if a site were to
>> build
>> their own REST front-end, they'd at least want to allow the core to
>> handle
>> email verifications without having to build that into their front-end.
> 
> I'd prefer core to do it, so that it's consistent regardless of
> front-end and there isn't duplicated work in every single web component
> for Mailman, which is one of the reasons I haven't reviewed any of the
> proposed Postorius code to do this.  (The other big one being that I
> need to do some research on auth libraries, because past experience has
> told me that I rarely agree with Simon. ;)  )
>From time to time I search for such projects, and I currently prefer
allauth. That doesn't mean that I know it's the best solution, it's just
the best one (in my eyes) I currently know of.

Postorius is currently confirming emails on it's own.
And Hyperkitty doesn't at all (the registration process doesn't attempt
to confirm emails).
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-10 Thread Barry Warsaw
On Apr 07, 2016, at 02:46 AM, Simon Hanna wrote:

>I don't mind the core being able to handle verfications. But I'm pretty sure
>everyone that offers a web interface for managing mailman will want the
>ability to confirm emails using http links.

Absolutely.  This is the focus of my "templates" branch.

In MM2 we had the advantage that the web ui and the core were tightly
integrated, but because they're separated in MM3, the core can't assume
anything about the web front-end.  At a high level, it will be possible to
define a custom template for all confirmation messages, and those templates
can be filled with whatever clickable confirmation link makes sense for
whatever web ui is in place.  I imagine that for a typical Postorius-fronted
installation, we'll have some standard templates and a simple config file that
will provide a minimal effort click-through-Postorius functionality.

>I don't see a reason why we should implement that in mailman, if it can
>easily be added in the front-end.

Right, the core will *not* provide such a clickable confirmation link.

>Doing this has one downside in my opinion. Storing the same addresses in
>several places (which isn't bad perse, as a matter of fact microservices
>encourage duplicating data and synchronizing it) would need
>synchronization. Ideally mailman would offer signals for various events that
>front-ends can hook in to. They would probably be similar to the hyperkitty
>archiver plugin I guess.

Yes.  While orthogonal to the templates work, the core has a fairly rich
ability to link internal events to external notifications.  We simply need to
define the API for calling back into Postorius (or whatever web front-end
needs notification), and then we can dispatch internal events to that API.
E.g. a webhook or similar.

Alternatively, Postorius can make queries of the core's REST API at whatever
decision point makes sense.

>Sorry but I have to disagree with that. Postorius _has_ to be able to send
>out mails.  In case any server errors occur, django tries to send out emails
>to administrators defined in the settings.

That's different though.  What I mean is that any list traffic, including to
list members, owners, and moderators, should only be sent by the core.  It's
different if a Django error occurs and it wants to send an email notification
to the Django administrator (although do also think about the Mailman site
owners).

>There is one more issue that needs to be discussed which is relevant to all
>templates: Translation.  Django has builtin methods to translate and through
>the browser's preferred language can choose one.  The core would require
>associating a language with each user in the settings.

We already do that.  Members, users, and addresses have preferences, and those
preferences have a preferred language.  When sending notifications, the core
will use the preferred language of the appropriate preference.  The core will
use gettext based translations, but when using a template, we have a mechanism
for looking up a template in a particular language.  If one is available,
we'll use that, if not we always fall back to the site language (which is
usually English) or the system language (i.e. shipped templates, always
English).

Whatever translation service we end up using should support translating both
gettext and templates, but ultimately it's up to the site administrator and
system administrators of whatever front-end is used, to provide the
appropriate translated templates.

>From a usability point of view I would like Postorius to be able to set all
>templates and not just link to files in mailman. There are a couple of
>businesses that manage thousands of lists and I guess they would appreciate
>it if list owners could do this without direct access to the mailman server.

The template system I'm working on does not require file system access to the
Mailman server machine.  It will work on any URL (my intention is to use
requests for the underlying fetch machinery, with a mailman: extension for
file system access for those sites that do want to use that).  The templates
don't even need to reside in Postorius.

Cheers,
-Barry
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-10 Thread Terri Oda

On 2016-04-06 4:29 PM, Barry Warsaw wrote:

On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:


Short version: it supports both external (social) and internal (django) auth
systems and offers options to combine/switch between them . Allauth provides
Signals that I used to verify the addresses in Mailman.


I think we have to decide how and where addresses will be verified.  Are they
going to be via confirmations emailed by core or via Postorius?

I think the core has to support emailed confirmation messages because
Postorius is technically an optional component.  So if a site were to build
their own REST front-end, they'd at least want to allow the core to handle
email verifications without having to build that into their front-end.


I'd prefer core to do it, so that it's consistent regardless of 
front-end and there isn't duplicated work in every single web component 
for Mailman, which is one of the reasons I haven't reviewed any of the 
proposed Postorius code to do this.  (The other big one being that I 
need to do some research on auth libraries, because past experience has 
told me that I rarely agree with Simon. ;)  )


 Terri

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-06 Thread Simon Hanna
On 04/07/2016 01:29 AM, Barry Warsaw wrote:
> On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
> 
>> Short version: it supports both external (social) and internal (django) auth
>> systems and offers options to combine/switch between them . Allauth provides
>> Signals that I used to verify the addresses in Mailman.
> 
> I think we have to decide how and where addresses will be verified.  Are they
> going to be via confirmations emailed by core or via Postorius?
> 
> I think the core has to support emailed confirmation messages because
> Postorius is technically an optional component.  So if a site were to build
> their own REST front-end, they'd at least want to allow the core to handle
> email verifications without having to build that into their front-end.
I don't mind the core being able to handle verfications. But I'm pretty sure 
everyone that offers a
web interface for managing mailman will want the ability to confirm emails 
using http links. I don't
see a reason why we should implement that in mailman, if it can easily be added 
in the front-end.
Doing this has one downside in my opinion. Storing the same addresses in 
several places (which isn't
bad perse, as a matter of fact microservices encourage duplicating data and 
synchronizing it)
would need synchronization. Ideally mailman would offer signals for various 
events that front-ends
can hook in to. They would probably be similar to the hyperkitty archiver 
plugin I guess.

Another thing I believe in is blocking access until an account is confirmed, 
which really shouldn't
depend on mailman. While postorius might be a project that should always have 
an active connection
to the core, and archive doesn't necessarily need it.
> 
> That doesn't necessarily prevent Postorius from doing it, and when used with
> Persona, we see how nicely that can work.  It's also of course possible that
> any 3rd party front-end will have its own way of verifying email addresses.
> 
> The other thing to think about is that the core already must know how to talk
> to the outgoing MTA, to provide proper reputation services, signing, etc.  I
> don't know that we want to make site admins have to configure that in two
> places, and we almost certainly don't want Postorius to send out emails
> directly.
Sorry but I have to disagree with that. Postorius _has_ to be able to send out 
mails.
In case any server errors occur, django tries to send out emails to 
administrators defined in the
settings. I strongly recommend setting this up for a production system.
The mta should take care of the rest (dkim signatures, ...). If you are 
referring to gpg signing and
encryption, there are django apps for that. A quick search revealed
https://github.com/stephenmcd/django-email-extras
I haven't tried it, but I don't think it would be that hard to integrate if the 
core supports them.

There is one more issue that needs to be discussed which is relevant to all 
templates: Translation.
Django has builtin methods to translate and through the browser's preferred 
language can choose one.
The core would require associating a language with each user in the settings.

>From a usability point of view I would like Postorius to be able to set all 
>templates and not just
link to files in mailman. There are a couple of businesses that manage 
thousands of lists and I
guess they would appreciate it if list owners could do this without direct 
access to the mailman server.
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-06 Thread Barry Warsaw
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:

>Short version: it supports both external (social) and internal (django) auth
>systems and offers options to combine/switch between them . Allauth provides
>Signals that I used to verify the addresses in Mailman.

I think we have to decide how and where addresses will be verified.  Are they
going to be via confirmations emailed by core or via Postorius?

I think the core has to support emailed confirmation messages because
Postorius is technically an optional component.  So if a site were to build
their own REST front-end, they'd at least want to allow the core to handle
email verifications without having to build that into their front-end.

That doesn't necessarily prevent Postorius from doing it, and when used with
Persona, we see how nicely that can work.  It's also of course possible that
any 3rd party front-end will have its own way of verifying email addresses.

The other thing to think about is that the core already must know how to talk
to the outgoing MTA, to provide proper reputation services, signing, etc.  I
don't know that we want to make site admins have to configure that in two
places, and we almost certainly don't want Postorius to send out emails
directly.

Cheers,
-Barry
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-06 Thread Simon Hanna
>In that case, how should this address be validated? Should Postorius
>consider that the login system always validates addresses and set them
>as
>verified in Mailman? Should it ask mailman to verify the email
>addresses
>when it encounters a user's un-verified address? This does not seem
>possible in REST at the moment (unless I missed it), and should be
>protected against multiple checks.
>
>Ideas?
I started a thread about this a couple of months back. I was asking about what 
authentication system to switch to, since persona is being dropped. I found a 
couple of solutions and have my personal favorite: django-allauth

I have a merge request pending that adds basic functionality for it in 
postorius. I think that it's better than python-social-auth that hyperkitty is 
currently using. 
Short version: it supports both external (social) and internal (django) auth 
systems and offers options to combine/switch between them . Allauth provides 
Signals that I used to verify the addresses in Mailman. 

The link to my merge request:
https://gitlab.com/mailman/postorius/merge_requests/130

The link to my previous post:

https://mail.python.org/pipermail/mailman-developers/2016-January/025338.html


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


Re: [Mailman-Developers] Postorius and verified email addresses

2016-04-06 Thread Barry Warsaw
On Apr 06, 2016, at 06:08 PM, Aurelien Bompard wrote:

>In that case, how should this address be validated? Should Postorius
>consider that the login system always validates addresses and set them as
>verified in Mailman? Should it ask mailman to verify the email addresses
>when it encounters a user's un-verified address? This does not seem
>possible in REST at the moment (unless I missed it), and should be
>protected against multiple checks.

This is why POST on members (i.e. create a subscription) has a pre_verified
flag, which defaults to False.  The core already has a subscription workflow
to send the address a confirmation email if the subscribing address is not
already verified, and pre_verified is False.

(It will send a similar confirmation email if pre_confirmed is False and the
mailing list is set to confirm or confirm_then_moderate.)

By default, confirmation can only effectively happen by email reply, but the
intent is that you could modify the confirm.txt template[1] to include the
appropriate link back into Postorius which would effect the same verification
step as a mail-back.  This link would POST to /addresses//verify
to verify the user's email address.

Thinking about it the terms you describe above, I guess there's another
workflow that isn't directly covered.  When Postorius creates the user, an
address is also created and linked to the user, but it cannot be set as the
preferred address until it's verified.  I can see where you might want to send
the verification email at some point before a subscription event, so that the
linked address gets verified and thus could be set as their preferred
address.  If that's a use case you think we need, do file a bug.  I don't
think it would be too difficult to implement.

Cheers,
-Barry

[1] Or w.r.t. GL issue #112, set a 'confirm.txt' template URL.
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9


[Mailman-Developers] Postorius and verified email addresses

2016-04-06 Thread Aurelien Bompard
Hey people,

Mailman has the notion of "verified" email addresses. When a user is
created / registered in Postorius, a Mailman user can be created. It's off
by default but it seems like a logical thing to do.
This user will be created when the client visits the user profile or
preferences pages anyway, because it needs it in Mailman at that point.

However, the address that the user is created with is not verified. It's a
good thing because Django, by itself, does not verify email addresses. The
social auth providers that we use do validate them, but not Django, and
when internal auth is involved then it's only Django.

In that case, how should this address be validated? Should Postorius
consider that the login system always validates addresses and set them as
verified in Mailman? Should it ask mailman to verify the email addresses
when it encounters a user's un-verified address? This does not seem
possible in REST at the moment (unless I missed it), and should be
protected against multiple checks.

Ideas?

Aurélien
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9