Re: [Mailman-Developers] Postorius and verified email addresses
On 04/10/2016 11:06 PM, Terri Oda wrote: > On 2016-04-06 4:29 PM, Barry Warsaw wrote: >> On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote: >> >>> Short version: it supports both external (social) and internal >>> (django) auth >>> systems and offers options to combine/switch between them . Allauth >>> provides >>> Signals that I used to verify the addresses in Mailman. >> >> I think we have to decide how and where addresses will be verified. >> Are they >> going to be via confirmations emailed by core or via Postorius? >> >> I think the core has to support emailed confirmation messages because >> Postorius is technically an optional component. So if a site were to >> build >> their own REST front-end, they'd at least want to allow the core to >> handle >> email verifications without having to build that into their front-end. > > I'd prefer core to do it, so that it's consistent regardless of > front-end and there isn't duplicated work in every single web component > for Mailman, which is one of the reasons I haven't reviewed any of the > proposed Postorius code to do this. (The other big one being that I > need to do some research on auth libraries, because past experience has > told me that I rarely agree with Simon. ;) ) >From time to time I search for such projects, and I currently prefer allauth. That doesn't mean that I know it's the best solution, it's just the best one (in my eyes) I currently know of. Postorius is currently confirming emails on it's own. And Hyperkitty doesn't at all (the registration process doesn't attempt to confirm emails). ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Postorius and verified email addresses
On Apr 07, 2016, at 02:46 AM, Simon Hanna wrote: >I don't mind the core being able to handle verfications. But I'm pretty sure >everyone that offers a web interface for managing mailman will want the >ability to confirm emails using http links. Absolutely. This is the focus of my "templates" branch. In MM2 we had the advantage that the web ui and the core were tightly integrated, but because they're separated in MM3, the core can't assume anything about the web front-end. At a high level, it will be possible to define a custom template for all confirmation messages, and those templates can be filled with whatever clickable confirmation link makes sense for whatever web ui is in place. I imagine that for a typical Postorius-fronted installation, we'll have some standard templates and a simple config file that will provide a minimal effort click-through-Postorius functionality. >I don't see a reason why we should implement that in mailman, if it can >easily be added in the front-end. Right, the core will *not* provide such a clickable confirmation link. >Doing this has one downside in my opinion. Storing the same addresses in >several places (which isn't bad perse, as a matter of fact microservices >encourage duplicating data and synchronizing it) would need >synchronization. Ideally mailman would offer signals for various events that >front-ends can hook in to. They would probably be similar to the hyperkitty >archiver plugin I guess. Yes. While orthogonal to the templates work, the core has a fairly rich ability to link internal events to external notifications. We simply need to define the API for calling back into Postorius (or whatever web front-end needs notification), and then we can dispatch internal events to that API. E.g. a webhook or similar. Alternatively, Postorius can make queries of the core's REST API at whatever decision point makes sense. >Sorry but I have to disagree with that. Postorius _has_ to be able to send >out mails. In case any server errors occur, django tries to send out emails >to administrators defined in the settings. That's different though. What I mean is that any list traffic, including to list members, owners, and moderators, should only be sent by the core. It's different if a Django error occurs and it wants to send an email notification to the Django administrator (although do also think about the Mailman site owners). >There is one more issue that needs to be discussed which is relevant to all >templates: Translation. Django has builtin methods to translate and through >the browser's preferred language can choose one. The core would require >associating a language with each user in the settings. We already do that. Members, users, and addresses have preferences, and those preferences have a preferred language. When sending notifications, the core will use the preferred language of the appropriate preference. The core will use gettext based translations, but when using a template, we have a mechanism for looking up a template in a particular language. If one is available, we'll use that, if not we always fall back to the site language (which is usually English) or the system language (i.e. shipped templates, always English). Whatever translation service we end up using should support translating both gettext and templates, but ultimately it's up to the site administrator and system administrators of whatever front-end is used, to provide the appropriate translated templates. >From a usability point of view I would like Postorius to be able to set all >templates and not just link to files in mailman. There are a couple of >businesses that manage thousands of lists and I guess they would appreciate >it if list owners could do this without direct access to the mailman server. The template system I'm working on does not require file system access to the Mailman server machine. It will work on any URL (my intention is to use requests for the underlying fetch machinery, with a mailman: extension for file system access for those sites that do want to use that). The templates don't even need to reside in Postorius. Cheers, -Barry ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Postorius and verified email addresses
On 2016-04-06 4:29 PM, Barry Warsaw wrote: On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote: Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman. I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius? I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end. I'd prefer core to do it, so that it's consistent regardless of front-end and there isn't duplicated work in every single web component for Mailman, which is one of the reasons I haven't reviewed any of the proposed Postorius code to do this. (The other big one being that I need to do some research on auth libraries, because past experience has told me that I rarely agree with Simon. ;) ) Terri ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Postorius and verified email addresses
On 04/07/2016 01:29 AM, Barry Warsaw wrote: > On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote: > >> Short version: it supports both external (social) and internal (django) auth >> systems and offers options to combine/switch between them . Allauth provides >> Signals that I used to verify the addresses in Mailman. > > I think we have to decide how and where addresses will be verified. Are they > going to be via confirmations emailed by core or via Postorius? > > I think the core has to support emailed confirmation messages because > Postorius is technically an optional component. So if a site were to build > their own REST front-end, they'd at least want to allow the core to handle > email verifications without having to build that into their front-end. I don't mind the core being able to handle verfications. But I'm pretty sure everyone that offers a web interface for managing mailman will want the ability to confirm emails using http links. I don't see a reason why we should implement that in mailman, if it can easily be added in the front-end. Doing this has one downside in my opinion. Storing the same addresses in several places (which isn't bad perse, as a matter of fact microservices encourage duplicating data and synchronizing it) would need synchronization. Ideally mailman would offer signals for various events that front-ends can hook in to. They would probably be similar to the hyperkitty archiver plugin I guess. Another thing I believe in is blocking access until an account is confirmed, which really shouldn't depend on mailman. While postorius might be a project that should always have an active connection to the core, and archive doesn't necessarily need it. > > That doesn't necessarily prevent Postorius from doing it, and when used with > Persona, we see how nicely that can work. It's also of course possible that > any 3rd party front-end will have its own way of verifying email addresses. > > The other thing to think about is that the core already must know how to talk > to the outgoing MTA, to provide proper reputation services, signing, etc. I > don't know that we want to make site admins have to configure that in two > places, and we almost certainly don't want Postorius to send out emails > directly. Sorry but I have to disagree with that. Postorius _has_ to be able to send out mails. In case any server errors occur, django tries to send out emails to administrators defined in the settings. I strongly recommend setting this up for a production system. The mta should take care of the rest (dkim signatures, ...). If you are referring to gpg signing and encryption, there are django apps for that. A quick search revealed https://github.com/stephenmcd/django-email-extras I haven't tried it, but I don't think it would be that hard to integrate if the core supports them. There is one more issue that needs to be discussed which is relevant to all templates: Translation. Django has builtin methods to translate and through the browser's preferred language can choose one. The core would require associating a language with each user in the settings. >From a usability point of view I would like Postorius to be able to set all >templates and not just link to files in mailman. There are a couple of businesses that manage thousands of lists and I guess they would appreciate it if list owners could do this without direct access to the mailman server. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Postorius and verified email addresses
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote: >Short version: it supports both external (social) and internal (django) auth >systems and offers options to combine/switch between them . Allauth provides >Signals that I used to verify the addresses in Mailman. I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius? I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end. That doesn't necessarily prevent Postorius from doing it, and when used with Persona, we see how nicely that can work. It's also of course possible that any 3rd party front-end will have its own way of verifying email addresses. The other thing to think about is that the core already must know how to talk to the outgoing MTA, to provide proper reputation services, signing, etc. I don't know that we want to make site admins have to configure that in two places, and we almost certainly don't want Postorius to send out emails directly. Cheers, -Barry ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Postorius and verified email addresses
>In that case, how should this address be validated? Should Postorius >consider that the login system always validates addresses and set them >as >verified in Mailman? Should it ask mailman to verify the email >addresses >when it encounters a user's un-verified address? This does not seem >possible in REST at the moment (unless I missed it), and should be >protected against multiple checks. > >Ideas? I started a thread about this a couple of months back. I was asking about what authentication system to switch to, since persona is being dropped. I found a couple of solutions and have my personal favorite: django-allauth I have a merge request pending that adds basic functionality for it in postorius. I think that it's better than python-social-auth that hyperkitty is currently using. Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman. The link to my merge request: https://gitlab.com/mailman/postorius/merge_requests/130 The link to my previous post: https://mail.python.org/pipermail/mailman-developers/2016-January/025338.html -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Postorius and verified email addresses
On Apr 06, 2016, at 06:08 PM, Aurelien Bompard wrote: >In that case, how should this address be validated? Should Postorius >consider that the login system always validates addresses and set them as >verified in Mailman? Should it ask mailman to verify the email addresses >when it encounters a user's un-verified address? This does not seem >possible in REST at the moment (unless I missed it), and should be >protected against multiple checks. This is why POST on members (i.e. create a subscription) has a pre_verified flag, which defaults to False. The core already has a subscription workflow to send the address a confirmation email if the subscribing address is not already verified, and pre_verified is False. (It will send a similar confirmation email if pre_confirmed is False and the mailing list is set to confirm or confirm_then_moderate.) By default, confirmation can only effectively happen by email reply, but the intent is that you could modify the confirm.txt template[1] to include the appropriate link back into Postorius which would effect the same verification step as a mail-back. This link would POST to /addresses//verify to verify the user's email address. Thinking about it the terms you describe above, I guess there's another workflow that isn't directly covered. When Postorius creates the user, an address is also created and linked to the user, but it cannot be set as the preferred address until it's verified. I can see where you might want to send the verification email at some point before a subscription event, so that the linked address gets verified and thus could be set as their preferred address. If that's a use case you think we need, do file a bug. I don't think it would be too difficult to implement. Cheers, -Barry [1] Or w.r.t. GL issue #112, set a 'confirm.txt' template URL. ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] Postorius and verified email addresses
Hey people, Mailman has the notion of "verified" email addresses. When a user is created / registered in Postorius, a Mailman user can be created. It's off by default but it seems like a logical thing to do. This user will be created when the client visits the user profile or preferences pages anyway, because it needs it in Mailman at that point. However, the address that the user is created with is not verified. It's a good thing because Django, by itself, does not verify email addresses. The social auth providers that we use do validate them, but not Django, and when internal auth is involved then it's only Django. In that case, how should this address be validated? Should Postorius consider that the login system always validates addresses and set them as verified in Mailman? Should it ask mailman to verify the email addresses when it encounters a user's un-verified address? This does not seem possible in REST at the moment (unless I missed it), and should be protected against multiple checks. Ideas? Aurélien ___ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
