s decorator syntax; if there is anything
simple like that, it would be great.
That's it, I'm looking for the best auth-and-auth solution that fits
the bill and that isn't too painful to setup. If you all tell me
that I need to roll my own, I think we are going to hack a reusable
Hello, All,
I will rise old Auth&Auth problem in Pylons. I have written some
middlewares and here is the reason why I have done that:
http://trac.sandbox.lt/auth/wiki/WhyWsgiMiddleware
What I need now is your opinion. Have I chosen the right path? What
are you missing in my solution (both docume
from either the application database or from LDAP. It's
> OK to use PAM as a proxy to LDAP since that generally makes
> configuration a bit less ugly. (Can we configure auth wiht PAM on
> MacOS?) I liked Authkit's decorator syntax; if there is anything
> simple like that, it
Yannick Gingras pisze:
> Greetings Pyloneers,
>
> It's be a long time since I hacked something with Pylons but things
> are moving favorably now. After a flash demo of our great tools, I
> was able to convince out lead architect that Pylons was the right
> choice for our next web app.
Hello!
I'm
Wow, that's great. I'm just reaching the stage of adding login/
authorization to my project, and your approach looks just like what I
had in mind, but with all the unknowns filled in. Thanks for sharing.
On Mar 27, 9:42 am, Wolverine <[EMAIL PROTECTED]> wrote:
> Yannick Gingras pisze:> Greetin
Hello,
Yannick Gingras wrote:
> First things first, I need to pick an authentication and authorization
> solution. Last time I checked, around December, Authkit had a fancy
> decorator syntax but it was a bit ill documented and featured many
> strange way of authentication that obscured the most
Ian Bicking wrote:
> It's still quite young, but worth checking out:
> http://svn.repoze.org/repoze.who/trunk/
How many people are working on it? Will it not end like AuthKit because
no one writes plugin for it? You can write handlers/plugins for AuthKit
as well BTW.
Regards,
Dalius
--~--~---
I am the primary author of repoze.who. I'm currently using it in
customer projects. There are currently four contributors to it,
including myself.
As with any project, it's difficult to know where it will end up, but
I think we're off to a pretty good start, as repoze.who ships with a
good num
I am the primary author of repoze.who. There are four contributors
currently including myself. I am using the software in my own
customers' projects.
As with any project. it's hard to know where it will end up, but I
think we're in pretty good shape now as there have already been some
plugins c
On Fri, Mar 28, 2008 at 1:08 PM, chrism <[EMAIL PROTECTED]> wrote:
> I am the primary author of repoze.who. There are four contributors
> currently including myself. I am using the software in my own
> customers' projects.
>
> As with any project. it's hard to know where it will end up, but
This discussion shows Pylons needs some kind of flexible but standard
system of authentication & authorization. It has also been clear from
the past several months that AuthKit provides *a* unified solution for
both issues, but it has not gained sufficient acceptance from the
Pylons community to
Some time ago I wrote this up as a proposal for the basic way
authentication can work in WSGI:
http://wsgi.org/wsgi/Specifications/simple_authentication
I think most of the systems work pretty much like this, but I don't know
for sure.
Mike Orr wrote:
> This discussion shows Pylons needs some
On Fri, Mar 28, 2008 at 2:48 PM, Mike Orr <[EMAIL PROTECTED]> wrote:
>
> This discussion shows Pylons needs some kind of flexible but standard
> system of authentication & authorization. It has also been clear from
> the past several months that AuthKit provides *a* unified solution for
> bot
On Fri, Mar 28, 2008 at 9:12 PM, Jorge Vargas <[EMAIL PROTECTED]> wrote:
>
> On Fri, Mar 28, 2008 at 2:48 PM, Mike Orr <[EMAIL PROTECTED]> wrote:
> >
> > This discussion shows Pylons needs some kind of flexible but standard
> > system of authentication & authorization. It has also been clea
Previously Mike Orr wrote:
> AuthKit's author James Gardner says the architecture is sound, the
> outstanding bugs have been fixed, and the two substantial chapters in
> the Pylons Book space on the wiki have been audited for Pylons 0.9.6.
> Against this are 4-5 people on IRC and this list who h
My problems whith authkit:
I can't say nothing about authkit docs. My english is very bad. I
can't judge it. The code is clear ;-)
AuthKit has many config options. This is a good think. In my work, the
people is mad. Many options for flexibility are welcome.
In SVN version, you have a SQLAlchem
Jorge Vargas wrote:
> this comes as a shock to me, I though authkit was defacto just like
> mako, SA,etc. I'm just starting to read up on authkit, and so far I
> though it only had outdated documentation, but the fact that noone has
> back it up as a good path in this thread makes me wonder if I'm
Ian Bicking wrote:
> Some time ago I wrote this up as a proposal for the basic way
> authentication can work in WSGI:
> http://wsgi.org/wsgi/Specifications/simple_authentication
>
> I think most of the systems work pretty much like this, but I don't know
> for sure.
>
Ian, that's exactly wha
Wichert Akkerman wrote:
> There is an important lesson here: a very important, if not the most
> important, factor for adaption of a tool such as AuthKit is the quality
> of its documentation and how easy it is for complete newcomers to start
> using it.
I don't agree here. AuthKit is good enough
chrism wrote
> Its current state is completely functional, although it lacks a
> configuration file format and parser (maybe one isn't needed, it'd
> just be nice). I intend to work more on the documentation, although
> it's not completely terrible now.
>
That makes it worse than AuthKit or mi
I lack the expertise to judge the relative merits of subtly different
authentication/authorization strategies vis a vis Pylons. I do know,
however, that, as a Pylons "end user", I need a fundamentally sound
and practical authentication/authorization mechanism, and it's the
last thing I want to hav
On Sat, Mar 29, 2008 at 4:23 PM, mdoudoroff <[EMAIL PROTECTED]> wrote:
> Unfortunately, I can confirm that the AuthKit documentation situation
> is appalling. I spent hours sifting through the obsolete "Pylons book"
> chapters, their comments, the source code, and the cookbook documents
> befo
Dalius Dobravolskas wrote:
> Ian Bicking wrote:
>> Some time ago I wrote this up as a proposal for the basic way
>> authentication can work in WSGI:
>> http://wsgi.org/wsgi/Specifications/simple_authentication
>>
>> I think most of the systems work pretty much like this, but I don't know
>> for
On Sat, Mar 29, 2008 at 04:23:31PM -0700, mdoudoroff wrote:
> It seems to me that AuthKit may have a few warts:
>
> 1) The "one group per user" limitation seems to be irritating people.
> I don't personally care, because all I need are roles, and I can't
> help but wonder if the people who are co
On Fri, Mar 28, 2008 at 10:19:35PM -0700, Mike Orr wrote:
> Their argument seems to be not that it doesn't work (the previous
> bugs have been fixed), but that you can write your own authentication
> in the time it takes to learn it. I haven't used AuthKit in a program
> so I can't say definitiv
>> app = HTTPExceptionHandler(app)
>>
>> Example middleware:
>> http://hg.sandbox.lt/authform-middleware/file/2be2aba0a1b7/authform_middleware/authform.py
>
> Generally you shouldn't throw expected exceptions outside of your
> application. So HTTPExceptionHandler should be wrapping your
> cont
Mike Orr wrote:
> OpenID is a new and different kind of authentication system, so I
> don't know if we've figured out the best way to integrate it yet.
> Feedback from those who use OpenID would be helpful.
You should use it to figure out. I accept any way where you can login
and are not asked to
"Mike Orr" <[EMAIL PROTECTED]> writes:
> We need somebody who has used AuthKit to write the simple HOWTOs that
> people are asking for.
I did and did, but it was a while back and I suspect AuthKit's changed
since I wrote it:
http://pylonshq.com/project/pylonshq/wiki/PylonsWithAuthKitForward
I'
Opened ticket #403 for the outstanding AuthKit issues.
http://pylonshq.com/project/pylonshq/ticket/403
If I failed to list any issues, please add a comment to the ticket so
it doesn't get forgotten.
--
Mike Orr <[EMAIL PROTECTED]>
--~--~-~--~~~---~--~~
You rece
Ian Bicking wrote:
> evaling is generally a bad idea. You could consider it JSON or some
> more limited serialization of data. Or put it in, say,
> environ['x-wsgiorg.user_data'], a real dictionary.
Paste complains if the real dictionary is placed in environ. Isn't that
too strict?
Regards,
Dalius Dobravolskas wrote:
> Ian Bicking wrote:
>> evaling is generally a bad idea. You could consider it JSON or some
>> more limited serialization of data. Or put it in, say,
>> environ['x-wsgiorg.user_data'], a real dictionary.
> Paste complains if the real dictionary is placed in environ.
I just finished setting up Pylons 0.9.6 with AuthKit and SQLAlchemy
0.4.4. I decided to write a tutorial that will hopefully serve to
help others and avoid the same hair pulling that I went through. =)
Hopefully it makes sense, as most of the files are the FULL file, not
snippets. Let me know w
John, thanks for writing and sharing your Zero-to-Sixty. I read the
whole thing, and it makes Authkit look much easier to integrate and
get working than what the rumors seem to indicate I look forward to
reading part 3.
My one suggestion: your blog-format code windows are narrow and they
don't
2008/11/23 Dalius Dobravolskas <[EMAIL PROTECTED]>:
>
> Hello, All,
>
> I will rise old Auth&Auth problem in Pylons. I have written some
> middlewares and here is the reason why I have done that:
> http://trac.sandbox.lt/auth/wiki/WhyWsgiMiddleware
>
> What I need now is your opinion. Have I chose
Hi,
>> What I need now is your opinion. Have I chosen the right path? What
>> are you missing in my solution (both documentation and code)?
>> Definetly there are some bugs/problems as well.
>>
>
> Why don't you use repose.who ?
There are several reasons:
1) It is historical reason. If you searc
repoze.who has many plugins including recaptcha, openid, ldap.
also there is repoze.what on the way;)
On 23 nov., 21:55, "Dalius Dobravolskas"
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> >> What I need now is your opinion. Have I chosen the right path? What
> >> are you missing in my solution (both docu
I've implemented repoze.who in one app so far. It was a bit difficult
at first, but from my understanding is getting easier. I wrote a very
simple tutorial at
http://truefalsemaybe.com/2008/06/authorization-in-pylons-with-repozewho-part-1-htaccess/
I imagine I will write a followup soon, as I wan
On Mon, Nov 24, 2008 at 10:51 PM, Tom Longson (nym) <[EMAIL PROTECTED]> wrote:
>
> I've implemented repoze.who in one app so far. It was a bit difficult
> at first, but from my understanding is getting easier. I wrote a very
> simple tutorial at
> http://truefalsemaybe.com/2008/06/authorization-in
I have consolidated the various auth wiki pages into a section in the
Pylons Cookbook called "Authentication and Authorization".
http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorization
Graham's simple homegrown tutorial has been moved to a child page. I
added a link to F
Hello,
On Mon, Nov 24, 2008 at 11:56 PM, Florent Aide <[EMAIL PROTECTED]> wrote:
> TurboGears 2 team has chosen repoze.who to implement authentication
> and has spawned repoze.what to implement authorization.
That's their choice but that's not argument. What was reasoning behind that?
> I feel t
On Mon, Nov 24, 2008 at 11:06 PM, Domen Kožar <[EMAIL PROTECTED]> wrote:
>
> repoze.who has many plugins including recaptcha, openid, ldap.
> also there is repoze.what on the way;)
I should have investigated that. Thank you for pointing that.
OpenID: If we are speaking about
http://code.google.com
Hello, Mike,
On Tue, Nov 25, 2008 at 12:18 AM, Mike Orr <[EMAIL PROTECTED]> wrote:
> I have consolidated the various auth wiki pages into a section in the
> Pylons Cookbook called "Authentication and Authorization".
> http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorizatio
On Mon, Nov 24, 2008 at 10:21 PM, Dalius Dobravolskas
<[EMAIL PROTECTED]> wrote:
>
> Hello, Mike,
>
> On Tue, Nov 25, 2008 at 12:18 AM, Mike Orr <[EMAIL PROTECTED]> wrote:
>> I have consolidated the various auth wiki pages into a section in the
>> Pylons Cookbook called "Authentication and Authori
On Mon, Nov 24, 2008 at 10:09 PM, Dalius Dobravolskas
<[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> On Mon, Nov 24, 2008 at 11:56 PM, Florent Aide <[EMAIL PROTECTED]> wrote:
>> TurboGears 2 team has chosen repoze.who to implement authentication
>> and has spawned repoze.what to implement authorization
On Tue, Nov 25, 2008 at 2:44 AM, Dalius Dobravolskas
<[EMAIL PROTECTED]> wrote:
>
> Hello,
>
>>> I will repeat my question: what additional value is created by
>>> repoze.who what WSGI can't do?
>>
>> repoze.who *is* WSGI. :)
> Actually it is more. It is WSGI (layer programming?) + Zope (component
Hello, Mike,
> By "component programming" you mean the fact that it has plugins?
Almost.
> So by "component programming" you mean plugins? And that's your main
> complaint against repoze.who?
Actually if we speak about repoze.who against AuthKit in this case, my
main complaint is that repoze.wh
> It's a wiki. :) You can edit it yourself.
Thank you ;)
--
Dalius
http://blog.sandbox.lt
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to pylons-discuss
Hello,
>> I will repeat my question: what additional value is created by
>> repoze.who what WSGI can't do?
>
> repoze.who *is* WSGI. :)
Actually it is more. It is WSGI (layer programming?) + Zope (component
programming). I just don't get why mix that? Why WSGI is not enough?
> And theoretically
On Tuesday November 25, 2008 07:18:56 Dalius Dobravolskas wrote:
> repoze.what: Looks like TurboGears 1. The main mistake makes everyone
> when they implement authorization plugin/middleware, they think that
> everyone builds social networks or simple sites where you have users
> in groups with ro
On Tuesday November 25, 2008 12:29:17 Dalius Dobravolskas wrote:
> > What if you need to combine multiple authentication schemes in the same
> > site?
>
> You can add multiple middlewares. The problem is when middlewares or
> plugins conflict with each other (e.g. because of lack of options).
> re
On Tue, Nov 25, 2008 at 12:19 PM, Gustavo Narea
<[EMAIL PROTECTED]> wrote:
>
> On Tuesday November 25, 2008 07:18:56 Dalius Dobravolskas wrote:
>> repoze.what: Looks like TurboGears 1. The main mistake makes everyone
>> when they implement authorization plugin/middleware, they think that
>> everyo
Hello,
On Tue, Nov 25, 2008 at 1:47 PM, Gustavo Narea
<[EMAIL PROTECTED]> wrote:
>> You can add multiple middlewares. The problem is when middlewares or
>> plugins conflict with each other (e.g. because of lack of options).
>> repoze.who does not help to solve this problem.
>
> Can you please pro
2008/11/25 Dalius Dobravolskas <[EMAIL PROTECTED]>:
>
> Hello,
>
> On Tue, Nov 25, 2008 at 1:47 PM, Gustavo Narea
> <[EMAIL PROTECTED]> wrote:
>>> You can add multiple middlewares. The problem is when middlewares or
>>> plugins conflict with each other (e.g. because of lack of options).
>>> repoze
On Tuesday November 25, 2008 20:55:15 Dalius Dobravolskas wrote:
> E.g. similar patches or similarly named cookies while they should be
> different. I have accidentally named my AuthKit cookie and beaker
> session the same name once and have had time until I have understood
> where is problem. I h
On Tue, Nov 25, 2008 at 10:54 PM, Gustavo Narea
<[EMAIL PROTECTED]> wrote:
> Yes, you are wrong, as Gael pointed in the previous message. Come on, there's
> no such a problem with repoze.who.
Gael said that you can change cookie name. That's OK. Problem is
different. Do you really even understand
> By the way, you can set the repoze.who cookie name to wathever you want.
That's OK. Problem is different.
> The only complication is that you must say "hey, my class is an
> authentifier". Is it really complicated ?
There is more actually. I need to understand what is IChallenger,
IIdentifier,
2008/11/25 Dalius Dobravolskas <[EMAIL PROTECTED]>:
>
>> By the way, you can set the repoze.who cookie name to wathever you want.
> That's OK. Problem is different.
>
>> The only complication is that you must say "hey, my class is an
>> authentifier". Is it really complicated ?
> There is more act
I finished my homegrown auth article with roles and LDAP.
http://wiki.pylonshq.com/display/pylonscookbook/Advanced+Homegrown+Auth
--
Mike Orr <[EMAIL PROTECTED]>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"py
Hello, Gael,
> class UrlPlugin(RedirectingFormPlugin):
>implements(IChallenger, IIdentifier)
>
># IIdentifier
>def identify(self, environ):
>query = parse_dict_querystring(environ)
>if 'email' in query and 'secret' in query:
>rememberer = self._get_remember
> Technically this example does the same as
> http://trac.sandbox.lt/auth/wiki/AuthFormMiddleware. Instead of
> writing your plugin you would need to write isauthenticated function
> that looks almost the same as identify function here.
Technically all auth mechanisms do the same. Quite frankly
On Wed, Nov 26, 2008 at 8:54 AM, Uwe C. Schroeder <[EMAIL PROTECTED]> wrote:
> What is it you want to achieve with this crusade? More popularity? I guess all
> you'll get is annoyed core developers.
I don't care about popularity at all. If I care I have chosen the
wrong path. There are two things
On Tue, Nov 25, 2008 at 8:55 PM, Dalius Dobravolskas
<[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> On Tue, Nov 25, 2008 at 1:47 PM, Gustavo Narea
> <[EMAIL PROTECTED]> wrote:
[...]
>> repoze.who's approach is elegant because it has broken
>> up the various components involved in authentication (the
On Tuesday 25 November 2008, Dalius Dobravolskas wrote:
> On Wed, Nov 26, 2008 at 8:54 AM, Uwe C. Schroeder <[EMAIL PROTECTED]> wrote:
> > What is it you want to achieve with this crusade? More popularity? I
> > guess all you'll get is annoyed core developers.
>
> I don't care about popularity at
> So what is it you want to understand? That the one thing is basically the
> same as the other?
Result is the same. Not the way it is reached. I try to understand why
different way was chosen. I think repoze.who's way is named Component
programming. However all I got is:
1) Good Gael's example t
Hi,
On Wed, Nov 26, 2008 at 12:31 PM, sector119 <[EMAIL PROTECTED]> wrote:
> Dalius, how can I authenticate user with your middleware if can't use
> cookies/sessions? For example I use XMLRPCController and I need to
> authenticate user, and "authorize" some controller actions, I have
> system.log
Hi,
> 2) Rip off basic http auth middleware from AuthKit. That shouldn't be very
> hard;
3) Or just use middlewares from paste.auth.basic or paste.auth.digest;
--
Dalius
http://blog.sandbox.lt
--~--~-~--~~~---~--~~
You received this message because you are subs
Dalius, how can I authenticate user with your middleware if can't use
cookies/sessions? For example I use XMLRPCController and I need to
authenticate user, and "authorize" some controller actions, I have
system.login(username, password) function that return some auth token.
Thanks!
--~--~
Dalius, what for is ``app`` def ?
7 def authorize(function=None):
8 """
9 This is a decorator which can be used to decorate a Pylons
controller action.
10 It gives function ``function`` environ dictionary and
executes it. Function
11 should return either Tru
On Wed, Nov 26, 2008 at 12:36 PM, sector119 <[EMAIL PROTECTED]> wrote:
>
> Dalius, what for is ``app`` def ?
>
> 7 def authorize(function=None):
> 8 """
> 9 This is a decorator which can be used to decorate a Pylons
> controller action.
>10 It gives function ``function`
On Tue, Nov 25, 2008 at 11:39 PM, Dalius Dobravolskas
<[EMAIL PROTECTED]> wrote:
>
> On Wed, Nov 26, 2008 at 8:54 AM, Uwe C. Schroeder <[EMAIL PROTECTED]> wrote:
>> What is it you want to achieve with this crusade? More popularity? I guess
>> all
>> you'll get is annoyed core developers.
> I don'
70 matches
Mail list logo
