On Tue, Nov 25, 2008 at 8:55 PM, Dalius Dobravolskas
[EMAIL PROTECTED] wrote:
Hello,
On Tue, Nov 25, 2008 at 1:47 PM, Gustavo Narea
[EMAIL PROTECTED] wrote:
[...]
repoze.who's approach is elegant because it has broken
up the various components involved in authentication (the so-called
. Sad as it is, that's all that seems to count
these days.
Personally I don't care at all how the auth framework really works.
There are people who care. Do you want to say that just because you
don't care I shouldn't discuss?
Feel free to discuss as much as you want. I just read the whole
So what is it you want to understand? That the one thing is basically the
same as the other?
Result is the same. Not the way it is reached. I try to understand why
different way was chosen. I think repoze.who's way is named Component
programming. However all I got is:
1) Good Gael's example
(username, password) function that return some auth token.
Quick answer is you can't because I don't supply any authentication
middleware that works with tokens. You have two choices:
1) Write your own (e.g. there is no OAuth middleware so you would make
good job as well);
2) Rip off basic http auth
Hi,
2) Rip off basic http auth middleware from AuthKit. That shouldn't be very
hard;
3) Or just use middlewares from paste.auth.basic or paste.auth.digest;
--
Dalius
http://blog.sandbox.lt
--~--~-~--~~~---~--~~
You received this message because you
Dalius, how can I authenticate user with your middleware if can't use
cookies/sessions? For example I use XMLRPCController and I need to
authenticate user, and authorize some controller actions, I have
system.login(username, password) function that return some auth token.
Thanks
Dalius, what for is ``app`` def ?
7 def authorize(function=None):
8
9 This is a decorator which can be used to decorate a Pylons
controller action.
10 It gives function ``function`` environ dictionary and
executes it. Function
11 should return either True
On Wed, Nov 26, 2008 at 12:36 PM, sector119 [EMAIL PROTECTED] wrote:
Dalius, what for is ``app`` def ?
7 def authorize(function=None):
8
9 This is a decorator which can be used to decorate a Pylons
controller action.
10 It gives function ``function`` environ
to newcomers. That's really
important in small country like mine (3 millions people) where it is
very hard to find Python programmers. I don't speak about Pylons even
(I know 5 Pylons programmers from my country).
Personally I don't care at all how the auth framework really works.
There are people who
On Mon, Nov 24, 2008 at 10:21 PM, Dalius Dobravolskas
[EMAIL PROTECTED] wrote:
Hello, Mike,
On Tue, Nov 25, 2008 at 12:18 AM, Mike Orr [EMAIL PROTECTED] wrote:
I have consolidated the various auth wiki pages into a section in the
Pylons Cookbook called Authentication and Authorization
, and most people find the defaults to be adequate.
That's not true of auth, which needs at least some kind of user
database and other application-specific decisions. That may just be
an intrinsic problem of any application-independent authentication
library: AuthKit has similar complexity
On Tue, Nov 25, 2008 at 2:44 AM, Dalius Dobravolskas
[EMAIL PROTECTED] wrote:
Hello,
I will repeat my question: what additional value is created by
repoze.who what WSGI can't do?
repoze.who *is* WSGI. :)
Actually it is more. It is WSGI (layer programming?) + Zope (component
programming).
Hello, Mike,
By component programming you mean the fact that it has plugins?
Almost.
So by component programming you mean plugins? And that's your main
complaint against repoze.who?
Actually if we speak about repoze.who against AuthKit in this case, my
main complaint is that repoze.who
It's a wiki. :) You can edit it yourself.
Thank you ;)
--
Dalius
http://blog.sandbox.lt
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to
Hello,
I will repeat my question: what additional value is created by
repoze.who what WSGI can't do?
repoze.who *is* WSGI. :)
Actually it is more. It is WSGI (layer programming?) + Zope (component
programming). I just don't get why mix that? Why WSGI is not enough?
And theoretically it
. In real world that does not work sometimes. I
think it much better to leave control for user:
http://trac.sandbox.lt/auth/wiki/AuthorizeMiddleware
I guess you've only read the outdated documentation at static.repoze.org. I'm
currently preparing the first beta and the new documentation
On Tuesday November 25, 2008 12:29:17 Dalius Dobravolskas wrote:
What if you need to combine multiple authentication schemes in the same
site?
You can add multiple middlewares. The problem is when middlewares or
plugins conflict with each other (e.g. because of lack of options).
social networks or simple sites where you have users
in groups with roles. In real world that does not work sometimes. I
think it much better to leave control for user:
http://trac.sandbox.lt/auth/wiki/AuthorizeMiddleware
I guess you've only read the outdated documentation at static.repoze.org
Hello,
On Tue, Nov 25, 2008 at 1:47 PM, Gustavo Narea
[EMAIL PROTECTED] wrote:
You can add multiple middlewares. The problem is when middlewares or
plugins conflict with each other (e.g. because of lack of options).
repoze.who does not help to solve this problem.
Can you please provide one
2008/11/25 Dalius Dobravolskas [EMAIL PROTECTED]:
Hello,
On Tue, Nov 25, 2008 at 1:47 PM, Gustavo Narea
[EMAIL PROTECTED] wrote:
You can add multiple middlewares. The problem is when middlewares or
plugins conflict with each other (e.g. because of lack of options).
repoze.who does not
On Tuesday November 25, 2008 20:55:15 Dalius Dobravolskas wrote:
E.g. similar patches or similarly named cookies while they should be
different. I have accidentally named my AuthKit cookie and beaker
session the same name once and have had time until I have understood
where is problem. I have
On Tue, Nov 25, 2008 at 10:54 PM, Gustavo Narea
[EMAIL PROTECTED] wrote:
Yes, you are wrong, as Gael pointed in the previous message. Come on, there's
no such a problem with repoze.who.
Gael said that you can change cookie name. That's OK. Problem is
different. Do you really even understand the
By the way, you can set the repoze.who cookie name to wathever you want.
That's OK. Problem is different.
The only complication is that you must say hey, my class is an
authentifier. Is it really complicated ?
There is more actually. I need to understand what is IChallenger,
IIdentifier,
2008/11/25 Dalius Dobravolskas [EMAIL PROTECTED]:
By the way, you can set the repoze.who cookie name to wathever you want.
That's OK. Problem is different.
The only complication is that you must say hey, my class is an
authentifier. Is it really complicated ?
There is more actually. I need
I finished my homegrown auth article with roles and LDAP.
http://wiki.pylonshq.com/display/pylonscookbook/Advanced+Homegrown+Auth
--
Mike Orr [EMAIL PROTECTED]
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
:
return {'login': login, 'password':password}
return None
Technically this example does the same as
http://trac.sandbox.lt/auth/wiki/AuthFormMiddleware. Instead of
writing your plugin you would need to write isauthenticated function
that looks almost the same as identify function
Technically this example does the same as
http://trac.sandbox.lt/auth/wiki/AuthFormMiddleware. Instead of
writing your plugin you would need to write isauthenticated function
that looks almost the same as identify function here.
Technically all auth mechanisms do the same. Quite frankly I
it is
very hard to find Python programmers. I don't speak about Pylons even
(I know 5 Pylons programmers from my country).
Personally I don't care at all how the auth framework really works.
There are people who care. Do you want to say that just because you
don't care I shouldn't discuss?
So just
I've implemented repoze.who in one app so far. It was a bit difficult
at first, but from my understanding is getting easier. I wrote a very
simple tutorial at
http://truefalsemaybe.com/2008/06/authorization-in-pylons-with-repozewho-part-1-htaccess/
I imagine I will write a followup soon, as I
On Mon, Nov 24, 2008 at 10:51 PM, Tom Longson (nym) [EMAIL PROTECTED] wrote:
I've implemented repoze.who in one app so far. It was a bit difficult
at first, but from my understanding is getting easier. I wrote a very
simple tutorial at
Hello,
On Mon, Nov 24, 2008 at 11:56 PM, Florent Aide [EMAIL PROTECTED] wrote:
TurboGears 2 team has chosen repoze.who to implement authentication
and has spawned repoze.what to implement authorization.
That's their choice but that's not argument. What was reasoning behind that?
I feel that
builds social networks or simple sites where you have users
in groups with roles. In real world that does not work sometimes. I
think it much better to leave control for user:
http://trac.sandbox.lt/auth/wiki/AuthorizeMiddleware
--
Dalius
http://blog.sandbox.lt
Hello, Mike,
On Tue, Nov 25, 2008 at 12:18 AM, Mike Orr [EMAIL PROTECTED] wrote:
I have consolidated the various auth wiki pages into a section in the
Pylons Cookbook called Authentication and Authorization.
http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorization
Can
Hello, All,
I will rise old AuthAuth problem in Pylons. I have written some
middlewares and here is the reason why I have done that:
http://trac.sandbox.lt/auth/wiki/WhyWsgiMiddleware
What I need now is your opinion. Have I chosen the right path? What
are you missing in my solution (both
2008/11/23 Dalius Dobravolskas [EMAIL PROTECTED]:
Hello, All,
I will rise old AuthAuth problem in Pylons. I have written some
middlewares and here is the reason why I have done that:
http://trac.sandbox.lt/auth/wiki/WhyWsgiMiddleware
What I need now is your opinion. Have I chosen
Hi,
What I need now is your opinion. Have I chosen the right path? What
are you missing in my solution (both documentation and code)?
Definetly there are some bugs/problems as well.
Why don't you use repose.who ?
There are several reasons:
1) It is historical reason. If you search archive
there are a
fewer number of people qualified to write auth documentation and to
compare alternative auth libraries.
The two chapters are part of a book that aims to be a complete
reference ofPylonsprogramming, scaling to large sites. I guess they
don't work as well outside that context. The complete book
SQLAlchemy/Genshi/forms, so there are a
fewer number of people qualified to write auth documentation and to
compare alternative auth libraries.
The two chapters are part of a book that aims to be a complete
reference ofPylonsprogramming, scaling to large sites. I guess they
don't work as well
Ian Bicking wrote:
evaling is generally a bad idea. You could consider it JSON or some
more limited serialization of data. Or put it in, say,
environ['x-wsgiorg.user_data'], a real dictionary.
Paste complains if the real dictionary is placed in environ. Isn't that
too strict?
Regards,
Dalius Dobravolskas wrote:
Ian Bicking wrote:
evaling is generally a bad idea. You could consider it JSON or some
more limited serialization of data. Or put it in, say,
environ['x-wsgiorg.user_data'], a real dictionary.
Paste complains if the real dictionary is placed in environ. Isn't
Mike Orr wrote:
OpenID is a new and different kind of authentication system, so I
don't know if we've figured out the best way to integrate it yet.
Feedback from those who use OpenID would be helpful.
You should use it to figure out. I accept any way where you can login
and are not asked to
using it in a production app for a .gov and a .com client.
What bothered me most was that AuthKit wasn't something I could just
drop in and start using, with anything beyond the appname.conf file
supplying the username/password/groups.
I would hope that any sufficiently well-loved auth middleware
Opened ticket #403 for the outstanding AuthKit issues.
http://pylonshq.com/project/pylonshq/ticket/403
If I failed to list any issues, please add a comment to the ticket so
it doesn't get forgotten.
--
Mike Orr [EMAIL PROTECTED]
--~--~-~--~~~---~--~~
You
HTTPAuthorizationRequired
exceptions into proper 401 responses. I don't think the auth middleware
should wrap these itself.
2. I think we should agree that user data if there is some data arriving
with authentication should be put into REMOTE_USER_DATA env. variable.
E.g. some SREG data comes with OpenID
On Fri, Mar 28, 2008 at 10:19:35PM -0700, Mike Orr wrote:
Their argument seems to be not that it doesn't work (the previous
bugs have been fixed), but that you can write your own authentication
in the time it takes to learn it. I haven't used AuthKit in a program
so I can't say definitively
directly, and should translate any HTTPAuthorizationRequired
exceptions into proper 401 responses. I don't think the auth middleware
should wrap these itself.
Agreed. My mistake. That's the way AuthKit works but AuthKit is
authentication/authorization middleware (not only authentication).
2. I
Previously Mike Orr wrote:
AuthKit's author James Gardner says the architecture is sound, the
outstanding bugs have been fixed, and the two substantial chapters in
the Pylons Book space on the wiki have been audited for Pylons 0.9.6.
Against this are 4-5 people on IRC and this list who have
roles by person). It's easy to implement your own
model whith your own driver. Decorators are great. You don't need
change this. With your own driver you don't need a SVN version of
AuthKit.
The presentation is another tricky thing. You can redirect to your own
url to show a custom auth form
Jorge Vargas wrote:
this comes as a shock to me, I though authkit was defacto just like
mako, SA,etc. I'm just starting to read up on authkit, and so far I
though it only had outdated documentation, but the fact that noone has
back it up as a good path in this thread makes me wonder if I'm
Ian Bicking wrote:
Some time ago I wrote this up as a proposal for the basic way
authentication can work in WSGI:
http://wsgi.org/wsgi/Specifications/simple_authentication
I think most of the systems work pretty much like this, but I don't know
for sure.
Ian, that's exactly what I
Wichert Akkerman wrote:
There is an important lesson here: a very important, if not the most
important, factor for adaption of a tool such as AuthKit is the quality
of its documentation and how easy it is for complete newcomers to start
using it.
I don't agree here. AuthKit is good enough
I lack the expertise to judge the relative merits of subtly different
authentication/authorization strategies vis a vis Pylons. I do know,
however, that, as a Pylons end user, I need a fundamentally sound
and practical authentication/authorization mechanism, and it's the
last thing I want to have
people build
authenticated sites than use SQLAlchemy/Genshi/forms, so there are a
fewer number of people qualified to write auth documentation and to
compare alternative auth libraries.
The two chapters are part of a book that aims to be a complete
reference of Pylons programming, scaling to large
VCS (in this
case mercurial) allows us to do after all. That's why I have splitted
AuthKit - because it is too complicated to support it (written by genius
and author is busy person).
I will need to support both basic HTTP authentication for our RESTful
API and forward style auth for our human
Ian Bicking wrote:
It's still quite young, but worth checking out:
http://svn.repoze.org/repoze.who/trunk/
How many people are working on it? Will it not end like AuthKit because
no one writes plugin for it? You can write handlers/plugins for AuthKit
as well BTW.
Regards,
Dalius
for authorization, and then let the
package authors figure out how to fulfill them and to interoperate
with each other; i.e., the WSGI of auth. I've started a wiki page for
this in the Pylons Projects space:
http://wiki.pylonshq.com/display/pylonsprojects/Authentication+and+Authorization+Central
--
Mike Orr
authors figure out how to fulfill them and to interoperate
with each other; i.e., the WSGI of auth. I've started a wiki page for
this in the Pylons Projects space:
http://wiki.pylonshq.com/display/pylonsprojects/Authentication+and+Authorization+Central
On Fri, Mar 28, 2008 at 2:48 PM, Mike Orr [EMAIL PROTECTED] wrote:
This discussion shows Pylons needs some kind of flexible but standard
system of authentication authorization. It has also been clear from
the past several months that AuthKit provides *a* unified solution for
both
of authentication that obscured the most straight forward
solution for most people. For that reason, many went the way of
rolling they own authentication. Has anything changed since then?
I will need to support both basic HTTP authentication for our RESTful
API and forward style auth for our
changed since then?
I will need to support both basic HTTP authentication for our RESTful
API and forward style auth for our human web interface. Users are
going to come from either the application database or from LDAP. It's
OK to use PAM as a proxy to LDAP since that generally makes
to this group, never posted anything here before, but I think
I've got something just right for you. I have done implementation of
HTTP-Auth Basic (Digest is no problem also, but you'll have to change
the controller a bit) and also web based user authentication.
So. Here is my solution for http
anything here before, but I think
I've got something just right for you. I have done implementation of
HTTP-Auth Basic (Digest is no problem also, but you'll have to change
the controller a bit) and also web based user authentication.
So. Here is my solution for http-auth-basic. Mind you it's
62 matches
Mail list logo