way.py#l44
But what's more likely causing the problem is using the protect_action
instead of ControllerProtector, like in:
https://source.openplans.org/hg/communityalmanac/file/d5eaab92ec5c/communityalmanac/controllers/admin.py
#l20
Douglas Mayle
On Sep 16, 2009, at 9:14 AM, Iain Duncan wro
It depends on how basic your CMS needs are. The Pylons Book contains
a simple CMS called SimpleSite that you could probably integrate, if
your needs were light.
http://pypi.python.org/pypi/SimpleSite/0.3.0
http://pylonsbook.com/en/1.0/starting-the-simplesite-tutorial.html
http://pylonsbook
wanted to make sure
that: 1) This wasn't a known problem, or 2) there isn't already some
other identifier plugin that satisfies my needs..
(The other possibility is just a stricter predicate, is_valid_user, I
suppose, but then I'm still trusting the client to tell me who'
Douglas Mayle added the comment:
Chris, I actually wrote a mock (using import hooks) that would allow me to
simulate not being able to import a module, even if it's really available. This
should allow us to get a higher coverage. Unfortunately, without bcrypt
installed, we couldn'
Douglas Mayle added the comment:
Any comments for me? Anything I need to do to get this accepted? I think it's
pretty thorough, but I'm open to any criticism...
__
Repoze Bugs
<http://bugs.repoz
oes logout. I just finished writing
>> user registration, and was wondering if there was a way that I could
>> automatically log the user in on successful signup? I'm currently
>> using the redirectingform plugin and the sql authenticator. Will I
>> have to write
gnup? I'm currently
using the redirectingform plugin and the sql authenticator. Will I
have to write my own custom plugin, or is there something I can do out
of the box?
Thanks,
Douglas Mayle
___
Repoze-dev mailing list
Repoze-dev@lists.
Douglas Mayle added the comment:
Hopefully, the last of the unit tests that don't work properly in Python 2.4
__
Repoze Bugs
<http://bugs.repoze.org/issue85>
__
repozewho_salted_hashes_with_bcrypt.diff
Description:
Douglas Mayle added the comment:
Whoops, bad unittest passed through because I was testing in Python 2.5
__
Repoze Bugs
<http://bugs.repoze.org/issue85>
__
repozewho_salted_hashes_with_bcrypt.diff
Description: Binar
Douglas Mayle added the comment:
New version of the patch which also supports blowfish hashes when bcrypt is
installed, and uses pycrypto on python < 2.5 for sha256 support. This patch
superseded the previous two patches.
__
Repoze Bugs
<http://bugs.repo
Douglas Mayle added the comment:
I've commented on this patch on the mailing list, but wanted to make sure my
concerns were recorded here:
* `if cleartext_password.startswith('{SHA}'):`
The hashing system is entirely optional at the client level, so
you don't provide
s to
compute the password from the HMAC, the passwords are still stored as
standard hashed passwords, and that means that a db leak leaves all of
your accounts compromised. With salted hashes, that is not true...
Douglas Mayle
On May 20, 2009, at 12:07 AM, Paul Johnston wrote:
> Hi,
>
Okay, done... I recommend the base64 version, as it's backwards
compatible and standards compliant...
Doug
On May 19, 2009, at 4:36 PM, Douglas Mayle wrote:
> So, I've finished it off and submitted the patch to issue 85:
> http://bugs.repoze.org/issue85
>
> In absence
Douglas Mayle added the comment:
Adding a version of the patch that uses base64 encoding, to be more standards
compliant. The default comparator supports reading the older hex based encoding
as well...
--
status: unread -> chatting
__
Repoze B
een
them...
Douglas Mayle
On May 19, 2009, at 3:03 PM, Douglas Mayle wrote:
> On further inspection, it uses a hex form of the digest. Is there any
> preference between that and RFC 2307 schemes, which use base64 for
> encoding?
>
> Doug
>
> On May 19, 2009, at 1:57 PM, Doug
New submission from Douglas Mayle :
The SQL Authenticator uses unsalted hashes by default which are susceptible to
attacks like Rainbow tables. I'm including a patch to add support, with tests.
In addition, it's useful to have a default implementation of the hash function,
so I
On further inspection, it uses a hex form of the digest. Is there any
preference between that and RFC 2307 schemes, which use base64 for
encoding?
Doug
On May 19, 2009, at 1:57 PM, Douglas Mayle wrote:
> Hello all,
> I've noticed that the default_password_compare in
that into their model and have the two work in conjunction. Before I
did it, however, I wanted to make sure that there wasn't something I
was missing...
Thanks,
Douglas Mayle
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.
Douglas Mayle added the comment:
As repoze.who fails to handle the WSGI spec, and I'm supplying a working patch,
I'm bumping up the priority...
--
priority: bug -> critical
__
Repoze Bugs
<http://bugs.re
Douglas Mayle added the comment:
This is a bug in repoze.who because of this paragraph in PEP 333:
(Note: the application must invoke the start_response() callable before the
iterable yields its first body string, so that the server can send the headers
before any body content. However, this
Douglas Mayle added the comment:
The only way I can think to fix this is to create a new generator that wraps the
previous one. It calls the wrapped generator once, caches that, and then yields
that and any further responses. This allows the original generator to behave
the way it did before
New submission from Douglas Mayle :
If a WSGI application returns a generator expression, then
default_challenge_decider in classifiers.py tries to call status.startswith,
which blows up because status has not yet been decided (since the generator
hasn't been called yet)
--
mes
22 matches
Mail list logo