On 02/19/2013 10:43 AM, Maurits van Rees wrote:
> Op 22-01-13 11:40, Maurits van Rees schreef:
>> Op 21-01-13 20:49, Maurits van Rees schreef:
>>> Op 21-01-13 18:27, Tres Seaver schreef:
>>>> Thanks for your effort here: the branch looks good to me.
>>>>
ne thing that would increase my confidence before releasing: can you
(or somebody else) confirm that the Plone trunk works with your branch?
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion
ntract: it is in
implemenataion detail of ZODBUserManager. A SQL-based user manager
plugin might use auto-generated primary keys as user IDs, for instance.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 tsea...@pallad
, and Windows:
http://docs.python.org/2/library/os.html#os.urandom
Note that I lifted the implementation directly from Pyramid's default
session implementation.
Tres.
- --
===
Tres Seaver +1 540-429-0999
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/15/2012 08:27 PM, Matthew Wilkes wrote:
>
>
> Tres Seaver wrote:
>> +> class=".utils.CSRFToken" + permission="zope.Public" + />
>> +
>
> Is there any reason for making the user
1.4.
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comm
self.body = body
>
> @@ -100,8 +95,6 @@
> 'remote_host': '', 'remote_address': '' } )
>
> def test_challenge( self ):
> -from zExceptions import Unauthorized
> -
> helper = self._ma
ugins it would search, which would remove
the requirement to splice the code directly into the PAS framework code.
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellenc
Did you activate the "ZODB user manager" plugin?
Tres.
- --
=======
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP
need to have plugins registered which implement IUserEnumeration and
IGroupEnumeration for your site. Probably you are going to need to
share the set of valid users with that external program, though.
Tres.
- --
===
Tres Seaver
utter in my brain.
Could you post a brief summary of the solution you found for the archives?
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"ht
was never really tested on 2.6: it was developed during
the same time that 2.7 was released.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tarek Ziadé wrote:
> On Thu, May 8, 2008 at 7:52 PM, Tres Seaver <[EMAIL PROTECTED]> wrote:
>> [cut]
>>
>> I don't think we know enough yet to do a good job of writing a similar
>> framework for *managing* users
ter views directly for those plugins.
PlonePAS does some of theneeded UI work in a Plone context. I find
PlonePAS a bit frustrating to work with, however: some of its own
plugins have incomplete or missing GenericSetup support, and I strongly
question the fact that setup code replaces the parent user folder
(bre
ementing IUpdatePlugin
should not know about them, unless they are also actively registered for
ICredentialsUpdatePlugin.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Des
LOG.error('searchPrincipals() returned more than one result '
> + 'id=%s' % k)
> +assert len(info) <= 1
> if len( info ) == 0:
> title = '<%s: not found>'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Sidnei da Silva wrote:
>> On Fri, Feb 15, 2008 at 11:26 AM, Tres Seaver <[EMAIL PROTECTED]> wrote:
>>> The source dist is trivially convertible to an egg (easy_install does
>>> t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Tres Seaver wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Wichert Akkerman wrote:
>>> Previously Tres Seaver wrote:
>>>> I've just pushed PAS 1.5.3 to w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>> I've just pushed PAS 1.5.3 to www.zope.org and the cheeseshop. Would
>> the folks who depend on automated downloads from either of those sites
>> please check th
ng?
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozd
help!!
Try disabling the 'login_page' property of the cookie auth plugin, so
that a "normal" HTTP basic auth prompt happens. Then, enable
'verbose-security' (and 'security-policy-implementation python') in
zope.conf, and unmask Unauthorized in the error_lo
#x27;sdist' version).
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross Patterson wrote:
> Tres Seaver <[EMAIL PROTECTED]> writes:
>
>> Ross Patterson wrote:
>>
>>> I'd love to convert PAS's tests to layers for test setUp and tearDown.
>>> Any objections?
>>
don't use layers for
anything which is a pure "unit test," but can see the point for
"function" or "integration" tests.
Are there a specific set of tests you have in mind which have
significant setup / teardown costs?
Tres.
- --
====
e, as well.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla
entials() method
> they revert back by the time the REQUEST is finished.
Your plugin isn't even being *called* in t normal request.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion
s
> interface?
Yes, we would. You might look at the way the "extraction" plugin
interfaces work for a model: the ones which know about login /
password, etc., are specializations of the more general
IExtractionPlugin, which has a looser contract.
Tres.
- --
=====
because it processes dependencies incrementally,
rather than solving the "transitive closure" of the graph before
attempting to install anything.
> I agree it might be better if the index made dependency data
>> available.
Not exposing the dependency information in the index
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Fulton wrote:
> On Sep 25, 2007, at 3:40 AM, Philipp von Weitershausen wrote:
>
>> Charlie Clark wrote:
>>> Am 25.09.2007 um 02:05 schrieb Tres Seaver:
>>>> I'd like to break the remaining CMF pack
release.
>
> Any other opinions out there?
+1 for a near-term 1.5 release, including the event-based changes.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellen
llow yours.
> I can control which plugins fire by activating/deactivating the
> IUserAdder interface and changing the order of the plugins from within
> PAS, so the "only one plugin can create" restriction is already a bit
> redundant.
Event notification is best used when yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tres Seaver wrote:
I have also released PluginRegistry 1.1.2, with the following fixes:
- Drop previously-activated plugins from the list returned from
listPlugins when they no longer implement the plugin interface.
(http://www.zope.org
Information
- Mailing list: http://lists.zope.org/mailman/listinfo/zope-pas/
- Collector: http://www.zope.org/Collectors/PAS/
- Subversion repository: http://svn.zope.org/PluggableAuthService/
- --
=======
Tres Seaver
in a form
digestible as basic auth.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sidnei da Silva wrote:
> On 4/19/07, Tres Seaver <[EMAIL PROTECTED]> wrote:
>> I doubt you would take my patch, which would just rip the whole thing out.
>>
>> The tradeoff (that users from the root acl_users get a "wei
er
than stomping the root user folder, IMNSHO: really, that's an "iced tea
spoon" problem.
Patient: Doctor, when I drink iced tea, I get a cold stabbing
pain in my eye!
Doctor: Take out the spoon first. That'll be $200, please.
Tres.
- --
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
robert rottermann wrote:
> Tres Seaver wrote:
>> robert rottermann wrote:
>>>> Hi there,
>>>>
>>>> I would like to use Session Auth Helper to authenticate a user after he
>>>> has logged into a
e registration for IAuthenticateCredentials. That
list looks like the one for IExtractCredentials (the cookie plugin can't
actually authenticate, it only retrieves credentials from the request).
Tres.
- --
===
Tres Seaver +1
roles between the
> Security tab and /acl_users/roles or is it not possible?
I would just avoid the role plugin altogether.
> Am still searching the WEB and archives in the meantime.
The better list for this would be [EMAIL PROTECTED] (CC'ed), which
deals with PAS specifics.
Tres
ugin would be
doing something expensive in the case of a cache miss.
> Does anyone have a simple example for this task?
I don't know if it is simple, but the LDAPMultiPlugins product is
certainly one which uses caching in the way you are investigating:
http://www.dataflake.org/softwar
in the root.
>> The problem seems to be that the PAS object that
>> exists in the context of the page request made is the only one asked for
>> information about the roles/credentials of the user making the request,
>> and so we are running into trouble.
>
>> Is i
eneral at the root of the Zope database: the
complexity caused by nesting user folders outweighs any benefit I've
ever identified.
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software &qu
of your
problem.
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment
people believe the
> semantics of (b) are a better default than (a)?
At the PAS level, we could add a new plugin interface, something like
'IIsUserValid', which would be called just after the roles plugins, and
which would block returning any user at all if "required" properti
sful).
>
> Can you suggest me how to go about this problem?
I've CC'ed Rocky Burt, who is the maintainer of the SQLPASPlugin. I'm
afraid I don't know anything about how to configure that plugin.
Tres.
- --
://svn.zope.org/PluggableAuthService/
Tres.
- --
===
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alec Mitchell wrote:
> On 12/19/06, Tres Seaver <[EMAIL PROTECTED]> wrote:
>> In general, you should prefer a 1.4.1 (to get bugfixes only). That
>> makes the PAS release cycle less coupled to your needs, as well.
>
> T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross Patterson wrote:
> Tres Seaver <[EMAIL PROTECTED]> writes:
>
>> Ross Patterson wrote:
>>> Tres Seaver <[EMAIL PROTECTED]> writes:
>>>
>>>> Thanks! Can you please add to the PAS
ggableAuthService/branches/1.4/doc/CHANGES.txt
Tres.
- --
=======
Tres Seaver +1 540-429-0999 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: Gnu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ross Patterson wrote:
> Tres Seaver <[EMAIL PROTECTED]> writes:
>
>> Thanks! Can you please add to the PAS collector so we don't lose the patch:
>>
>> http://www.zope.org/Collectors/PAS
>
> Will do.
&
def exportPAS(context):
> """Export any PAS plugins with configurations."""
> uf = getToolByName(context.getSite(), 'acl_users')
> IFilesystemExporter(uf).export(context, 'PAS', True)
I don't understand the need for this handler, or why
lled for all
> products and the output of that is used to do things like fill
> Products.meta_types. Since I forgot to add a five:registerPackage in my
> configure.zcml that was never called, hence the problem.
Cool, glad that works for you.
Tres.
- --
=
llectors/PAS
- The PAS mailing list, 'zope-pas@zope.org', is where the developers
and users of PAS hang out.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excel
ethods, etc., as well as a RAMCacheManager. You
could implement 'authenticateCredentials' to call an ExternalMethod, for
instance, and then cache the result. You still need to find a way to
deal with the edge case where the service is unavailable: for instance,
you might need to use a
wrap another plugin, providing caching. It might be
possible to make it generic (like the ScriptablePlugin is).
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design&quo
AP user to add additional groups. (I don't recall at present how
those LDAP groups are exposed on the user).
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by D
the issue in any case.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Florent Guillaume wrote:
> On 3 Aug 2006, at 23:27, Tres Seaver wrote:
>> Modified:
>> PluggableAuthService/branches/tseaver-pluggable_allowed/Pr
the
> script just hangs, so I am a little unsure what is happening.
Look at how the CookieAuthPlugin works (in fact, you might just use it).
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"h
or
else by visiting the 'plugins' object and setting up its registry
entries for each interface.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by D
her login name). After that, other
plugins might add groups, roles, or properties to the 'PropertiedUser'.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excelle
ns which are valid for those
protocols, allowing them to issue a challenge by modifying the
response. The protocol of the first plugin to issue a challenge
becomse the only protocol allowed for the remainder of processing.
Tres.
- --
SVN/CMF-2_0-branch/GenericSetup]
$ cat DEPENDENCIES.txt
Zope >= 2.8.5
Five >= 1.2
Note that it works fine to install tne newer Five version into
$INSTANCE_HOME/Products (and I would recommend Five 1.2 for all Zope
2.8.x users).
Tres.
- --
===
, then please submit it along with your problem report to the
PAS collector:
http://www.zope.org/Collectors/PAS/
(Actually, please submit the issue even if the patch doesn't work).
Tres.
--
===
Tres Seaver +1 202-558-71
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>My understanding of PlonePAS was that is was a "canned setup" for a PAS
>>instance. I didn't realize that it provided additional skins as well,
>>a
uth' plugin to your PAS, but *name* it
'credentials_cookie_auth' (having moved the real one aside), do the
skins work? You will of course need to register the plugin in the
appropriate places, and unregister the cookie one.
Tres.
- --
==
uth'
CookieCrumbler (which is what is "stealing" your Unauthorized). That
should allow your plugins to handle the process correctly.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECT
ort yet for configuring the
list of interfaces.
We could probably cut a 1.2 beta from the trunk right away. We might
also need to look at:
http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/
Tres.
- --
=======
Tres
plugin (which is what PAU does, actually, I think). I don't see
that making PAS a hyper-generic intermediary is a win for this problem.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladi
an LDAP store) might not allow it.
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>Within a single PAS, it is an error to have two principals with the same
>>ID; otherwise you will end up granting permissions inappropriately. If
>>you have plug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>We aren't "enforcing" anything: the plugin can't fulfill its own
>>contract (in this case, to return a list of (id, title) tuples) if the
>>
ue. Asserts happen outside of debug mode unless
> you've compiled somehow to .pyo's.
Running in production without -O? Surely nobody would do *that*, would
they? But you are right, this is not the same as turning off Zope's
debug-mode.
Tres.
- --
=====
n( info ) == 0:
> title = '<%s: not found>' % k
> else:
> title = info[0].get( 'title', k )
> result.append( ( k, title ) )
>
> return result
Tres.
- --
=
this to be the default behavior but you
> should be able to override it.
Group -> role bindings *are* likely to be the domain of the user folder,
whether LDAP-based or not.
Tres.
- --
===
Tres Seaver +1 202-558-7113
extractCredentials stuff will then need to pick off whatever values
are needed from the URL passed from server.com, and somehow arrange to
persist them (e.g., in the session) for future requests.
Tres.
- --
===
Tres Seaver
#x27;zopeadmin'; this assumes that your user source (a ZODBUserManager?)
uses the prefix, 'auth'. If you show 'user/getId', is it 'auth_zopeadmin'?
Tres.
- --
===
Tres Seaver +1 202-558-7113
o try: enable VerboseSecurity ('verbose-security on' in your
zope.conf file), and retry -- it may give you more information about the
specific reason for the Unauthorized exception.
Tres.
- --
===
Tres Seaver +1
Given that 2.7 is now almost two
releases back, keeping BBB code around for its benefit on the trunk of
PAS seems questionable (the "BBB" there is actually for 2.8-ish Zopes).
If you want to work out a patch which would keep it compatible with
2.7, we could incorporate it, but it is n
envision populating those registries via ZCML?
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Versio
echanisms" are supposed to kick in even if all the
plugins are hosed up (using the DumbHTTPExtractor and the
EmergencyUserAuthenticator; are you saying that you can get the site
into a state where the emergency user cannot repair it?
Tres.
- --
=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sidnei da Silva wrote:
> On Sat, Nov 05, 2005 at 03:00:28PM -0500, Tres Seaver wrote:
> | I hope to get the "standard" plugins exportable / importable shortly, so
> | that you will be able to "snapshot" your PAS configu
don't know of any in particular. The collector:
http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/
has a relatively small set of open bugs; we could work on driving that
down as part of a 1.2 release process.
Tres.
- --
exception of the GRUF-migration code (I think).
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using
ser, I think we *should* tell the test framework to handle errors,
which converts the Unauthorized traceback to an HTTP 401.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excelle
t; TypeError: iteration over non-sequence
>
> Anyone sees the same problem?
Nope. I did fix an unrelated glitch in the testcase just now, but the
head doesn't show that error (it *does* spew a bunch of "The following
test left garbage:" warnings.
Note that I am not usi
rder at the
> cookie crumbler approach?
Nope. If you are going to drink the PAS koolaid, you might as well go
all the way. ;)
Tres.
- --
=======
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "
ace but extending it (which is the pattern's intent).
Tres.
- --
=======
Tres Seaver[EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
-BEGIN PGP SIGNATURE-
88 matches
Mail list logo
