Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #1665 (closed defect: fixed)

Opened 11 years ago

Last modified 10 years ago

Port Identity to TG2

Reported by: mramm Owned by: khorn
Priority: normal Milestone:
Component: TurboGears Version: trunk
Severity: normal Keywords:
Cc:

Description

The port need not be 100% direct. For example, I think we should consider using beaker sessions rather than a visit class. This will simplify the datamodel, and should make login-session managment easier.

Change History

comment:1 Changed 11 years ago by mramm

Here's some an interesting code snipit, which will help whoever works on this ticket to get started:

from pylons.controllers.util import abort
from pylons.controllers.objectdispatch import iscontroller
from tg import expose
import inspect


def walk_controller(root_class, controller):
    if hasattr(controller, 'lookup'):
        lookup = controller.lookup
        @expose()
        def new_lookup(*args, **kwargs):
            root_class._perform_validation()
            return lookup(*args, **kwargs)
        controller.lookup = new_lookup

    for name, value in inspect.getmembers(controller):
        if inspect.ismethod(value):
            if iscontroller(value):
                value.decoration.hooks['before_call'].append(
                    root_class._perform_validation
                )
        elif hasattr(value, '__class__'):
            if name.startswith('__') and name.endswith('__'): continue
            walk_controller(root_class, value)


class SecuredControllerMeta(type):
    def __init__(cls, name, bases, dict_):
        walk_controller(cls, cls)


class SecuredController(object):
    __metaclass__ = SecuredControllerMeta

    @classmethod
    def check_permissions(cls):
        return True

    @classmethod
    def _perform_validation(cls, *args, **kwargs):
        if not cls.check_permissions():
            abort(401, 'Unauthorized')

This shows how you might implement TG1's secured controller mechanism in a TG2 context. Secured Controllers would have to overide check_permissions with something that returns true-false. We may want to give people some helpers for writing check_permissions methods so they can use a syntax more like TG1.

Porting the require() decorator would also be nice.

comment:2 Changed 11 years ago by mramm

WSGI Middleware to investigate:

 http://lukearno.com/projects/barrel/  http://pypi.python.org/pypi/wsgiauth/  http://authkit.org/

There may be more, but the key is that we need something that we can try to push as a standard for Pylons, TurboGears2, etc. If we have to we can write our own, and I have a template for doing this, but I'd rather use something that exists if we can ;)

comment:3 Changed 11 years ago by mramm

  • Milestone changed from 2.0 to 2.0-preview

comment:4 Changed 11 years ago by khorn

  • Owner changed from anonymous to khorn

investigating...

comment:5 Changed 11 years ago by khorn

holding off on this until #1691 is resolved

dealing with exceptions (HTTPUnauthorized, etc.) isn't working right nowwithout crashing the app, which makes handling authentication really, really ugly

comment:6 Changed 11 years ago by khorn

quick update:

I'm developing a separate package called Authority to handle identity's job for TG2.

The package should work in at least Pylons and TurboGears, but hopefully it will eventually become more framework-agnostic.

The API will be very, very similar to identity's API.

Very basic functionality is currently in place. Hoping to have a working prototype in a couple of weeks (by PyCon?).

I'm leaving this ticket open until at least the @require functionality provided by identity is fully available.

comment:7 Changed 11 years ago by khorn

forgot to mention: the Authority site is here:  http://code.google.com/p/authority

Also, I didn't mean to hog the credit: several others are also contributing code, tests, etc.

comment:8 Changed 11 years ago by mramm

  • Status changed from new to closed
  • Resolution set to fixed

Florents tgrepozewho project seems to do everything we need. It just needs to be added to the requirements, and documented.

comment:9 Changed 10 years ago by anonymous

  • Milestone 2.0-preview-1 deleted

Milestone 2.0-preview-1 deleted

Note: See TracTickets for help on using tickets.