after getting a first TG2 sample app running with authentication, I found out
how tg.ext.repoze.who hooks the identity-stuff into the app.
I also read the repoze.who docs about AuthenticatorPlugins, and I need to make
my own.
Now the question: how to go about this? In tg.ext.repoze.who.middleware I
don't see any hooks that allow me to create my own AuthenticatorPlugin.
So the question is:
- do I actually de-activate identity as provided in TG2, and fully create my
own middleware wrapping, inside <myapp>.config.middleware? This would of
course mean to have quite a bit of boiler-plate inside
tg.ext.repoze.who.middleware doubled.
- is it planned to add some hooks to have most of the boilerplate reused?
Diez (who loves the WSGI-middleware-concept... coming from J2EE and it's
atrocities called Filters...)
> The quick answer is that it depends on how much control you want.
Extremely mucho :)
I should have elaborated a bit more. What I'm after is not a way to
customize the form (for now, I sure need that later), but instead the
way identity & meta-data are looked up. I need to make this based on an
existing XMLRPC-server.
> Most of the finagling you will have to do surrounds
> RedirectingFormPlugin,
> who's source you can find here:
>
> http://repoze.org/viewcvs/repoze.who/trunk/repoze/who/plugins/form.py?rev=944&view=auto
>
> of which you will probably want to modify the "Identify" method. I
> created a hook in the template middleware.py so that you can pass your
> own in. Simply instantiate your own Form plugin class and assign it
> in your app_cfg.py:
>
> of which you will probably want to modify the "Identify" method. I
> created a hook in the template middleware.py so that you can pass your
> in your own:
>
> base_config.sa_auth.form_plugin = MyNewFangledFormPlugin()
>
> I am thinking about providing hooks for other parts of
> make_who_middleware, so let me know if this fancies you.
If my current understanding is correct, I need hooks at least for
Authenticator Plugins
and
Metadata Provider Plugins
and so far these are missing, aren't they? I'm happy to contribute a
patch if you like. If I get TG2 installed from SVN, failed miserably the
last time :)
Diez
Where do I actually find these changes? I looked into
http://svn.turbogears.org/projects/tgrepozewho/trunk/tgrepozewho/
but didn't find it.
Diez
Diez,
you'll find the tgrepoze code there:
http://code.google.com/p/tgtools/
But what you search certainly is located in repoze.who:
http://svn.repoze.org/repoze.who/trunk/
Regards,
Florent.
So is the above repository wrong? Shouldn't it be deleted then - it's
misleading. Or will it be updated in time?
> But what you search certainly is located in repoze.who:
>
> http://svn.repoze.org/repoze.who/trunk/
Nope, it actually was inside the above repository :
However, it's not exactly what I'd thought - having to pass the form-handler
as explicit variable is a bit strange. I can do that of course, but then I
totally have to bypass the code in tg.middleware. Which essentially means I
could as well just create my own wsgi-wrapping.
But there is a pylons.config object passed. I'm a bloody noob regarding
pylons - but why is it that the config parameters are explicitly passed
inside tg.middleware? Wouldn't it make more sense to pass a config and let
the extension decide which variables it actually cares about?
Diez
it has been moved and should be removed totally from turbogears projects svn.
> Nope, it actually was inside the above repository :
>
> http://code.google.com/p/tgtools/source/browse/projects/tg.ext.repoze.who/trunk/tg/ext/repoze/who/middleware.py?r=41#63
Ha! I though you wanted to form implementation. :)
> But there is a pylons.config object passed. I'm a bloody noob regarding
> pylons - but why is it that the config parameters are explicitly passed
> inside tg.middleware? Wouldn't it make more sense to pass a config and let
> the extension decide which variables it actually cares about?
This is perfectly right. There is some coupling in that code that
should be removed by inspecting the app config and then we should be
able to stuff our options in the .ini file under our own identity
section. This is part of the work we need to do to have some really
useable code for tg.ext.repoze.who
Cheers,
Florent.
that is the purpose. I think that once we use this configuration
method Diez will be able to specify his own form easily from config
file. And propose a sane default to be included in tg2's upcoming
release. ;)
Florent.
By now, I'm also beginning to think that this would be better. I think TG2
customization should be more along the lines of e.g. login_handler_urls and
such.
Thanks for all the clarifications!
Next stop: prefixing a TG-application with a given path & fix serving static
content in that case :)
Diez
http://trac.turbogears.org/ticket/1897
Diez
Will do - but it would be cool if you could simply assign me the ticket.
Then I get notified of you wanting me to check something :) Reading this
mail wasn't exactly pure luck - but due to the thread being a couple of
weeks old, it was close to flying below my radar.
Diez