user login session with PyQt

1,734 views
Skip to first unread message

Panupat Chongstitwattana

unread,
Dec 28, 2011, 2:44:36 AM12/28/11
to python_in...@googlegroups.com
Sorry if this is not directly a Maya question.

For my current project I'm making PyQt GUI to be used in Maya. One of
my requirement is that users need to login with username and password
first.

After authenticating the account, I'm not sure how I can store the
session. I tried Cookie.Simplecookie but I guess it doesn't wok
because the GUI is not running through HTTP.

Any suggestion appreciate.

Justin Israel

unread,
Dec 28, 2011, 11:52:53 PM12/28/11
to python_in...@googlegroups.com
How are you authenticating? LDAP? Another dedicated server?
Do you really need something as formal as an http session when you can just keep
a dictionary of properties on your app? Its not really the same as a web interface where
the pages can refresh and the concept of sessions need to maintain state with the server.
Your entire state can be kept right where on the application itself.

How much security do you need? For instance, I have an app at work that sets
the interface to either READ or EDIT mode depending on the group the current
user is in, in the LDAP. So when the app starts, I check their login against LDAP, and
if they are a Lead then they have EDIT mode. When the widgets load, they can check
for that value and control the read-only state of the forms.

In terms of the equivalent of an http session, that would mean you want to keep a session
key locally only, and all properties are actually kept on a server that is not directly visable
by the client. Each action would have to provide the session key to the server, and then
the server would deliver some form of content. I dont know if it makes sense in a desktop
application though. Auth once and store the state locally I think.

> --
> view archives: http://groups.google.com/group/python_inside_maya
> change your subscription settings: http://groups.google.com/group/python_inside_maya/subscribe

Panupat Chongstitwattana

unread,
Dec 29, 2011, 2:22:46 AM12/29/11
to python_in...@googlegroups.com
Hi Justin,

I was instructed to store the use's login and password in postgresql,
separate from LDAP account along with a separate set of permission
settings. I'm only planning to do a simple login and encrypted
password comparison here. Coming from PHP, cookies and online session
are the only ways I'm familiar with :(

So if I store the login data within the app itself as a
variable/dictionary, it will be available as long as the GUI is still
opened? If the user close the GUI and run it back again this variable
will be reset?

Pierre A

unread,
Dec 29, 2011, 9:10:58 AM12/29/11
to python_in...@googlegroups.com
I don't know exactly what you are trying to achieve, but when I see session and python in the same sentence, beaker comes to mind.
I've only used it with wsgi apps, but the doc says that it works with stand alone applications.

For authentication and authorization, you could have a look at repoze.who ( http://docs.repoze.org/who/2.0/ ), but it's aimed for wsgi applications.

Erkan Özgür Yılmaz

unread,
Dec 29, 2011, 10:57:23 AM12/29/11
to python_in...@googlegroups.com
I'm using Beaker also to store the logged in user id in a cookie, which is a user id retrieved from the database. But the security is not my first priority and I'm not very familiar with sessions as they are used in web applications.

Basically what I do is, authenticate the user and store the authenticated user id in a cookie.

you can look at my authentication module in:

http://code.google.com/p/stalker/

it is not a finished project, so it may not work as expected...

E.Ozgur Yilmaz
Lead Technical Director
eoyilmaz.blogspot.com



--

Justin Israel

unread,
Dec 29, 2011, 11:05:48 AM12/29/11
to python_in...@googlegroups.com, python_in...@googlegroups.com
This is all overkill. I dont see why you need fancy 3rd party frameworks for a non http/web app. 
You wouldnt store the users login info locally. You would perform the auth against postgres or ldap or any type of server that has the users. If the user passes the auth you can use a QSettings instance in pyqt to store a persistent arbitrary amount of preferences for the user. At that point its up to you if you want to store simply a session key that can be used to check out the real prefs from postgres. And maybe that session key has a TTL so it can expire. Or not. That would be the closest to an http session i think. All these other frameworks are for http requests. But with your pyqt app you have a database driver talking live to postgres. There are no requests.  
QSettings creates appropriate property files for different operating systems in the right user location. I think it will solve your issue. 
The steps in a nutshell are:
User loads pyqt app
Load the QSettings object and check for a session key
If session key, is it still valid in db? If so, get prefs from db
If not, ask for user and password and validate on db. 
Generate a new session key and store in QSettings and prefs on db
--

Panupat Chongstitwattana

unread,
Dec 30, 2011, 10:52:33 AM12/30/11
to python_in...@googlegroups.com
Justin, QSettings looks great. Wow so much to learn about Python :O

At the moment I'm implementing a method similar to cookie but using
SQLite to store the session ID locally instead. Other information will
be stored server side using this same session ID as reference. For my
current skill level I guess this is not too bad...

Thanks for suggestions and happy new year everyone :)

best regard,
Panupat C.

Reply all
Reply to author
Forward
0 new messages