registration 0.50 released
5 views
Skip to first unread message
Patrick Lewis
Jul 4, 2008, 4:57:55 PM7/4/08
to tg-registration
I've released a new version of the registration templates. Key
changes are:
- easy_install registration works as expected for python 2.4
- lost password mechanism sends a link to a reset page rather than
sending the password in the clear or resetting the password
- pending user's passwords are hashed if the identity provider is
configured to use encrypted passwords
The main change is the how the lost password process. The old way
could allow anyone to 'grief' a user by resetting their password
remotely. It is strongly recommended that people with a policy of
'reset' upgrade to 0.50.
Old way:
You enter your user name in a form, and turbogears either mails you a
new (reset) password or your existing password, depending on your
config preferences.
New (0.50) way:
You enter your user name in a form, and turbogears mails you a link to
form where you can reset your password. Ignoring the email leaves the
existing password as-is.
Thanks to Stéphane Raimbault for pointing out the deficiency.
I'm also putting out an EXPERIMENTAL process for upgrading your
package from 0.4 to 0.50. Please try this on a copy of your project,
and be sure you have a backup.
0) Remember this is EXPERIMENTAL. Don't do this without a backup.
1) easy_install -U registration
2) If you have any register_* files in either the package's main
directory (along with model.py and controllers.py) or the 'templates'
directory, go ahead and delete them all.
rm -rf register_*
3) download a patch for your 0.4 project, depending on whether it is
based on sqlobject[1] or sqlalchemy[2]. Place the patch in the root
directory of your project (i.e. in the directory that contains
setup.py and dev.cfg)
4) In the patch file, replace all instances of 'baseso' (sqlobject) or
'basesa' (sqlalchemy) with the name of your project. If your project's
name is 'myproject' and easy way to do this for an sqlalchemy based
project is (from the command line):
sed -i .original 's/basesa/myproject/g' sa_0_4_to_0_50.patch
5) Apply the patch.
patch -p2 < sa_0_4_to_0_50.patch
In my testing, the patches applied mostly cleanly. The
test_registration.py file had a problem, but It was pretty easy to see
what was going on (a test's location moved pretty dramatically). Feel
free to ignore the test failure. Any other failures, and you are
probably going to have to fix them by hand.
If you run into problems with the release or the upgrade process,
please don't hesitate to post your issues here. Thanks.
[1] http://tg-registration.googlecode.com/files/so_0_4_to_0_50.patch
[2] http://tg-registration.googlecode.com/files/sa_0_4_to_0_50.patch
changes are:
- easy_install registration works as expected for python 2.4
- lost password mechanism sends a link to a reset page rather than
sending the password in the clear or resetting the password
- pending user's passwords are hashed if the identity provider is
configured to use encrypted passwords
The main change is the how the lost password process. The old way
could allow anyone to 'grief' a user by resetting their password
remotely. It is strongly recommended that people with a policy of
'reset' upgrade to 0.50.
Old way:
You enter your user name in a form, and turbogears either mails you a
new (reset) password or your existing password, depending on your
config preferences.
New (0.50) way:
You enter your user name in a form, and turbogears mails you a link to
form where you can reset your password. Ignoring the email leaves the
existing password as-is.
Thanks to Stéphane Raimbault for pointing out the deficiency.
I'm also putting out an EXPERIMENTAL process for upgrading your
package from 0.4 to 0.50. Please try this on a copy of your project,
and be sure you have a backup.
0) Remember this is EXPERIMENTAL. Don't do this without a backup.
1) easy_install -U registration
2) If you have any register_* files in either the package's main
directory (along with model.py and controllers.py) or the 'templates'
directory, go ahead and delete them all.
rm -rf register_*
3) download a patch for your 0.4 project, depending on whether it is
based on sqlobject[1] or sqlalchemy[2]. Place the patch in the root
directory of your project (i.e. in the directory that contains
setup.py and dev.cfg)
4) In the patch file, replace all instances of 'baseso' (sqlobject) or
'basesa' (sqlalchemy) with the name of your project. If your project's
name is 'myproject' and easy way to do this for an sqlalchemy based
project is (from the command line):
sed -i .original 's/basesa/myproject/g' sa_0_4_to_0_50.patch
5) Apply the patch.
patch -p2 < sa_0_4_to_0_50.patch
In my testing, the patches applied mostly cleanly. The
test_registration.py file had a problem, but It was pretty easy to see
what was going on (a test's location moved pretty dramatically). Feel
free to ignore the test failure. Any other failures, and you are
probably going to have to fix them by hand.
If you run into problems with the release or the upgrade process,
please don't hesitate to post your issues here. Thanks.
[1] http://tg-registration.googlecode.com/files/so_0_4_to_0_50.patch
[2] http://tg-registration.googlecode.com/files/sa_0_4_to_0_50.patch
Patrick Lewis
Jul 4, 2008, 5:15:22 PM7/4/08
to tg-registration
On Jul 4, 4:57 pm, Patrick Lewis <patrickhle...@gmail.com> wrote:
> 5) Apply the patch.
>
> patch -p2 < sa_0_4_to_0_50.patch
>
have to add this table to your database. tg-admin shell is the easiest
way to do this.
plewis% tg-admin shell
Python 2.5.1 (r251:54869, Apr 18 2007, 22:08:04)
[GCC 4.0.1 (Apple Computer, Inc. build 5367)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
(CustomShell)
>>> import myproject.registration.model as reg_model
>>> reg_model.create_registration_tables()
Reply all
Reply to author
Forward
0 new messages