TurboGears 2.2 and authentication
54 views
Skip to first unread message
Christoph Zwerschke
Sep 17, 2012, 1:16:34 PM9/17/12
to TurboGears Trunk
While upgrading a project from TG 2.1 to 2.2 I noticed that the
"authenticators" setting (a list of custom authenticators) is handled
differently depending on whether "authmetadata" is defined ("new-style
config") or not ("old style").
In new-style configuration, the default authenticator will not be used
at all when custom authenticators are specified, while in old-style
configuration, the default authenticator will be appended.
I think we should re-establish the old behavior. It often makes sense to
prepend additional authenticators to the default one. Of course, you can
always add the default one manually, but it's cumbersome.
Or, we could make it even more flexible by allowing a value of
('default', None) in the "authenticators" list which will be
automatically replaced by the default authenticator. That way you can
specify exactly the position of the authenticator in the chain. I have
already created a patch for this, let me know what you think.
-- Christoph
"authenticators" setting (a list of custom authenticators) is handled
differently depending on whether "authmetadata" is defined ("new-style
config") or not ("old style").
In new-style configuration, the default authenticator will not be used
at all when custom authenticators are specified, while in old-style
configuration, the default authenticator will be appended.
I think we should re-establish the old behavior. It often makes sense to
prepend additional authenticators to the default one. Of course, you can
always add the default one manually, but it's cumbersome.
Or, we could make it even more flexible by allowing a value of
('default', None) in the "authenticators" list which will be
automatically replaced by the default authenticator. That way you can
specify exactly the position of the authenticator in the chain. I have
already created a patch for this, let me know what you think.
-- Christoph
Alessandro Molina
Sep 17, 2012, 2:54:29 PM9/17/12
to turbogea...@googlegroups.com
I'm for the "None" / "default" way, the change was because it sounded
confusing to have the user write a list of authenticators and end up
having a different one. Also disabling the default authenticator was
more complex than it should have been. Going for the default/None way
would provide the best of the two worlds.
As soon as Michael ends moving things to github I think we can merge
the patch and include it in a future 2.2.1 release.
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears Trunk" group.
> To post to this group, send email to turbogea...@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears-tru...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears-trunk?hl=en.
>
confusing to have the user write a list of authenticators and end up
having a different one. Also disabling the default authenticator was
more complex than it should have been. Going for the default/None way
would provide the best of the two worlds.
As soon as Michael ends moving things to github I think we can merge
the patch and include it in a future 2.2.1 release.
> You received this message because you are subscribed to the Google Groups
> "TurboGears Trunk" group.
> To post to this group, send email to turbogea...@googlegroups.com.
> To unsubscribe from this group, send email to
> turbogears-tru...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/turbogears-trunk?hl=en.
>
Michael Pedersen
Sep 18, 2012, 11:56:31 PM9/18/12
to turbogea...@googlegroups.com
On Mon, Sep 17, 2012 at 2:54 PM, Alessandro Molina
<alessand...@gmail.com> wrote:
> I'm for the "None" / "default" way, the change was because it sounded
> confusing to have the user write a list of authenticators and end up
> having a different one. Also disabling the default authenticator was
> more complex than it should have been. Going for the default/None way
> would provide the best of the two worlds.
>
> As soon as Michael ends moving things to github I think we can merge
> the patch and include it in a future 2.2.1 release.
No need to wait even. The repositories will be copied wholesale, so
<alessand...@gmail.com> wrote:
> I'm for the "None" / "default" way, the change was because it sounded
> confusing to have the user write a list of authenticators and end up
> having a different one. Also disabling the default authenticator was
> more complex than it should have been. Going for the default/None way
> would provide the best of the two worlds.
>
> As soon as Michael ends moving things to github I think we can merge
> the patch and include it in a future 2.2.1 release.
the push can be done whenever. The only things that are being a pain
are the issues themselves, and that just takes time to finish working
through. This week, hopefully.
As for my preference, I like the best of both worlds approach.
--
Michael J. Pedersen
My Online Resume: http://www.icelus.org/ -- Google+ http://plus.ly/pedersen
Google Talk: m.ped...@icelus.org -- Twitter: pedersentg
Christoph Zwerschke
Sep 19, 2012, 4:13:12 AM9/19/12
to turbogea...@googlegroups.com
Am 19.09.2012 05:56, schrieb Michael Pedersen:
> No need to wait even. The repositories will be copied wholesale, so
> the push can be done whenever.
Ok, I'll only have time next week anyway. Will check that in to the
> No need to wait even. The repositories will be copied wholesale, so
> the push can be done whenever.
development branch then and merge it back to the branch-2.2 so it will
go to 2.2.1.
-- Christoph
Reply all
Reply to author
Forward
0 new messages