New python-fedora and you
Toshio Kuratomi
a.badger at gmail.com
Wed Sep 7 15:11:27 UTC 2011
I've just updated python-fedora on the app servers to 0.3.25. This update
has quite a few changes to the server helpers. For people watching for end
user issues, if someone reports problems with logging in and out of the
turbogears web apps on admin.fedoraproject.org or having their csrf token
cause problems it is possible that the python-fedora update is to blame.
Please let me know if you spot something like that and I'll try to
troubleshoot. (abadger1999 on irc).
For web application developers there have been a few deprecations and
additions.
* The fedora.tg.tg1utils and fedora.tg.tg2utils modules have been
deprecated. tg1 and tg2 have their own hierarchy now: fedora.tg.utils
(for TG1) and fedora.tg2.utils (for tg2).
* The TG2 auth middleware has been reworked a bit. It should no longer log
you out if you don't have a CSRF token. You should be able to regain your
logged in status simply by clicking on a link. Links should have the CSRF
token embedded in them in these instances.
* Additionally, the TG2 fas auth middleware has had its metadata updated so
that it is compatible with the default TG2 auth provider. This should
make it possible to write code that is compatible with both out-of-the-box
TG2 auth and the faswho auth middleware.
* Provisions for testing web applications with the faswho auth provider have
been made and documented. You should now be able to set faswho to use tes
fas servers for authentication. Details of setting this up are in the
updated documentation.
https://fedorahosted.org/releases/p/y/python-fedora/doc/faswho.html#authenticating-against-fas-with-turbogears2
* One last, untested feature is that the CSRF middleware that faswho uses to
protect against CSRF attacks has been made independent of faswho. You
should be able to combine it with other repoze.who auth providers (like
the TG2 default auth provider) to have CSRF protection in your
application. If you are working on an app that should be able to auth
against both fas and some other repoze.who auth source, please feel free
to test this and report any bugs to me. This is a desirable feature and
I want to make it work.
https://fedorahosted.org/releases/p/y/python-fedora/doc/faswho.html#using-csrf-middleware-with-other-auth-methods
* Last but not least, just as we have genshi templates for TG1 for CSRF
enabled login forms and buttons we now have mako templates for TG2 that do
the same. With all the other changes in this release, it shouldn't be
hard to make a TG2 version of the genshi templates if those are needed.
https://fedorahosted.org/releases/p/y/python-fedora/doc/faswho.html#templates
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110907/3f35b929/attachment.bin
More information about the infrastructure
mailing list