[okfn-help] Bibliographica ticket #76 OpenID login and API keys

Sat Jun 26 01:11:13 UTC 2010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16 Jun 2010, at 10:20, Graham Higgins wrote:

> Floating a kite for addressing most of #76 (adding OpenID login and  
> API keys) and showing a functioning candidate solution.

I have stripped out the excess baggage:

http://bitbucket.org/gjhiggins/openbiblio-dev/changeset/57b9889052de

But the resulting changeset is still chunky enough to overspill the  
standard bitbucket changeset display. The component elements are:

An Identity model
=================
Expressed in SQLAlchemy declarative_base --- a simple and direct way  
of expressing data entities. The pertinent modelled attributes of a  
User are described in a reasonably straightforward manner:

{{{
class User(Base):
"""
Basic User definition. Probably would want additional
attributes."""
user_id = Column(Integer, autoincrement=True, primary_key=True)
displayname = Column(Unicode(255))
email = Column(String(255))
gender = Column(String(1))
timezone = Column(String(12))
password = Column(String(80))
active = Column(Boolean(), default=False)
created = Column(DateTime(), default=datetime.datetime.utcnow())
last_login = Column(DateTime(), default=datetime.datetime.utcnow())
}}}

(The "gender" attribute isn't currently being used and it is ripe for  
being exchanged for something more pertinent.)

Users can be assigned to membership of one or more Groups;  
correspondingly, Groups are composed of Users.

{{{
class Group(Base)
"""An ultra-simple group definition."""
group_id = Column(Integer, autoincrement=True, primary_key=True)
name = Column(Unicode(16), unique=True)
description = Column(Unicode(255))
active = Column(Boolean(), default=False)
created = Column(DateTime(), default=datetime.datetime.utcnow())
}}}

Groups can be assigned arbitrary Permissions that authorise the  
GroupMember to (e.g.) apply one of the standard Create/Read/Update/ 
Delete operations to some URL-identified resource.

{{{
class Permission(Base):
"""A relationship that determines what each Group can do"""
permission_id = Column(Integer, autoincrement=True, primary_key=True)
name = Column(Unicode(16), unique=True)
description = Column(Unicode(255))
}}}

Web UI forms for user-managed accounts
======================================

A set of i18n-ready, toscawidgets-driven web-UI forms (plus a set of  
associated input validation schemas) allowing users to act directly on  
the identity model and offering:
a) user registration, mediated by email confirmation
b) user login --- by username+pwd or OpenID
c) an email-mediated password reset facility
d) a facility to associate multiple OpenID identities
    with an existing account

Dependencies on pytz, Babel and toscawidgets are introduced and the  
language/timezone handling function in lib/base.py has been casually  
altered to allow for the existing requirement of rendering genshi  
templates.

It would benefit from additional tests, which I will add in due course.

I intend to make available a publicly-accessible installation so that  
people can kick the tyres.

- - - - - --
Cheers,

Graham

http://www.linkedin.com/in/ghiggins

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkwlU7IACgkQOsmLt1NhivxJ+ACeJHF9hi2Re1opjZAKshkis/3M
8TkAn2Zr1Hh5iPU6grEODl7Py/z39dK+iQCVAgUBTCVTslnrWVZ7aXD1AQKW0gP9
HNdZyjw/CE8dwJWkVH8ku+TncjHtuL8JfhVEhZT0WDzXO2xwBv34f1IhNaOvTn4G
BDo+so5D9ByAaQwoK+3gxzvj/Mpxxj2edtsLk+CIWuI5lcJd+OnxSNt6zzxPGSFO
saH7ZuYssSuz9DaoUSJs4sKfq8QH2G9cOoqHtmWo24M=
=5EKg
-----END PGP SIGNATURE-----