Re: [pgsql-www] Google signin
| От | Magnus Hagander |
|---|---|
| Тема | Re: [pgsql-www] Google signin |
| Дата | |
| Msg-id | CABUevEwfQk5DD=MUH-898CAj1BmrYQHL6Zk7EfFiMTij4T=CHw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [pgsql-www] Google signin (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: [pgsql-www] Google signin
(Stephen Frost <sfrost@snowman.net>)
|
| Список | pgsql-www |
On Fri, Aug 11, 2017 at 5:15 PM, Stephen Frost <sfrost@snowman.net> wrote:
Magnus,
* Magnus Hagander (magnus@hagander.net) wrote:
> On Thu, Jul 13, 2017 at 9:18 PM, Magnus Hagander <magnus@hagander.net>
> wrote:
> > On Wed, Jul 12, 2017 at 4:37 PM, Magnus Hagander <magnus@hagander.net>
> > wrote:
> > So to show it in more detail, here is an example of the workflow of my
> > prototype: https://www.hagander.net/tmp/flow.ogv
>
> So here is the code the way it currently looks.
>
> Comments on the workflow and/or the code?
>
> Is this something we *want*? I definitely think so, as it will simplify
> things for a lot of casual users. In particular users who are on some of
> our third party systems, such as conference attendees or the new
> mailinglist system.
I'm 110% in favor of getting this going, as one of the individuals who
runs one of those third party systems..
> diff --git a/pgweb/account/forms.py b/pgweb/account/forms.py
> index 75297b1..a8ab584 100644
> --- a/pgweb/account/forms.py
> +++ b/pgweb/account/forms.py
> @@ -12,6 +12,17 @@ from recaptcha import ReCaptchaField
> import logging
> log = logging.getLogger(__name__)
>
> +def _clean_username(username):
> + username = username.lower()
> +
> + if not re.match('^[a-z0-9\.-]+$', username):
> + raise forms.ValidationError("Invalid character in user name. Only a-z, 0-9, . and - allowed for compatibility with third party software.")
> + try:
> + User.objects.get(username=username)
> + except User.DoesNotExist:
> + return username
> + raise forms.ValidationError("This username is already in use")
We should really have a DB constraint which enforces uniqueness on
lower(username), imv, and perhaps try to proactively do something about
accounts which have invalid characters, but that's a different
discussion.
I could've sworn we had a constraint on the lowercase part. It must be in a different one of our systems though, because I can't see it in this one..
> +# Github login
> +# Registration: https://github.com/settings/developers
> +#
> +def oauth_login_github(request):
> + def _github_auth_data(oa):
> + # Github just returns full name, so we're just going to have to
> + # split that.
> + r = oa.get('https://api.github.com/user').json()
> + n = r['name'].split(None, 1)
This split full-name is just what we pre-populate the form for the user
with, right? They have the opportunity to fix it before the account is
created, if they want, and if they do change it, it's not going to
impact anything downstream?
Yes. And once the account is created they can keep changing it if they got it wrong. It'll automatically populate the downstream authentication systems once they log in there.
> +# The value we store in user.password for oauth logins. This is
> +# a value that must not match any hashers.
Shouldn't that be "hashes", not "hashers"?
No, it's actually referring to "hashers" which is what the different django hashing implementations are called.
> + # Don't allow users whos accounts were created via oauth to change
> + # their email, since that would kill the connection between the
> + # accounts.
That would be "whose", I believe.
Sure :)
Also, just another reason that we should be thinking about how to
support multiple email addresses associated with a single account..
That's a whole different effort though.
Yes, let's avoid that level of feature creep...
> + if form.is_valid():
> + log.info("Creating user for {0} from {1} from oauth signin of email {2}".format(form.cleaned_data['username'], get_client_ip(request), request.session['oauth_email'] ))
I assume this 'is_valid()' call verifies that the username is valid
(doesn't contain any invalid characters) through calling the
"clean_username" stuff?
Yes.
> + form = SignupOauthForm(initial={
> + 'username': request.session['oauth_email'].replace('@', '.'),
> + 'email': request.session['oauth_email'],
> + 'first_name': request.session['oauth_firstname'],
> + 'last_name': request.session['oauth_lastname'],
> + })
Given that we're offering to do this, I almost wonder if we should just
automatically do it rather than making them jump through the extra
hoop.. That would have to be after we figure out a way to have accounts
support multiple email addresses tho.
We need them to pick a username, that's why we need an extra form to be filled out. We could remove the name part of it to make it even simpler, and have them change that after the fact, but I'm not sure that actually simplifies things that much.
We could get away with that if we could use the email address as the username, but that breaks with mediawiki at least.
> +<p>
> + If you with so sign up for a new account, please select a username
> + and verify the other details:
> +</p>
Should be "wish to" ?
Yup.
The rest of it looks good to me. Would love to get this implemented
sooner rather than later...
Thanks!
//Magnus
В списке pgsql-www по дате отправления:
Предыдущее
От: Magnus HaganderДата:
Сообщение: Re: [pgsql-www] Quick fix to the french translation URL
Следующее
От: Guillaume LelargeДата:
Сообщение: Re: [pgsql-www] Quick fix to the french translation URL