/srv/irclogs.ubuntu.com/2013/11/30/#ubuntu-us-mi.txt

hhyhqyq.01:30
greg-gjrwren: Acer B243PWL01:38
_stink__rick_h_: you implemented your own sessions in bookie, right?  didn't use some other session package?  looking at code now.03:05
rick_h__stink__: well it's in pyramid03:13
rick_h_look for 'remember'03:13
rick_h__stink__: in views/auth.py03:14
_stink__ok yep, just saw that03:14
_stink__trying to digest03:14
_stink__thanks03:14
_stink__so that tells the browser to set a cookie for itself03:15
rick_h__stink__: rgr, adds it to the header03:15
rick_h__stink__: but yea, farmed out to pyramid security03:16
_stink__and ReqAuthorize is what checks for good credentials for whatever view callable needs it?03:17
rick_h_well, request.username is populated by parsing out the header and finding who the user is03:17
rick_h_look in bookie/views/auth.py:03:18
rick_h_errr from bookie.lib.access import RequestWithUserAttribute03:18
rick_h_that thing reads the user back out of the encrypted header, and then the lib/access.py uses a bunch of stuff to figure out if a user is auth'd or not for the given request03:19
rick_h_e.g. your header can't authorize you to delete another user's account03:19
_stink__rick_h_: silly question - how can i tell from the code that the headers sent back (generated by remember(), i think) are encrypted?  i just don't see that in the code.03:26
_stink__i mean i obviously believe you just don't see it to understand it.03:26
rick_h__stink__: so that's pyramid's job and the type of security you use in that. There's a key in the .ini file you use that is the key03:26
rick_h_auth.secret=PLEASECHANGEME03:26
rick_h_http://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/quick_tutorial/authentication.html?highlight=remember%20secret03:28
rick_h__stink__: see the auth policy setup in the bookie/__init__.py03:28
rick_h_http://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/quick_tutorial/authentication.html?highlight=remember%20secret03:28
rick_h_errr crap03:28
rick_h_from pyramid.authentication import AuthTktAuthenticationPolicy03:28
rick_h_from pyramid.authorization import ACLAuthorizationPolicy03:28
_stink__ahhhhhhh great03:28
_stink__ok thanks so much03:28
rick_h__stink__: np, thanks for the refresher :) but yea that built in code takes in the secret and uses it to encrypt so that only the server can decrypt03:29
rick_h_so obiously don't let that get out or people can build their own valid remember headers03:29
_stink__ok cool.  and nothing special about this for API vs. plain old web session use, right?03:29
_stink__i mean they look the same.03:29
rick_h__stink__: yea, just I don't use it to store data really03:30
_stink__right ok03:30
_stink__just valid or not03:30
rick_h_so I've not messed with trying to keep track of extra stuff, it's either "You're a good person" or not03:30
_stink__haha03:30
_stink__wow this is a puzzle of many parts03:38
rick_h__stink__: yea, I had to think a bit to get it figured out again03:39
rick_h_it's the kind of thing you setup once and then don't look at again for a while03:39
rick_h_but be careful, bookie is part pyramid, part custom03:39
_stink__yeah i needed an example badly03:39
rick_h_so not sure it's the best overall example03:39
_stink__that's ok03:39
rick_h_but it does work :/03:39
_stink__hah03:39
* rick_h_ wishes he could rewrite all his code every year to avoid that 'oh wtf was that...hmmm years ago' stuff03:40
_stink__i see that the configurator is told to use RequestWithUserAttribute as request factory.  but i can't tell why user() in RequestWithUserAttribute gets called.03:40
_stink__i think if i understand that i will be in a good place.03:40
rick_h_looking03:40
rick_h_oh! ok, easy. It's that @reify decorator03:41
_stink__does that mean it gets run on instance init and substituted right away?03:41
rick_h_it's a caching decorator that turns request.user into a call to user() at first, and then the cached value after that03:41
_stink__i can't see how user() gets called at all.03:41
rick_h_so anywhere you see request.user, it's hiting that once and then remembering it after that03:41
_stink__OH03:42
_stink__ok03:42
_stink__the attribute is enough03:42
_stink__fantastic03:42
_stink__an explicit call to the method isn't needed03:42
rick_h_https://github.com/Pylons/pyramid/blob/master/pyramid/decorator.py#L103:42
rick_h_yea03:42
_stink__haha, have that one open already03:42
rick_h_it's catching the __get__ (which is called when you do obj.property03:43
_stink__smart.  love it.03:43
_stink__ok, now to sleep and let this soak in.03:45
_stink__thanks again.03:45
rick_h__stink__: cool, let me know if you need a hand or second set of eyes on some code03:46
rick_h_morning14:26
cmaloneyMorning15:08
rick_h_cmaloney: added a show notes doc in the lococast folder fyi15:13
rick_h_cmaloney: sent the link to chris15:13
cmaloneyWoo woo15:23
cmaloneyWe need more people bitching about OSS15:23
cmaloneyThen we can sell ads and make BIG INTERNET MONEY15:23
rick_h_bwuhahahaha15:31
rick_h_cmaloney: did you listen to the last "In Beta" had some good OSS complaining :)15:31
cmaloneyI haven't yet.15:32
jrwrenomg, watching my wife and 6yo play super mario wii is hilarious! its a laurel and hardy routine19:15
jrwreni think i stopped listening to "In Beta" because of low signal to noise19:15
cmaloneyjrwren: You have a Wii or Wii U?19:15
jrwrenold wii19:16
cmaloney(We have the Wii too)19:16
jrwrenyou know how cheap i am, right? :)19:16
cmaloneyI'd send you my friend code but it's not like it does much. :)19:17
cmaloneybbl19:17
jrwrenright.19:21
jrwreni've never really used wii network internet or anything19:21
jrwreni actually forgot that it even had a net connection until someone mentioned it recently.19:21
greg-grick_h_: what 2-3 sentences of info should I know before I buy a cross cut saw (I honestly only have a coping saw, actually two)20:36
greg-ghuh, looked up saws on wikipedia, got this USDA Forest Service book: http://www.fhwa.dot.gov/environment/recreational_trails/publications/fs_publications/04232822/toc.cfm20:36
rick_h_greg-g: you should know the size of the material you're cutting. Are you using bench hooks for cutting. Larger is easier to keep cuts straight and level. I use http://www.badaxetoolworks.com/16-inch-large-tenon-back-saw.html20:46
cmaloneyhttp://www.joyent.com/blog/the-power-of-a-pronoun22:19
cmaloneyI think we're going to have a lot of fodder for tomorrow.22:19
rick_h_heh, I'm staying away from it22:25
rick_h_I'll only get into trouble22:25
cmaloneyNow I'm really going to bring it up. ;)22:29
jrwrenduring our meeting?22:31
cmaloneyDuring lococast.22:54
rick_h_I really like this thing http://antirez.com/news/64 and I asked Erica about it and my wife has set me straight23:46

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!