Add an authorization mechanism
Reported by ronin-278 (at lighthouseapp) | July 21st, 2008 @ 01:49 PM | in 0.1
Let's give the "public" checkbox some actual meaning =P
Comments and changes to this ticket
-
Simon Rozet July 21st, 2008 @ 03:27 PM
How about OpenID auth only? That way you can simply put a list of authorized OpenIDs and that's it. Plus, I heard that there is a builtin OpenID middleware for Rack.
-
ronin-278 (at lighthouseapp) July 21st, 2008 @ 05:18 PM
Could be. As everything, it's open to discussion =)
As a first approach I was going to drop cschneid's auth module and use http auth. Any plausible/simple approach to support both?
Pros of openid:
- it's openid, it's cool :)
- each person controlling it's user is a good idea from a security standpoint, the server admin only needs to know the url for each user
Pros of http:
- it's already done and we know it works (rack openid most likely works too, but we'll probably need to do some stuff around it to use it)
- we don't have to implement a login form, just saying which actions are protected is enough.
- dead simple flow (openid requires "going there and back again" and keeping some state about if the user is logged in or not, the browser handles this for http)
Thoughts?
-
Simon Rozet July 21st, 2008 @ 09:00 PM
Okay, I vote for HTTP-Auth then. Let's do the simplest thing to work.
We'll see later (or not) if we want to implements OpenID/OAuth.
-
ronin-278 (at lighthouseapp) July 23rd, 2008 @ 10:46 AM
- State changed from “new” to “resolved”
(from [2c3cd0dacb67d7ebb073db0e514b30eb1de7fff0]) Yay! Only public projects are shown by default - you need to login to see the others. Added a login link (that only triggers HTTP auth) [#11 state:resolved]
-
ronin-278 (at lighthouseapp) July 23rd, 2008 @ 10:46 AM
(from [86557be92d5710750dc07af16ced78a3533a2813]) Add actual authorization against constants defined in the config file (see the example config). Move the Auth module to vendor. [#11]
-
ronin-278 (at lighthouseapp) July 23rd, 2008 @ 10:46 AM
(from [04a04a24e5cef707e167be52f4f3ce9a05d1ebdf]) Add HTTP authorization on all 'dangerous' actions [#11]
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Automated continuous integration server that doesn't suck.
Simon Rozet