{ "info": { "author": "Kim Chee Leong", "author_email": "leong at gw20e com", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "Introduction\n============\n\nThe One Time Token PAS allows users to login using a special token. The token\nis generated and can only be used one. This allows members to login without\nsupplying their username and password. You can send an e-mail with the special\nlogin url, so the member can access the portal easily.\n\n\nInstallation\n============\n\nThis product is written for Plone 2.5 but can easily be used for 3.x.\n\n- Install thru the quick installer\n\n- Activate Authentication and Extraction in the OTT plugin, move this plug-in \n to the top.\n\n\nUsage\n=====\n\n1. Generate a token::\n\n tokenTool = getToolByName(self, 'onetimetoken_storage')\n\n token = tokenTool.setToken(userId)\n\n 'http://myplone/@@do_some_nice_stuff?token=%s' % token = token\n\n2. Send url with logincode to user\n\nThe user can use the token only once and it's valid for three weeks. The expiration time\ncan be set in the tool.\n\n\nOr you can generate temporary user and delete it later::\n\n tokenTool = getToolByName(self, 'onetimetoken_storage')\n\n # get token and create temporary user\n token = tokenTool.setToken()\n\n\n # user uses token to do some nice stuff\n 'http://myplone/@@do_some_nice_stuff?token=%s' % token = token\n\n # inside that view\n userid = self.verifyToken(token)\n\n # do some stuff with user (login, get some girls, etc)\n # ...\n\n # delete temporary user\n tokenTool.deleteTemporaryUser(userid)\n \n\nManager's usage\n===============\n\nUsers with Manage portal permission on Plone site root are allowed to login as\nany other user by visiting @@login_as browser view and entering target user\nname. This feature has been taken from niteoweb.loginas package and modified.\n\nSafety\n======\n\nWhy not let users login themselves instead of using this plug-in? In specific \ncases it's usefull to auto-login the user. For example; a member participates in a\nprogram to save energy and keep track of his energy usage. Every month he receives\nan email to auto-login and updates his usage. Another example; a portal is used \nfor informing members of newly published newsletters, these letters aren't public. \nThe member get's a link with auto-login to the newsletter so he can read it.\n\nIt's all about making it easier for the user and there's no obstacle to login. In \nabove cases the members are normal users with no elevated rights. Ofcourse there\ncould be cases where a one time token is not usefull and/or safe.\n\nThe logincode that is included in the url contains the loginname and the token in \nbase64. Every token is a uniquely generated md5 hash of random data and can only be used once. \nIf there's is a succesfull match between the given username, token and the stored token \nwith username you're authenticated. \n\nClearing old tokens\n===================\nOld tokens can be cleared bij calling clearExpired on the token storage. Using crontick \nand cron4plone this job can be automated.\n\nAdd this call in cron4plone: portal/onetimetoken_storage/clearExpired\n\nTodo\n====\n\n- Some doc or unit tests would be nice\n- Control panel for setting expriation time.\n- Checking a member is disabled when generating a token. This is because we had \n performance problems with generating large amounts of keys (> 15,000) and SQL PAS. \n Add this as an option in the control panel.\n\nChangelog\n=========\n\n0.3 - 2013-12-27\n----------------\n\n- fixed Plone 4 install code compatibility [Radim Novotny]\n- subclass all token exceptions with\n Products.OneTimeTokenPAS.config.TokenError [Domen Kozar @ niteoweb]\n- added some tests coverage [Domen Kozar @ niteoweb]\n- added ability to create temporary user when issuing .setToken(). Also added\n .deleteTemporaryUser(userid) method [Domen Kozar @ niteoweb]\n- fixed bug then .clearExpired() will never actually do anything [Domen Kozar @ niteoweb]\n\n0.2 - 2009-10-12\n------------------\n\n- added @@login_as browser view which allows to login as any user. Idea and\n part of code taken from niteoweb.loginas. Thanks!\n [naro]\n\n0.1.1 - 2009-09-02\n------------------\n\n- re-released, added metadata.xml\n\n0.1 - Unreleased\n----------------\n\n* Initial release", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "UNKNOWN", "keywords": "Plone PAS plugin token", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "Products.OneTimeTokenPAS", "package_url": "https://pypi.org/project/Products.OneTimeTokenPAS/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/Products.OneTimeTokenPAS/", "project_urls": { "Download": "UNKNOWN", "Homepage": "UNKNOWN" }, "release_url": "https://pypi.org/project/Products.OneTimeTokenPAS/0.3/", "requires_dist": null, "requires_python": null, "summary": "Login using a token that can be only used once.", "version": "0.3" }, "last_serial": 955293, "releases": { "0.1": [], "0.1.1": [ { "comment_text": "", "digests": { "md5": "c92be73aaf809eba0f2b9f7bae5f3872", "sha256": "e727cae5ca3db0ddd4499af3d80dee2677b80efd72c62bb23bcd80e4c934b6dd" }, "downloads": -1, "filename": "Products.OneTimeTokenPAS-0.1.1.tar.gz", "has_sig": false, "md5_digest": "c92be73aaf809eba0f2b9f7bae5f3872", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9298, "upload_time": "2009-09-02T13:27:38", "url": "https://files.pythonhosted.org/packages/21/eb/1f1b7b8145218c9aeb322b9b5ae1fcbde0f98e540e4e3d624e5c5ec7e56b/Products.OneTimeTokenPAS-0.1.1.tar.gz" } ], "0.1dev-r84263": [ { "comment_text": "", "digests": { "md5": "902e5a897e5864c1920eddab5e8e1a4d", "sha256": "0c83486b01f75b0f1765deaee772c2eec288e65fe9459dfc7d13a7b2833b126b" }, "downloads": -1, "filename": "Products.OneTimeTokenPAS-0.1dev-r84263.tar.gz", "has_sig": false, "md5_digest": "902e5a897e5864c1920eddab5e8e1a4d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8155, "upload_time": "2009-04-15T14:14:00", "url": "https://files.pythonhosted.org/packages/63/aa/3524cb856292a35a1781d21b75cc69d3b10c76acdeaa8464e4b3cb1da986/Products.OneTimeTokenPAS-0.1dev-r84263.tar.gz" } ], "0.2": [ { "comment_text": "", "digests": { "md5": "7145e14f504af7056f3d31a156454de7", "sha256": "41b4b29f69eb1f6ba4f2033e85568655509de34172290cdcdfd68fc5c3765838" }, "downloads": -1, "filename": "Products.OneTimeTokenPAS-0.2.zip", "has_sig": false, "md5_digest": "7145e14f504af7056f3d31a156454de7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18340, "upload_time": "2009-11-05T13:20:15", "url": "https://files.pythonhosted.org/packages/10/3c/f393682a975cb779bf3bb687bb9ba765d23f85d7c6a73874d75eb65df563/Products.OneTimeTokenPAS-0.2.zip" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "2cae33265ef3fdca8d0fbe9f4ad7e523", "sha256": "3c099afe3604effbc83ed98586b60a0ce27f9319bd512f3a0e6e675fab6ee081" }, "downloads": -1, "filename": "Products.OneTimeTokenPAS-0.3.zip", "has_sig": false, "md5_digest": "2cae33265ef3fdca8d0fbe9f4ad7e523", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21022, "upload_time": "2013-12-27T07:14:01", "url": "https://files.pythonhosted.org/packages/1f/69/afb57553ea79a8d37c0f0bfd40e53693280cfcbb621bcd8a03be0045b341/Products.OneTimeTokenPAS-0.3.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2cae33265ef3fdca8d0fbe9f4ad7e523", "sha256": "3c099afe3604effbc83ed98586b60a0ce27f9319bd512f3a0e6e675fab6ee081" }, "downloads": -1, "filename": "Products.OneTimeTokenPAS-0.3.zip", "has_sig": false, "md5_digest": "2cae33265ef3fdca8d0fbe9f4ad7e523", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21022, "upload_time": "2013-12-27T07:14:01", "url": "https://files.pythonhosted.org/packages/1f/69/afb57553ea79a8d37c0f0bfd40e53693280cfcbb621bcd8a03be0045b341/Products.OneTimeTokenPAS-0.3.zip" } ] }