{ "info": { "author": "Zest Software", "author_email": "info@zestsoftware.nl", "bugtrack_url": null, "classifiers": [ "Framework :: Plone", "Framework :: Plone :: 3.3", "Framework :: Plone :: 4.0", "Framework :: Plone :: 4.1", "Framework :: Plone :: 4.2", "Framework :: Plone :: 4.3", "Intended Audience :: Developers", "License :: OSI Approved :: GNU General Public License (GPL)" ], "description": ".. contents::\n\nChangelog for pas.plugins.aselect\n=================================\n\n\n1.5 (2012-10-14)\n----------------\n\n- Moved to https://github.com/zestsoftware/pas.plugins.aselect\n [maurits]\n\n\n1.4 (2011-08-22)\n----------------\n\n- Made tests a bit less likely to fail when config defaults have\n changed (like in a monkey patch in a client package).\n [maurits]\n\n\n1.3 (2011-01-24)\n----------------\n\n- Moved to Plone collective. First public release.\n [maurits]\n\n- Fixed tests after recent addition of the UPDATE_EXISTING_USERS\n config option (default: False).\n [maurits]\n\n\n1.2 (2010-08-30)\n----------------\n\n- Added locales for one translation.\n [maurits]\n\n- On the @@aselect-login page, if no user has been created because he\n could belong to multiple groups, show options for the user to choose\n a group to join.\n [maurits]\n\n- Added config option GROUP_ATTRIBUTE, with default\n 'nlEduPersonHomeOrganizationId'\n [maurits]\n\n- Added two config options: MUST_HAVE_GROUP and\n MUST_HAVE_EXACTLY_ONE_GROUP, both by default True. Using these\n default settings, we refuse to create and authenticate a user when\n we cannot extract exactly one group from the credentials.\n [maurits]\n\n- Added config option NOT_ACCEPTED_USERS and compare the given name of\n the credentials with this black list. We do not authenticate a\n blacklisted user.\n [maurits]\n\n- Renamed the ALWAYS_UPDATE configuration option to the clearer\n UPDATE_AUTHENTICATED_USER.\n [maurits]\n\n- Renamed the EXTRACT_ALWAYS configuration option to the clearer\n EXTRACT_ON_ALL_PATHS.\n [maurits]\n\n- Change config.UPDATE_ALWAYS to True, so we always update the user\n properties and group settings, as we by default just react on the\n aselect-login page and testcookies page anyway.\n [maurits]\n\n- When we do not know a last name, add the first part of the email to\n the fullname instead (if that is known).\n [maurits]\n\n\n1.1 (2010-08-25)\n----------------\n\n- Allow calling @@aselect-login?noredirect=1 to stay on the\n @@aselect-login page instead of being redirected to the Plone Site\n root. This should make it easier to inspect cookies.\n [maurits]\n\n\n1.0 (2010-08-19)\n----------------\n\n- Do not always extract and authenticate credentials, but only when on\n certain paths, like testcookies and aselect-login.\n [maurits]\n\n- Added aselect-login page that simply redirects to the Plone Site\n root. Define this as a protected app in the (Apache) A-Select\n module and you should be good to go.\n [maurits]\n\n- If the nlEduPersonHomeOrganizationId (presumably a BRIN code)\n matches a group id, we add the user to that group during\n authentication.\n [maurits]\n\n- Only deal with the aselectattributes cookie, not any others.\n [maurits]\n\n- First release, based on some old customer code.\n [maurits]\n\n\nPAS plugin for A-Select integration\n===================================\n\n`A-Select`_ (Dutch only) in combination with the \"licentiekantoor\"\n(\"license office\"), is a full authentication/authorization\nsolution. It can be compared a bit to openid: with the addition of\nauthorization.\n\nBasic premise: the already-available apache configuration handles the\ncommunication with aselect and ensures that the aselect cookies that we get\nare genuine. So the PAS plugin only has to deal with the cookie contents.\n\n.. _`A-Select`: http://entree.kennisnet.nl/\n\n\nPAS functionality\n-----------------\n\nThis plugin does extraction and authentication:\n\n* Extract credentials from the ``aselectattributes`` cookie: the user\n id and member data, like fullname, email address, organization id\n (BRIN code).\n\n* Authenticate credentials: create or update a member object based on\n the extracted credentials and authenticate this user.\n\n* If the organization id matches the id of an existing group, we add\n this user to that group. Note that groups are never removed again.\n\n\nNote on performance and up-to-date-ness\n---------------------------------------\n\nWe could check for changes in the user properties or the groups based\non the cookie on each request. But each request does not only mean\nonce for each page, but also once for each css, javascript or image\nfile. This might be bad for performance (though it is probably\ndoable).\n\nSo, our solution is to only extract aselect info on certain paths; by\ndefault this done on the `@@aselect-login' path and the\n`@@testcookies`` path. Alternatively you may choose to never update\nthe aselect info for users that already have an\nauthentication cookie (__ac) from plone.session. A logout should be\nenough to reset the plone.session cookie, which should trigger a\nrenewed automatic login plus getting the property updates, because the\nA-Select cookie should still be available.\n\nThat is the default behaviour. In ``config.py`` you can change several\nsettings (in a patch in an own package) if you do not like the\ndefaults and are aware of the effects on performance and\nup-to-date-ness. Note that the ``config.py`` is reasonably well\ncommented, so if you are a programmer you may want to have a look at that.\n\nAlternatively, we might want to do something smart, like remembering\nthe cookiestring somewhere and only trying an update if there is a\nchange in that string.\n\n\nUsage\n-----\n\nTested with Plone 3.3.5. Add ``pas.plugins.aselect`` to the eggs\nparameter of your instance section in buildout.cfg. Rerun buildout,\nstart your instance, and install the plugin through 'Add/Remove\nProducts' in the Site Setup. The only thing the install code does, is\nadd the plugin to acl_users, activate it for the required plugin\ninterfaces, and make sure it is the first plugin listed for those\ninterfaces (the order might not be that important actually, see\nabove). So if wanted, you could do that manually.\n\n\nNote that in the README.txt within the pas/plugins/aselect directory,\nthere is an extensive doctest. It probably works better as test than\nas documentation, so it is not included on the PyPI page.\n\n\nCredits\n=======\n\n- Guido Wesdorp\n- Joris Slob\n- Maurits van Rees\n- Reinout van Rees\n\nIcon was taken from http://www.famfamfam.com/lab/icons/", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/zestsoftware/pas.plugins.aselect", "keywords": "", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "pas.plugins.aselect", "package_url": "https://pypi.org/project/pas.plugins.aselect/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/pas.plugins.aselect/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/zestsoftware/pas.plugins.aselect" }, "release_url": "https://pypi.org/project/pas.plugins.aselect/1.5/", "requires_dist": null, "requires_python": null, "summary": "PAS Plugin for authentication with A-Select", "version": "1.5" }, "last_serial": 747653, "releases": { "1.3": [ { "comment_text": "", "digests": { "md5": "b51a27e04202144824c97bd57429ead1", "sha256": "197a75d0e3ecc5aba8e64c6d03a4a6c7d1ad19b74e9816584fec886d54d0c07c" }, "downloads": -1, "filename": "pas.plugins.aselect-1.3.zip", "has_sig": false, "md5_digest": "b51a27e04202144824c97bd57429ead1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 51593, "upload_time": "2011-01-24T14:49:30", "url": "https://files.pythonhosted.org/packages/1c/d3/41844b831f9c00d2a529a6baeeb452cd646bccb95158a7f3c7c15f2f0944/pas.plugins.aselect-1.3.zip" } ], "1.4": [ { "comment_text": "", "digests": { "md5": "48d00af006b533cef1d9ef463cddd7f7", "sha256": "b6f5355373b0d6b60cf8c6e5e1f1eaf943fbff1059ddf1b07ec7f05168fb3072" }, "downloads": -1, "filename": "pas.plugins.aselect-1.4.zip", "has_sig": false, "md5_digest": "48d00af006b533cef1d9ef463cddd7f7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 51808, "upload_time": "2011-08-22T17:16:49", "url": "https://files.pythonhosted.org/packages/50/8e/903439e0f8ee1af98ec4b5a44f70e693bc0695760e7499f07baad49808ab/pas.plugins.aselect-1.4.zip" } ], "1.5": [ { "comment_text": "", "digests": { "md5": "b443de7e220cf0a6d1fb8d8918023312", "sha256": "ce1d69e9f4712920f8eee38839c03892a5e43f7d895492c3ed6ab6007113844b" }, "downloads": -1, "filename": "pas.plugins.aselect-1.5.zip", "has_sig": false, "md5_digest": "b443de7e220cf0a6d1fb8d8918023312", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 55501, "upload_time": "2012-10-14T01:44:07", "url": "https://files.pythonhosted.org/packages/1b/c3/d8fa73a34503fa90ac940cf6fe86d7ea81b2fd7d7d09fa99a4e640a39270/pas.plugins.aselect-1.5.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b443de7e220cf0a6d1fb8d8918023312", "sha256": "ce1d69e9f4712920f8eee38839c03892a5e43f7d895492c3ed6ab6007113844b" }, "downloads": -1, "filename": "pas.plugins.aselect-1.5.zip", "has_sig": false, "md5_digest": "b443de7e220cf0a6d1fb8d8918023312", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 55501, "upload_time": "2012-10-14T01:44:07", "url": "https://files.pythonhosted.org/packages/1b/c3/d8fa73a34503fa90ac940cf6fe86d7ea81b2fd7d7d09fa99a4e640a39270/pas.plugins.aselect-1.5.zip" } ] }