[Zope3-dev] HEADS UP: PAU (pluggable authentication) users

Jim Fulton jim at zope.com
Tue Mar 29 17:48:50 EST 2005 

Garrett Smith wrote:
> Jim Fulton wrote:
> 
>>Garrett Smith wrote:
>>
>>>Jim Fulton wrote:
>>>
>>>
>>>>Garrett Smith wrote:
>>>>
>>>>
>>>>>Later today I'm going to checkin a major refactor of the pluggable
>>>>>authentication utility. The change greatly simplifies the end-user
>>>>>experience of configuring the PAU and will make custom plugins
>>>>>easier to write.
>>>>
>>>>This introduces IAuthentication2.  This is meant to replace
>>>>IAuthentication eventually.  IAuthentication will be deprecated. 
>>>>The problem is that we now look up IAuthentication2 rather than
>>>>IAuthentication.  This will cause a serious backward compatibility
>>>>problem for people using other authentication utilities.  This will
>>>>be the case for Zope X3.0 installations. that upgrade to X3.1.
>>>>
>>>>I don't think there were ever many auth services.  Perhaps the old
>>>>pluggableauth is the only one we need to worry about.  I suggest we
>>>>do *one of*: 
>>>>
>>>>- Make the old pluggable authentication thing support
>>>>  IAthentication2. Unfortunately, we'd need a database fixup script
>>>>  that converted old IAuthentication registrations to use
>>>>  IAuthentication2.  We may already have code that converts old
>>>>  service registrations to utility registrations. Maybe this code
>>>>could do this too. 
>>>>
>>>>  or
>>>>
>>>>- Change the code that doesn't actually *need* the new logout method
>>>>  to do getUtility with IAuthentication, rather than
>>>>IAuthentication2.
>>>
>>>
>>>The downside to option two is that there are a number of such places
>>>and the BBB code starts to look like TODOs.
>>
>>I don't follow this.  With this option, places that don't need logout
>>would just use IAuthentication.
> 
> 
> So you wouldn't expect to ever migrate the use of IAuthentication in
> cases where logout wasn't needed?

I'd be happy to do this eventually, but we'd need to give people warning
and a way to migrate.  I don't want to make it impossible for X3.0
users to upgrade.

> If there is a downside to this (not sure there is), it would be
> confusion about when to use which interface.

Yes, which is why it might be best to migrate eventually.

>>>would be nice to have a working example of interface evolution, but
>>>it makes for complicated BBB/TODO management.
>>
>>Yup.
> 
> 
> So you're your leaning toward IAuthentication2 used in cases when we
> only need logout?

I'm not really sure.

Probably the best thing to do is to update pluggableauth to use IAuthentication2
and hope for the best.  This should take care of existing X3.0 installations.

The other problem is 3rd-party tests that create dummy auth utilities.

Hopefully, there aren't many of those (except in my code :).

Jim


-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope3-dev mailing list