-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/auther via cmd option #162
Feature/auther via cmd option #162
Conversation
@@ -235,7 +243,7 @@ def main(argv=None): | |||
c.password_file = v | |||
elif k in ("-o", "--overwrite"): | |||
c.overwrite = True | |||
elif k in ("--hash-algo"): | |||
elif k == "--hash-algo": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason of this change is that -h
was not working due to the fact that ("--hash-algo")
is equivalent to "--hash-algo"
which contains `"-h"``.
Thank you for the fix, and apologies for the long response time. |
try: | ||
mod, _, func = v.rpartition(".") | ||
if mod: | ||
c.auther = getattr(importlib.import_module(mod), func) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using importlib is an indicator that you need an extension mechanism; *setuptools8 provide an excellent such mechanism through the entry_points
.
I prefer to leave this commit to wait until we introduce "plugins."
I need ability for more granular authentication: basically ability to have read-only users and also read+write (upload) users. That afaik is not possible currently. Can we start an issue to design the first version of an authentication interface & plugin mechanism that would allow to satisfy what @sakurai-youhei needs and also support more granular user-permission handling? I think using ABCs and matching entrypoints (by name) would work well. Or is the basic plugin implementation mechanism something that still needs more thought? |
We have yet to decide on the plugin implementation details. An issue like
you describe might help us to work through those details, but especially
with the US holidays coming up and it being a busy time of year trying to
get things done prior to that, I cannot guarantee immediate action.
That being said, in the meantime there are other ways of doing what you
describe. For example, if you reverse proxy to pypiserver using nginx, you
can use differential password authentication on different server locations
and http methods, allowing you to handle authentication one layer up from
pypiserver as it were.
…On Sat, Dec 2, 2017 at 6:32 AM Petri Savolainen ***@***.***> wrote:
I need ability for more granular authentication: basically ability to have
read-only users and also read+write (upload) users. That afaik is not
possible currently.
Can we start an issue to design the first version of an authentication
plugin that would allow to satisfy what @sakurai-youhei
<https://github.com/sakurai-youhei> needs and also support more granular
user-permission handling? I think using ABCs and matching entrypoints (by
name) would work well. Or is the basic plugin implementation mechanism
something that still needs more thought?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#162 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGcI4X1XwoRdjNitwSqcomd4HTCF3Xjfks5s8UNkgaJpZM4KEniF>
.
|
Because I'd like to use pypiserver with own auth provider via
python -m pypiserver
, I had motivation to introduce new command line option named--auther
. FYI: I also fixed small problems eventually brought to me when preparing this pull-request.