Opened 10 years ago
Closed 10 years ago
#624 closed enhancement (fixed)
Consider using itsdangerous for mail tokens.
|Reported by:||Elrond||Owned by:|
|Cc:||Christopher Allan Webber||Parent Tickets:|
itsdangerous is an interesting package to use crypto to stop us using local storage for things.
There are two major use cases:
- For verification tokens in the emails.
- For sessions.
the tokens are quite easy. I have a "proof of concept" branch at
elrond/itsdangerous. The sessions aren't too complex either, but need some more thinking and some decisions.
We need to make up our mind: Do we want this?
Note: #580 might be related, because we are considering to drop beaker.
Change History (14)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
|Status:||new → assigned|
Okay, I have reworked my branch (rebased, force updated).
It currently only contains the basic infrastructure for itsdangerous.
This is needed for #668, so please review for merging.
Please do not close after merging, because I still have the itsdangerous based email tokens in a local branch and we likely want those too or should discuss that.
comment:3 by , 10 years ago
So, the elrond + bretts itsdangerous main branch has been merged. I'm passing this back to Elrond; I think the email tokens stuff is next to get this ticket wrapped up.
comment:4 by , 10 years ago
Removing review keyword for now.
comment:5 by , 10 years ago
|Priority:||major → minor|
I have a local, quick and dirty implementation of the email tokens.
If someone (hey, this is quite easy, maybe bitesized?) wants to improve my work (I think, I posted some notes above) and port this for forget password tokens, ping me and I'll post my branch somewhere public (and nicely rebased).
I'm tagging this bitesized, because we could need some bitesized tasks currently.
comment:6 by , 10 years ago
itsdangerous is worked for verifications tokens in emails (register and forgot password), without saving the token in user.verification_key, user.fp_verification_key and user.fp_token_expire fields.
I need to debate with Elrond how implements itsdangerous in sessions.
comment:7 by , 10 years ago
|Status:||assigned → accepted|
We're using this for sessions, but I guess not verification tokens? Should that be its own ticket? Should this be closed out?
comment:8 by , 10 years ago
sessions are done by now!
Where's your work on forget password, etc?
comment:9 by , 10 years ago
I think, this ticket has become the "itsdangerous for mails" ticket. I hope we have another one for the sessions? I thought so?
comment:10 by , 10 years ago
|Summary:||Consider using itsdangerous for some things. → Consider using itsdangerous for mail tokens.|
#624 is about sessions.
comment:11 by , 10 years ago
|Status:||accepted → in_progress|
comment:12 by , 10 years ago
|Status:||in_progress → review|
Forked from the branch in #705
comment:13 by , 10 years ago
When merged can close #107 as well
comment:14 by , 10 years ago
|Status:||review → closed|
Top notch work, Rodney! Everything in this branch seems really well done.
I've merged this. Thanks for your hard work on it!
Okay, some notes on my branch:
I have stopped working on it for now.
If someone wants to continue on this:
All of this is probably quite easy, so if you want to consider it, talk to me.