Opened 12 years ago
Closed 12 years ago
#624 closed enhancement (fixed)
Consider using itsdangerous for mail tokens.
Reported by: | Elrond | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 0.5.0 |
Component: | programming | Keywords: | bitesized |
Cc: | Christopher Allan Webber | Parent Tickets: |
Description
itsdangerous is an interesting package to use crypto to stop us using local storage for things.
There are two major use cases:
- For verification tokens in the emails.
- For sessions.
the tokens are quite easy. I have a "proof of concept" branch at elrond/itsdangerous
. The sessions aren't too complex either, but need some more thinking and some decisions.
We need to make up our mind: Do we want this?
Note: #580 might be related, because we are considering to drop beaker.
Change History (14)
comment:2 by , 12 years ago
Keywords: | review added |
---|---|
Owner: | set to |
Status: | new → assigned |
Okay, I have reworked my branch (rebased, force updated).
It currently only contains the basic infrastructure for itsdangerous.
This is needed for #668, so please review for merging.
Please do not close after merging, because I still have the itsdangerous based email tokens in a local branch and we likely want those too or should discuss that.
comment:3 by , 12 years ago
Owner: | changed from | to
---|
So, the elrond + bretts itsdangerous main branch has been merged. I'm passing this back to Elrond; I think the email tokens stuff is next to get this ticket wrapped up.
comment:5 by , 12 years ago
Keywords: | bitesized added |
---|---|
Milestone: | 0.4.0 |
Owner: | removed |
Priority: | major → minor |
I have a local, quick and dirty implementation of the email tokens.
If someone (hey, this is quite easy, maybe bitesized?) wants to improve my work (I think, I posted some notes above) and port this for forget password tokens, ping me and I'll post my branch somewhere public (and nicely rebased).
I'm tagging this bitesized, because we could need some bitesized tasks currently.
comment:6 by , 12 years ago
itsdangerous is worked for verifications tokens in emails (register and forgot password), without saving the token in user.verification_key, user.fp_verification_key and user.fp_token_expire fields.
I need to debate with Elrond how implements itsdangerous in sessions.
comment:7 by , 12 years ago
Status: | assigned → accepted |
---|
We're using this for sessions, but I guess not verification tokens? Should that be its own ticket? Should this be closed out?
comment:8 by , 12 years ago
Hi bukosabino,
sessions are done by now!
Where's your work on forget password, etc?
comment:9 by , 12 years ago
Hi Chris,
I think, this ticket has become the "itsdangerous for mails" ticket. I hope we have another one for the sessions? I thought so?
comment:10 by , 12 years ago
Summary: | Consider using itsdangerous for some things. → Consider using itsdangerous for mail tokens. |
---|
#624 is about sessions.
comment:11 by , 12 years ago
Owner: | set to |
---|---|
Status: | accepted → in_progress |
comment:12 by , 12 years ago
Owner: | removed |
---|---|
Status: | in_progress → review |
comment:14 by , 12 years ago
Milestone: | → 0.4.1 |
---|---|
Resolution: | → fixed |
Status: | review → closed |
Top notch work, Rodney! Everything in this branch seems really well done.
I've merged this. Thanks for your hard work on it!
Okay, some notes on my branch:
I have stopped working on it for now.
If someone wants to continue on this:
All of this is probably quite easy, so if you want to consider it, talk to me.