Pylons "Classic" (pre-pyramid) and LDAP Auth

nospam@example.com (TML) — Tue, 12 Jul 2011 11:27:57 -0600

It took me a long time to figure this out, I didn’t want it to end up locked in my head, so here’s a rough guide on how I managed to get a pylons 0.9.7 project to do LDAP authentication. All of the below is done in config/middleware.py.

The key points are:

“import ldap” (for the obvious reason) and “from paste.auth.basic import AuthBasicHandler”
Wrap the stacked WSGI ‘app’ object in the AuthBasicHandler you just imported: app = AuthBasicHandler(app, 'The value you want to appear on the browser dialog box', yourAuthFunctionHere)
Define an auth function “yourAuthFunctionHere(requestEnvironment, username, password)”. Some tricky bits:
1. If this function returns “True”, the request will proceed and there will be a new key in the Request object named ‘REMOTE_USER’ that contains the passed username.
2. If this function returns “False”, the user will be prompted again until it succeeds. (I should probably find a way to limit these so people cannot just keep guessing.)
3. Python’s LDAP has some strange behaviours:
You can’t touch the session from within the WSGI middleware layer

All of this was done because a new server in our datacenter doesn’t have packages for the old build of Apache that we used to configure our LDAP auth back in the day. I’m actually quite pleased at how the new system works, and am glad to be rid of that Apache+PHP millstone that’s been lurking as a dependancy in all of our Pylons projects simply for the LDAP authentication solution.

AlivePDF and Pylons

nospam@example.com (TML) — Tue, 05 Oct 2010 16:40:28 -0600

I have a project at work where we are using Pylons/paster as the web service provider. One of the “clients” of this service is written in Flex/Flash, and had as a component the AlivePDF AS3 library for generating a static PDF of the Flash content.

Unfortunately, because Flash cannot save content locally, in order to actually GET this PDF content back to the user, AlivePDF posts a byte array to the service and expects the service to bundle that as a PDF and send it back. They provide a “content.php” file as an example – which, frankly, is some pretty inscrutable code until you manage to figure out what it’s working around. So when one of my employees (the one who selected AlivePDF in the first place) sent me the PHP file, it took as long to understand what he wanted as it did to come up with a Pylons solution. You can find the latter bit below – replace ${service} and ${controller} with your actual values through-out, and trim the ellipses (they are there to indicate there may be additional context on either side of the line I’m giving you):

${service}/config/routing.py: def make_map(): ... map.connect(’/${controller}/create.php’, controller=’${controller}’, action=‘pdf’) # put this before the default routes, if you have any ...

${service}/controllers/${controller}.py: Class ${controller}(BaseController): ... def pdf(self): response.headers[‘Content-Type’] = request.environ[‘CONTENT_TYPE’] response.headers[‘Content-Disposition’] = ‘inline; filename=”%s”’ % request.GET[‘name’] return request.environ[‘wsgi.input’].read(int(request.environ[‘CONTENT_LENGTH’])) ...

A River of Words - Tools and Languages

Pylons "Classic" (pre-pyramid) and LDAP Auth

AlivePDF and Pylons