Initial velruse integration

Initial velruse integration

This is just the first piece of performing the OpenID authentication.   It
does not include logging in a principal in Pyramid.

Add velruse.  Add "/auth" page with login link.  Add "/authcallback" page
showing authentication results.

https://code.launchpad.net/~abentley/charmworld/velruse-integration/+merge/139305

(do not edit description out of merge proposal)

[abentley-home, 2012-12-11 20:00:01]

Please take a look.

[rharding, 2012-12-11 20:11:47]

https://codereview.appspot.com/6927049/diff/1/charmworld/__init__.py
File charmworld/__init__.py (right):

https://codereview.appspot.com/6927049/diff/1/charmworld/__init__.py#newcode2
charmworld/__init__.py:2: from pyramid.session import
UnencryptedCookieSessionFactoryConfig
Should we look and see if there's an encrypted version to use instead ootb.

https://codereview.appspot.com/6927049/diff/1/charmworld/__init__.py#newcode12
charmworld/__init__.py:12: my_session_factory =
UnencryptedCookieSessionFactoryConfig('itsaseekreet')
This should pull the session secret from the ini file. We can provide an initial
in development.ini and should be overridden in production.

https://codereview.appspot.com/6927049/diff/1/charmworld/routes.py
File charmworld/routes.py (right):

https://codereview.appspot.com/6927049/diff/1/charmworld/routes.py#newcode70
charmworld/routes.py:70: config.add_route('auth', '/auth')
We don't need the auth route right? We can just add a link to the navigation
with the openid_identifier=login.ubuntu.com?

[abentley-home, 2012-12-11 20:23:07]

Please take a look.

[abentley-home, 2012-12-11 20:52:17]

https://codereview.appspot.com/6927049/diff/1/charmworld/__init__.py
File charmworld/__init__.py (right):

https://codereview.appspot.com/6927049/diff/1/charmworld/__init__.py#newcode2
charmworld/__init__.py:2: from pyramid.session import
UnencryptedCookieSessionFactoryConfig
On 2012/12/11 20:11:47, rharding wrote:
> Should we look and see if there's an encrypted version to use instead ootb.

There isn't one that I can see.

https://codereview.appspot.com/6927049/diff/1/charmworld/__init__.py#newcode12
charmworld/__init__.py:12: my_session_factory =
UnencryptedCookieSessionFactoryConfig('itsaseekreet')
On 2012/12/11 20:11:47, rharding wrote:
> This should pull the session secret from the ini file. We can provide an
initial
> in development.ini and should be overridden in production. 

Done.

https://codereview.appspot.com/6927049/diff/1/charmworld/routes.py
File charmworld/routes.py (right):

https://codereview.appspot.com/6927049/diff/1/charmworld/routes.py#newcode70
charmworld/routes.py:70: config.add_route('auth', '/auth')
On 2012/12/11 20:11:47, rharding wrote:
> We don't need the auth route right? We can just add a link to the navigation
> with the openid_identifier=login.ubuntu.com?

Yes, I see this as a very temporary measure.  Actually, I suspect we'll address
this by creating a new provider that returns a URL containing
openid_identifier=login.ubuntu.com from velruse.login_url

[hazmat, 2012-12-11 21:27:00]

looks good to me given rick's comments.

beaker incidentally has various permutations on session factories that are more
secure (signed client cookies, backend storage) where we can store the user's
openid session info in the future.