[Qgis-developer] Authentification use from Python
Luigi Pirelli
luipir at gmail.com
Fri Mar 4 00:16:30 PST 2016
Hi Larry
your 4h workshop on new Qgis Auth System is "unufficially" approved
(you'll receive official confirmation soon)... I suppose most of
developers working with public institutions will are interested in it.
so Stefan... prepare your trip to the Qgis International conference in
Girona (Es) :)
cheers
Luigi Pirelli
**************************************************************************************************
* Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
* LinkedIn: https://www.linkedin.com/in/luigipirelli
* Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
* GitHub: https://github.com/luipir
* Mastering QGIS:
https://www.packtpub.com/application-development/mastering-qgis
**************************************************************************************************
On 3 March 2016 at 22:11, Larry Shaffer <larrys at dakotacarto.com> wrote:
> Hi Stefan,
>
> Sorry for the delay in reply. OAuth should be able to be implemented as an
> authentication method plugin for the new system, thereby making it available
> for WxS connections, as well as other HTTP connections.
>
> I have a proposed talk and workshop on auth method plugins for the QGIS
> conference in Girona (no word yet on whether they are accepted).
>
> In the meantime, you could review existing auth method plugins and formulate
> some psuedo-code on the steps needed to intercept the request and work with
> OAuth:
>
> https://github.com/qgis/QGIS/tree/master/src/auth
>
> This is the base plugin class:
>
> https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmethod.h
>
> The last thing I did was add auth method plugin support to the system, which
> allows a C++ plugin to be built, then dropped into an existing 2.14 install,
> etc.
>
> Regards,
>
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
>
> On Sat, Feb 27, 2016 at 1:32 PM, Stefan Keller <sfkeller at gmail.com> wrote:
>>
>> Hi,
>>
>> In a Python plugin [1] we implemented HTTP "Basic Authentication" and
>> "NTLM authentication".
>>
>> Now I'm still looking for a solution using OAuth 2.0 for build-in WxS
>> (WMS/WMTS, WFS) as well as for Python plugins.
>> This seems to be also of some interest for other QGIS users [2].
>>
>>
>> The only code related to OAuth2 I found is in the CartoDB plugin [3].
>> But this does not help WxS nor my Python plugin.
>>
>> Also Paolo's pointer to LizMap relates not to QGIS Python plugin but
>> to restricted access to lizmap online AFAIK.
>>
>> I heard about the authentication configuration system with master password
>> [4].
>> But we still need more information when the API is available.
>>
>> 2016-01-12 23:36 GMT+01:00 Larry Shaffer <larrys at dakotacarto.com>:
>> > Until then, the continued Python access to the auth system credentials
>> > means
>> > security is not good for the user. It should be considered for
>> > deprecation
>> > or just complete removal in 2.14 release.
>>
>> Any news on this, and on OAuth implementations for WxS and Python plugins?
>>
>> :Stefan
>>
>> [1] http://plugins.qgis.org/plugins/connector/
>> [2]
>> https://groups.google.com/forum/#!topic/australian-qgis-user-group/agn7ehIPd3M
>> [3] http://plugins.qgis.org/plugins/QgisCartoDB/
>> [4] https://github.com/qgis/QGIS/pull/1838
>>
>>
>> 2016-01-12 23:36 GMT+01:00 Larry Shaffer <larrys at dakotacarto.com>:
>> > Hi Bernhard,
>> >
>> > Please note that the Python support for direct access to the credentials
>> > via
>> > the auth method config *may* be completely removed for security reasons.
>> >
>> > Ideally, the expansion of credentials within a given auth method config
>> > would only be done within the core application and connection methods
>> > (HTTP,
>> > etc.) would be offered through a Python API. In this way an authcfg
>> > token
>> > can be passed in and the connection established without access to
>> > credentials.
>> >
>> > However, such support and an API are not currently available. It is
>> > simple
>> > enough to add to QgsNetworkAccessManager for HTTP[S] connections, but
>> > not so
>> > simple for other types of connections, e.g. database via a library or
>> > client. Once completed this means a plugin would not be able to access
>> > the
>> > credentials and pass them on to a different connection method, e.g.
>> > Python
>> > HTTP lib, etc.
>> >
>> > Once such an API is available (or even now, with some work), plugins
>> > could
>> > be 'authorized' by the user for access to credentials using revocable
>> > access
>> > tokens or signed/revokable certificates.
>> >
>> > Until then, the continued Python access to the auth system credentials
>> > means
>> > security is not good for the user. It should be considered for
>> > deprecation
>> > or just complete removal in 2.14 release.
>> >
>> > Regards,
>> >
>> > Larry Shaffer
>> > Dakota Cartography
>> > Black Hills, South Dakota
>> >
>> > QGIS Support/Development | Boundless
>> > lshaffer at boundlessgeo.com
>> >
>> > On Tue, Jan 12, 2016 at 8:14 AM, Bernhard Ströbl
>> > <bernhard.stroebl at jena.de>
>> > wrote:
>> >>
>> >> Hi Luigi,
>> >>
>> >> many thanks! That was the key.
>> >>
>> >> I now have
>> >> <code>
>> >> am = QgsAuthManager.instance()
>> >> myAuthMethodConfig = QgsAuthMethodConfig()
>> >> am.loadAuthenticationConfig(mykey,myAuthMethodConfig,True)
>> >> myAuthMethodConfig.configMap()
>> >> </code>
>> >>
>> >> Bernhard
>> >>
>> >>
>> >> Am 12.01.2016 um 15:58 schrieb Luigi Pirelli:
>> >>>
>> >>> Hi Bernhard
>> >>>
>> >>> be inspired by Boundless qgis-geoserver-plugin
>> >>>
>> >>>
>> >>>
>> >>> https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/src/geoserverexplorer/gui/gsexploreritems.py#L502
>> >>>
>> >>> I hope it's enough
>> >>>
>> >>> cheers
>> >>> Luigi Pirelli
>> >>>
>> >>>
>> >>>
>> >>> **************************************************************************************************
>> >>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
>> >>> * LinkedIn: https://www.linkedin.com/in/luigipirelli
>> >>> * Stackexchange:
>> >>> http://gis.stackexchange.com/users/19667/luigi-pirelli
>> >>> * GitHub: https://github.com/luipir
>> >>> * Mastering QGIS:
>> >>> https://www.packtpub.com/application-development/mastering-qgis
>> >>>
>> >>>
>> >>> **************************************************************************************************
>> >>>
>> >>>
>> >>> On 12 January 2016 at 12:47, Bernhard Ströbl
>> >>> <bernhard.stroebl at jena.de>
>> >>> wrote:
>> >>>>
>> >>>> Hi all,
>> >>>>
>> >>>> my goal is that my users do not save their PostgreSQL passwords in
>> >>>> clear
>> >>>> text but that they use the new Authentification system to do so. For
>> >>>> my
>> >>>> plugins I would need access to the PostgreSQL username and password,
>> >>>> though.
>> >>>> Is this generally possible in spite of security considerations as
>> >>>> mentioned
>> >>>> in the QGEP? If yes, how would I do it?
>> >>>>
>> >>>> what I have so far is:
>> >>>> <code>
>> >>>> am = QgsAuthManager.instance()
>> >>>> myAuthMethodConfig = am.availableAuthMethodConfigs()[mykey]
>> >>>> myAuthMethodConfig.configMap() # returns an empty dict :-(
>> >>>> </code>
>> >>>>
>> >>>> QGIS 2.12.2
>> >>>>
>> >>>> any help appreciated
>> >>>>
>> >>>> regards
>> >>>>
>> >>>> Bernhard
>> >>>>
>> >>>> [1]
>> >>>>
>> >>>>
>> >>>> https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst
>> >>>>
>> >>>>
>> >>>> __________ Information from ESET Mail Security, version of virus
>> >>>> signature
>> >>>> database 12855 (20160112) __________
>> >>>>
>> >>>> The message was checked by ESET Mail Security.
>> >>>> http://www.eset.com
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> Qgis-developer mailing list
>> >>>> Qgis-developer at lists.osgeo.org
>> >>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> >>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> >>>
>> >>>
>> >>>
>> >>> __________ Information from ESET Mail Security, version of virus
>> >>> signature database 12856 (20160112) __________
>> >>>
>> >>> The message was checked by ESET Mail Security.
>> >>> http://www.eset.com
>> >>>
>> >>>
>> >>
>> >> --
>> >> Bernhard Ströbl
>> >> Anwendungsbetreuer GIS
>> >>
>> >> Kommunale Immobilien Jena
>> >> Am Anger 26
>> >> 07743 Jena
>> >>
>> >> Tel.: 03641 49- 5190
>> >> E-Mail: bernhard.stroebl at jena.de
>> >> Internet: www.kij.de
>> >>
>> >>
>> >> Kommunale Immobilien Jena
>> >> Eigenbetrieb der Stadt Jena
>> >> Werkleiter: Karl-Hermann Kliewe
>> >>
>> >>
>> >> __________ Information from ESET Mail Security, version of virus
>> >> signature
>> >> database 12856 (20160112) __________
>> >>
>> >>
>> >> The message was checked by ESET Mail Security.
>> >> http://www.eset.com
>> >>
>> >>
>> >> _______________________________________________
>> >> Qgis-developer mailing list
>> >> Qgis-developer at lists.osgeo.org
>> >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> >
>> >
>> >
>> > _______________________________________________
>> > Qgis-developer mailing list
>> > Qgis-developer at lists.osgeo.org
>> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
More information about the Qgis-developer
mailing list