I have an SMTP server that requires secure password authentication (e.g. Outlook requires to check SPA). Is there a way to deal with it with Django SMTPConnection?
Or maybe ideas about any python solution to deal SPA?
Honestly, I couldn't find enough about SPA, to understand what is it exactly:
en.wikipedia:Secure_Password_Authentication
http://www.kuro5hin.org/?op=displaystory;sid=2002/4/28/1436/66154
The python-ntlm project is a working implementation of NTLM authentication for urllib2. There is a patch floating around in the tracker that allows integration with smtplib.
I would install python-ntlm, then fork smtplib inside your Django project (making sure it gets imported through smtplib) and then patch either smtplib (to always use ntlm authentication) or django (to use python-ntlm).
This will get the work done.
After googling for it I found the same question asked on Google Groups:
http://groups.google.com/group/django-users/browse_thread/thread/fc7f77e2f796e6a4/90ae093cbb2863b8?pli=1
SPA is a proprietary MS protocol for
which there is no documentation. I
don't think you will find a non MS
implementation of SPA.
Related
I have written a python script to make updates to SalesForce. However the issue is that I login to SalesForce using my username and password but this is a problem because my password changes regularly. I realize that I need to use the JWT method to avoid this. According to PyPi all I need to do is use simple salesforce and provide a private key and consumer key but I cannot figure out how to do this. I have made a connected app and associated it with a self signed certificate. Please advise on how I finish setting up this method.
You could have a dedicated user account for this with Profile flag that says password never expires. There would be a license cost, yes - but it'd work OK even if you leave company and the updates done by "Mr Admin" can look better to end users than by "Brian". Do you get any "why have you changed my data!!!" angry emails? ;)
But if you really need the JWT route these should help:
https://help.salesforce.com/articleView?id=remoteaccess_oauth_jwt_flow.htm&type=5
https://gist.github.com/booleangate/30d345ecf0617db0ea19c54c7a44d06f (Python example but read the comments, I had to pip install pyjwt, not jwt)
https://salesforce.stackexchange.com/questions/201636/authentication-using-jwt/201648 (Apex example, 2 versions of code, raw HTTP requests or using built-in JWT libraries)
This is similar to How to set/access outlook DoNotForward property in Microsoft exchange service but I want to use the exchangelib Python module to send emails.
The building blocks and links to documentation are available in this exhangelib issue: https://github.com/ecederstrand/exchangelib/issues/540
In short, it's really tricky to do if you are not using a Microsoft-supplied library. You have to build a binary message with all sorts of magic variables and send that as a custom extended property. Plus you have to implement the client-side encryption needed by EWS rights management.
AFAIK, no-one has attempted a Python solution yet, and a full solution would require quite a bit of work.
I'm trying to write a simple mail server using Python.
I found smtpd that can be used as a simple smtp server, but I don't think it supports any form of authentication.
For pop or imap, I haven't found anything at all yet.
I do know Twisted has some support for both smtp and pop or imap, but I can't find any examples or tutorials about it.
An alternative would be to use Clojure, but I still have the same question:
Which libraries should I use and is there any documentation about them?
Here is an example from Twisted.
And the main page. Follow the link for documentation to find the example and a tutorial.
Edit:
Check the attachment for this ticket for an example IMAP server. Definitely read the thread as it talks about the shortcomings of the example.
A bit late probably but for experimentation you might also want to check pymta which is a pure-python SMTP implementation I'm using for some experiments/testing. It supports SMTP basic auth. Documentation should be at a 'decent' level, check the examples directory and the unit tests-
For anything production-related I'd go for twisted if you don't mind the asynchronous nature.
I'm building my startup and I'm thinking ahead for shared use of services.
So far I want to allow people who have a user account on one app to be able to use the same user account on another app. This means I will have to build an authentication server.
I would like some opinions on how to allow an app to talk to the authentication server. Should I use curl? Should I use Python's http libs? All the code will be in Python.
All it's going to do is ask the authentication server if the person is allowed to use that app and the auth server will return a JSON user object. All authorization (roles and resources) will be app independent, so this app will not have to handle that.
Sorry if this seems a bit newbish; this is the first time I have separated authentication from the actual application.
Assuming you plan to write your own auth client code, it isn't event-driven, and you don't need to validate an https certificate, I would suggest using python's built-in urllib2 to call the auth server. This will minimize dependencies, which ought to make deployment and upgrades easier.
That being said, there are more than a few existing auth-related protocols and libraries in the world, some of which might save you some time and security worries over writing code from scratch. For example, if you make your auth server speak OpenID, many off-the-self applications and servers (including Apache) will have auth client plugins already made for you.
Your question isn't really a programming problem so much as it is an architecture problem. What I would recommend for your specific situation is to setup an LDAP server for authentication, authorization, and accounting (AAA). Then have your applications use that (every language has modules and libraries for LDAP). It is a reliable, secure, proven, and well-known way of handling such things.
Even if you strictly want to enforce HTTP-based authentication it is easy enough to slap an authentication server in front of your LDAP and call it a day. There's even existing code to do just that so you won't have to re-invent the wheel.
There is also CAS that you might wont to look at,
I'm developing a website (in Django) that uses OpenID to authenticate users. As I'm currently only running on my local machine I can't authenticate using one of the OpenID providers on the web. So I figure I need to run a local OpenID server that simply lets me type in a username and then passes that back to my main app.
Does such an OpenID dev server exist? Is this the best way to go about it?
The libraries at OpenID Enabled ship with examples that are sufficient to run a local test provider. Look in the examples/djopenid/ directory of the python-openid source distribution. Running that will give you an instance of this test provider.
I have no problems testing with myopenid.com. I thought there would be a problem testing on my local machine but it just worked. (I'm using ASP.NET with DotNetOpenId library).
The 'realm' and return url must contain the port number like 'http://localhost:93359'.
I assume it works OK because the provider does a client side redirect.
I'm also looking into this. I too am working on a Django project that might utilize Open Id. For references, check out:
PHPMyId
OpenId's page
Hopefully someone here has tackled this issue.
I'm using phpMyID to authenticate at StackOverflow right now. Generates a standard HTTP auth realm and works perfectly. It should be exactly what you need.
You could probably use the django OpenID library to write a provider to test against. Have one that always authenticates and one that always fails.
Why not run an OpenID provider from your local machine?
If you are a .Net developer there is an OpenID provider library for .Net at Google Code. This uses the standard .Net profile provider mechanism and wraps it with an OpenID layer. We are using it to add OpenID to our custom authentication engine.
If you are working in another language/platform there are a number of OpenID implementation avalaiable from the OpenID community site here.
You shouldn't be having trouble developing against your own machine. What error are you getting?
An OpenID provider will ask you to give your site (in this case http://localhost:8000 or similar) access to your identity. If you click ok then it will redirect you that url. I've never had problems with livejournal and I expect that myopenid.com will work too.
If you're having problems developing locally I suggest that the problem you're having is unrelated to the url being localhost, but something else. Without an error message or problem description it's impossible to say more.
Edit: It turns out that Yahoo do things differently to other OpenID providers that I've come across and disallow redirections to ip address, sites without a correct tld in their domain name and those that run on ports other than 80 or 443. See here for a post from a Yahoo developer on this subject. This post offers a work around, but I would suggest that for development myopenid.com would be far simpler than working around Yahoo, or running your own provider.