[Seaside] authentication for seaside

Wed Dec 29 19:46:09 UTC 2010

Hi Sergio,

I am working on just such a package that has the features listed below.

The test application is on-line here:

     http://www.ensurete.com/LoginTestApp

You can turn on and off all the optional features that would normally
be set by the host application using the test app's input form.

Feature list:

      Login component containing the following items
      Username entry
      Password entry
      Login button
      Forgot username button
      Forgot password button
      Register button
      Remember my username on this computer checkbox (optional)
      Log me in automatically when I return to this site checkbox (optional)

   Register component containing the following items:
      Username entry
      Password entry
      Confirm password entry
      Email address
      Recaptcha protection (optional)

   Edit Account Detail component that allows
      Change username
      Change password
      Change email address

   Optional email confirmation of registration and account changes is provided.

   Preferences that can be set by the host application or on the
Seaside config page are:

		'Confirm registrations via email.'.
		'Minutes to wait after sending registration and password reset emails'.
		'Protect registration form against spam with reCAPTCHA'.
		'Outgoing mail server address or sending registration confirmation emails'.
		'Confirm email address changes by sending email to the new address'.
		'Confirm all account changes by sending email to the (possibly new) address'.
		'Allow empty passwords'.
		'Allow users to change their username'.
		'Allow users to remember their username in a cookie'.
		'Allow auto-login using username/password cookies'.
		'Expiration period in days for username and password cookies'.
		'Recaptcha public key - see http://www.google.com/recaptcha';
		'Recaptcha private key - see http://www.google.com/recaptcha';

The user information is persisted using the plug-in pattern. A
ReferenceStream file persistence provider is provided as the default,
but another persistence scheme could be plugged in in its place. There
is an application properties dictionary included in the user object
that is persisted and restored should the host application wish to
make use of it.

The confirmation email content is prepared by the hosting application
through callbacks that provide the essential information needed, e.g.
the URL the user must navigate to to confirm registration, the number
of minutes within which they must do this, etc. Multi-part MIME email
messages (HTML and plain text parts) are included as samples.

My goal was to make this work out-of-the-box if all the defaults were
acceptable, but allow the host application to override and substitute
functionality where needed. Also I tried to minimize dependencies on
outside packages other than Seaside 3.0.

There are a number of things I was hoping to complete before letting
anyone else see it, including refactoring, commenting, encrypting
stored passwords, moving inline styles to a CSS file, and the like.

There are also a number of additional features that I think should be
added, such as security questions for use at public sites and security
images and phrases like banking websites have, but I thought I would
try integrating it into one of my own applications before doing any of
that.

If you are interested in the package in its current form, I can make
an mcz file and send it to you -- probably by tomorrow. Caution is
warranted though, I am still learning Seaside and the code needs a lot
of cleanup -- that's what I'm working on now.

Regards,
TF