Re: [Mailman-Developers] Postorius and verified email addresses
In that case, how should this address be validated? Should Postorius consider that the login system always validates addresses and set them as verified in Mailman? Should it ask mailman to verify the email addresses when it encounters a user's un-verified address? This does not seem possible in REST at the moment (unless I missed it), and should be protected against multiple checks.
Ideas? I started a thread about this a couple of months back. I was asking about what authentication system to switch to, since persona is being dropped. I found a couple of solutions and have my personal favorite: django-allauth
I have a merge request pending that adds basic functionality for it in postorius. I think that it's better than python-social-auth that hyperkitty is currently using. Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
The link to my merge request: https://gitlab.com/mailman/postorius/merge_requests/130
The link to my previous post:
https://mail.python.org/pipermail/mailman-developers/2016-January/025338.htm...
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius?
I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end.
That doesn't necessarily prevent Postorius from doing it, and when used with Persona, we see how nicely that can work. It's also of course possible that any 3rd party front-end will have its own way of verifying email addresses.
The other thing to think about is that the core already must know how to talk to the outgoing MTA, to provide proper reputation services, signing, etc. I don't know that we want to make site admins have to configure that in two places, and we almost certainly don't want Postorius to send out emails directly.
Cheers, -Barry
On 04/07/2016 01:29 AM, Barry Warsaw wrote:
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius?
I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end. I don't mind the core being able to handle verfications. But I'm pretty sure everyone that offers a web interface for managing mailman will want the ability to confirm emails using http links. I don't see a reason why we should implement that in mailman, if it can easily be added in the front-end. Doing this has one downside in my opinion. Storing the same addresses in several places (which isn't bad perse, as a matter of fact microservices encourage duplicating data and synchronizing it) would need synchronization. Ideally mailman would offer signals for various events that front-ends can hook in to. They would probably be similar to the hyperkitty archiver plugin I guess.
Another thing I believe in is blocking access until an account is confirmed, which really shouldn't depend on mailman. While postorius might be a project that should always have an active connection to the core, and archive doesn't necessarily need it.
That doesn't necessarily prevent Postorius from doing it, and when used with Persona, we see how nicely that can work. It's also of course possible that any 3rd party front-end will have its own way of verifying email addresses.
The other thing to think about is that the core already must know how to talk to the outgoing MTA, to provide proper reputation services, signing, etc. I don't know that we want to make site admins have to configure that in two places, and we almost certainly don't want Postorius to send out emails directly.
Sorry but I have to disagree with that. Postorius _has_ to be able to send out mails. In case any server errors occur, django tries to send out emails to administrators defined in the settings. I strongly recommend setting this up for a production system. The mta should take care of the rest (dkim signatures, ...). If you are referring to gpg signing and encryption, there are django apps for that. A quick search revealed https://github.com/stephenmcd/django-email-extras I haven't tried it, but I don't think it would be that hard to integrate if the core supports them.
There is one more issue that needs to be discussed which is relevant to all templates: Translation. Django has builtin methods to translate and through the browser's preferred language can choose one. The core would require associating a language with each user in the settings.
From a usability point of view I would like Postorius to be able to set all templates and not just link to files in mailman. There are a couple of businesses that manage thousands of lists and I guess they would appreciate it if list owners could do this without direct access to the mailman server.
On Apr 07, 2016, at 02:46 AM, Simon Hanna wrote:
I don't mind the core being able to handle verfications. But I'm pretty sure everyone that offers a web interface for managing mailman will want the ability to confirm emails using http links.
Absolutely. This is the focus of my "templates" branch.
In MM2 we had the advantage that the web ui and the core were tightly integrated, but because they're separated in MM3, the core can't assume anything about the web front-end. At a high level, it will be possible to define a custom template for all confirmation messages, and those templates can be filled with whatever clickable confirmation link makes sense for whatever web ui is in place. I imagine that for a typical Postorius-fronted installation, we'll have some standard templates and a simple config file that will provide a minimal effort click-through-Postorius functionality.
I don't see a reason why we should implement that in mailman, if it can easily be added in the front-end.
Right, the core will *not* provide such a clickable confirmation link.
Doing this has one downside in my opinion. Storing the same addresses in several places (which isn't bad perse, as a matter of fact microservices encourage duplicating data and synchronizing it) would need synchronization. Ideally mailman would offer signals for various events that front-ends can hook in to. They would probably be similar to the hyperkitty archiver plugin I guess.
Yes. While orthogonal to the templates work, the core has a fairly rich ability to link internal events to external notifications. We simply need to define the API for calling back into Postorius (or whatever web front-end needs notification), and then we can dispatch internal events to that API. E.g. a webhook or similar.
Alternatively, Postorius can make queries of the core's REST API at whatever decision point makes sense.
Sorry but I have to disagree with that. Postorius _has_ to be able to send out mails. In case any server errors occur, django tries to send out emails to administrators defined in the settings.
That's different though. What I mean is that any list traffic, including to list members, owners, and moderators, should only be sent by the core. It's different if a Django error occurs and it wants to send an email notification to the Django administrator (although do also think about the Mailman site owners).
There is one more issue that needs to be discussed which is relevant to all templates: Translation. Django has builtin methods to translate and through the browser's preferred language can choose one. The core would require associating a language with each user in the settings.
We already do that. Members, users, and addresses have preferences, and those preferences have a preferred language. When sending notifications, the core will use the preferred language of the appropriate preference. The core will use gettext based translations, but when using a template, we have a mechanism for looking up a template in a particular language. If one is available, we'll use that, if not we always fall back to the site language (which is usually English) or the system language (i.e. shipped templates, always English).
Whatever translation service we end up using should support translating both gettext and templates, but ultimately it's up to the site administrator and system administrators of whatever front-end is used, to provide the appropriate translated templates.
From a usability point of view I would like Postorius to be able to set all templates and not just link to files in mailman. There are a couple of businesses that manage thousands of lists and I guess they would appreciate it if list owners could do this without direct access to the mailman server.
The template system I'm working on does not require file system access to the Mailman server machine. It will work on any URL (my intention is to use requests for the underlying fetch machinery, with a mailman: extension for file system access for those sites that do want to use that). The templates don't even need to reside in Postorius.
Cheers, -Barry
On 2016-04-06 4:29 PM, Barry Warsaw wrote:
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius?
I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end.
I'd prefer core to do it, so that it's consistent regardless of front-end and there isn't duplicated work in every single web component for Mailman, which is one of the reasons I haven't reviewed any of the proposed Postorius code to do this. (The other big one being that I need to do some research on auth libraries, because past experience has told me that I rarely agree with Simon. ;) )
Terri
On 2016-04-06 4:29 PM, Barry Warsaw wrote:
On Apr 07, 2016, at 12:26 AM, Simon Hanna wrote:
Short version: it supports both external (social) and internal (django) auth systems and offers options to combine/switch between them . Allauth provides Signals that I used to verify the addresses in Mailman.
I think we have to decide how and where addresses will be verified. Are they going to be via confirmations emailed by core or via Postorius?
I think the core has to support emailed confirmation messages because Postorius is technically an optional component. So if a site were to build their own REST front-end, they'd at least want to allow the core to handle email verifications without having to build that into their front-end.
I'd prefer core to do it, so that it's consistent regardless of front-end and there isn't duplicated work in every single web component for Mailman, which is one of the reasons I haven't reviewed any of the proposed Postorius code to do this. (The other big one being that I need to do some research on auth libraries, because past experience has told me that I rarely agree with Simon. ;) ) From time to time I search for such projects, and I currently prefer allauth. That doesn't mean that I know it's the best solution, it's just
On 04/10/2016 11:06 PM, Terri Oda wrote: the best one (in my eyes) I currently know of.
Postorius is currently confirming emails on it's own. And Hyperkitty doesn't at all (the registration process doesn't attempt to confirm emails).
participants (3)
-
Barry Warsaw -
Simon Hanna -
Terri Oda