kotti_accounts is a Kotti plugin which allows a user principal to be associated to multiple email accounts.

Find out more about Kotti

For the impatient

There’s a demo which shows how it works. Just run the commands below inside a clean virtualenv.

git clone https://github.com/frgomes/kotti_velruse_demo.git
cd kotti_velruse_demo
./run-server.sh

Setup

  1. Insert kotti_accounts.kotti_configure on kotti.configurators
kotti.configurators = kotti_velruse.kotti_configure
                      kotti_accounts.kotti_configure
                      # other plugins...
  1. See also kotti_velruse for other configurations, since kotti_velruse and kotti_accounts were designed to work together.

Design Decisions

  • associate multiple externally authenticated identities to a single Principal.
  • substitute part of the internal registration workflow provided by kotti.security.
  • behave as a drop-in to the existing kotti.security Principals.
  • all existing test cases depending on Principals must pass.
  • integrate with kotti_velruse via events.

Workflow

New user

The actions enumerated below happen when a user authenticates for the first time using his/her external OpenID account (or any other authentication method):

  • the user’s real name and email address are obtained from the external provider;
  • a new Principal is created and populated with the real name and email address;
  • a new Account is created and populated with the email address;
  • the newly created Account is associated with the newly created Principal;
  • event UserSelfRegistered is triggered, in order to integrate with other plugins.
  • the session is then authenticated with the allocated Principal.

Returning user

These actions enumerated below happen when a returning user authenticates:

  • the user’s real name and email address are obtained from the external provider;
  • find the Account which matches the email address;
  • finds the Principal associated with the Account;
  • the session is then authenticated with the Principal found.

Add email to existing user

These actions enumerated below happen when new email addresses are added to an existing Principal, using the new Preferences page:

  • the user remains authenticated as he/she was, keeping the current Principal;
  • the user performs a new login, authenticates against another external provider;
  • the user’s real name and email address are obtained from the external provider;
  • a new Account is created and populated with the email address; the real name is discarded;
  • the newly created Account is associated with the existing created Principal;
  • the session remains authenticated as it was in the beginning.

Pending

  • (TODO) ability to merge accounts.

Troubleshooting

How do I authenticate as administrator?

The default authentication method provided by Kotti retrieves Principals from the database and compares the password you type against what is stored there. The authentication method provided by kotti_accounts relies on authentication performed by external providers, which means that the usual admin/qwerty is not valid anymore.

The way to become administrator consists on these steps:

  • Please follow the steps as described in section _Setup_, above.
  • Start the server and authenticate using some external provider of your preference.
  • Stop the server
  • Temporarily comment out the configuration you’ve done.
  • Start the server again and authenticate this time as “admin/qwerty”, since the default authentication process will be back on.
  • Enter page @@users and assing Admin rights to your user account (the one which you authenticated before, using an external provider).
  • Stop the server
  • Put the configurations back on, as explained by section Setup.

When you login to your previously created user account, using an external provider, you will be recognized as administrator.

Support

Please find links on the top of this page.

Read the Docs v: latest
Versions
latest
Downloads
PDF
HTML
Epub
On Read the Docs
Project Home
Builds

Free document hosting provided by Read the Docs.