Publ: Development Blog

Entries tagged discussion, import or autoauth

Publ v0.5.14 released!

Posted Tuesday, February 4 at 5:40 PM (2 weeks ago)

Today I released v0.5.14 of Publ, which has a bunch of improvements:

  • Fixed a bug in card retrieval when there’s no summary
  • Admin panel works again
  • Markdown entry headings now get individual permalinks (the presentation of which can be templated)
  • Markdown entry headings can be extracted into an outline to be used for a table of contents
  • Lots of performance improvements around ToC and footnote extraction, and template API functions in general

Publ 0.5.8, Authl 0.3.1, and IndieAuth security

Posted Wednesday, October 30 at 7:11 PM (4 months ago)

So, both Publ and Authl had a pretty na├»ve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.

Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.

Publ v0.5.7, now with theoretical AutoAuth support!

Posted Tuesday, October 29 at 9:38 PM (4 months ago)

There is only one feature for this new release of Publ, but it’s a big one – there is (theoretical) support for AutoAuth! That’s right, deploy this version and people should be able to magically log on to your website using unattended IndieAuth providers.

Unfortunately, there aren’t any tools that I know of which actually support this mode of operation; all testing has been manual and In Theory.

Fortunately, if someone does want to test AutoAuth (or IndieAuth Bearer authentication in general), you can test it out on this site! You can use this entry as an individual entry, and this category or this feed to see how well it works with the “partial public” path.

Also, this page will tell you all sorts of useful information about the current user (if any).

And I’d might as well use this opportunity to show off the admin dashboard – just sign in as the user test:admin to see how it looks.

EDIT: It looks like there’s a problem with third-party auth due to the way that Heroku works. I should have anticipated this. Third-party auth is temporarily disabled for now. (But this doesn’t affect AutoAuth at least!)

Authl v0.2.0, now in beta status!

Posted Monday, August 19 at 1:49 AM (6 months ago)

I’ve released Authl v0.2.0. Changes since v0.1.8:

  • Added support for Twitter
  • Big ol' refactor to support Twitter (see the fuller discussion below the cut!)
  • Released to beta!

And changes from v0.1.7 to v0.1.8 (which I didn’t bother to post an announcement about):

  • Fixed an incredibly minor security issue in the Mastodon client (the client_secret was leaking but in the context of Mastodon that couldn’t really be used for anything anyway)
  • Centralize/refactor the login token management, allowing for future flexibility in the service stack
  • Make callback IDs protocol-stable, which helps with some stricter services (e.g. Twitter)

Auth is working nicely

Posted Monday, July 8 at 11:56 AM (7 months ago)

I’ve released Authl 0.1.1, which adds support for Mastodon authentication. And the Publ test suite now is up-to-date with that as well.

There’s a few things I want to do on Publ before I release a version for use on my own website, the big one being the ability to provide a better login page, and some refactoring around built-in templates now that built-in templates are becoming a thing.

I also really want to redo how I manage the documentation site, because it’s getting kind of untenable at this point.

Anyway, really soon I’ll have properly-private content on my website again, and hopefully this will be enough of a feature for people to actually be interested in Publ!

Pushl v0.2.0 released

Posted Thursday, March 7 at 12:05 AM (a year ago)

So, I just released v0.2.0 of Pushl. It was a pretty big change, in that I pretty much rewrote all the networking stuff, and fixed some pretty ridiculous bugs with the caching implementation as well.

The main thing is now it’s using async I/O instead of thread-per-connection, so it’s way more efficient and also times out correctly.

And oh gosh, I had so many tiny but critical errors in the way caching was implemented – no wonder it kept on acting as if there was no cached state. Yeesh.

Anyway, I’ll let this run on my site for a few days and if I like what I see I’ll upgrade it to beta status on PyPI.

An early-alpha Movable Type importer

Posted Wednesday, February 20 at 3:42 PM (a year ago)

For those folks who want to import their content from Movable Type over to Publ, I’ve finally gotten around to writing an importer. Currently it only attempts to convert entry content and category metadata, and only using SQLite-formatted database dumps.

See its README.md for the (incredibly rough) usage instructions.

Eventually I want to try to automatically convert templates from MT’s scripting language to Jinja-Publ templates, although there’s a bunch of stuff that’s going to be difficult to port across and a lot of stuff is just plain not feasible to even try, so don’t expect that to become a major thing any time soon.