juxt / bolt Goto Github PK

README says

The key difference is that Friend is designed upon Compojure ...

I do not see any inherent dependencies of Friend on Compojure (In fact word "compojure" occurred only once in Friend's sources and only in comment). As I can tell only essential dependency of Compojure is on Ring.

I cannot tell which description for differences between Friend and Cylon would be appropriate but the one above does not seem right.

Could the CSRF todo be solved with using https://github.com/weavejester/ring-anti-forgery middleware?

Thus AuthorizationServer doesn't work as a server (I mean a http-listener)

AuthorizationServer uses two protocols [1][2] from Login, and following Single Responsibility Principle it makes sense to change that.
My proposal would be moving RequestAuthenticator and AuthenticationHandshake impls from cylon.user.login/Login to cylon.oauth.server.server/AuthorizationServer
Both protocols implementations could be move without any changes in AuthorizationServer due that last one has the dependencies needed.

Cylon Oauth Server uses cheshire.core/encode in the body of access-token response but others providers could return other response type (For example working with Google OAuth2 provider I need to use json/read-str )

crypto-password seems to be a good thing to capture community knowledge about the best way to handled passwords.

Let's standardise on it: https://github.com/weavejester/crypto-password/

Hi,

Cylon 1.0.4 and even master relies on getParentFile to make an assertion.
If you follow the tutorial it shows a "passwords.edn" name without directory.
The problem is that getParentFile returns null if the path is not present on the file name therefore invalidating the assertion. I think an (.getParentFile (.getCanonicalFile f)) is necessary because it translates the path less file satisfying getParentFile.

user=> (def f (clojure.java.io/file "passwords.edn"))
#'user/f
user=> (clojure.java.io/as-url f)
#<URL file:/home/geraldo/teste/teste/passwords.edn>
user=> (.getParentFile f)
nil  <--- see ? 

user=> (def f (clojure.java.io/file "/home/geraldo/teste/teste/passwords.edn"))
#'user/f
user=> (.getParentFile f)
#<File /home/geraldo/teste/teste>

I think adding clj-webdriver could be interesting to assert the correct behaviour in each case and to help in future developing stages
what do you think?

Use https://github.com/dhruvchandna/ring-secure-headers

This looks positively fantastic, but is it ready for use outside the juxt consultancy? I notice the readme states that this isn't production ready until marked 1.0, is that likely to happen in 2015?

If the answer is in the affirmative, would it be possible to write some documentation as to how cylon can be put to use? I'd like to use it for a REST service, written with liberator, if you're wondering about which section to write first :)

Currently only exception message is printed. When it happens to be a Schema validation failure, it is not trivial to track down where exactly in the code that happened.

Hi cylon guys!

Trying to use Cylon OAuth Client to communicate with Google OAuth provider I realised that the only keyword support provided for dealing with oauth scopes didn't work with google scope standar defined as URLs (https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/devstorage.full_control ...)

Add a delete-user! function

Ring has a protocol for session stores: ring.middleware.session.store and a default implementation. It would be better for cylon to use this as its session store protocol, allowing existing Ring session store implementations to be used in Cylon.