Stephan, That does indeed work, however, how long will that cookie be active? It should have a time encoded in it as to expire after a period of time. Otherwise, if someone were to get ahold of the cookie they could use it indefinitely.
Jeremy From: Stephan Beal Sent: Tuesday, November 22, 2011 3:58 PM To: Fossil SCM user's discussion Subject: Re: [fossil-users] Authentication via URL On Tue, Nov 22, 2011 at 9:44 PM, Stephan Beal <sgb...@googlemail.com> wrote: In theory (though i have not tested it), you can pass the login cookie as a GET parameter, as fossil internally treats GET/POST/COOKIE data identically for most purposes. The trick, then, is getting the login cookie. ... Here's something we can try... it won't work out of the box, but if the concept can be proven then i'll commit to adding the bits which will make it work out of the box: http://fossil.wanderinghorse.net/repos/fossil-sgb/index.cgi/json/login?name=json-demo&password=json-demo that outputs something like: { "fossil":"013e8ee723fe17c61a74ef9aa69a3032e9aa3e55", "timestamp":1321995094, "command":"login", "procTimeMs":2, "payload":{ "authToken":"2D0E39234B4A945C614C844ECCCE71EC4F05B40751E68A4AB8/CE59BB9F186226D8/json-demo", "name":"json-demo", "capabilities":"hgjorz" } } The missing part there is the (repo-specific) cookie name, which we could _theoretically_ combine with the above authToken (==the cookie's value) to produce a login string: http://.../index.cgi/timeline.rss?fossil-XYZ=the_above_authToken where XYZ==the project-specific code. If someone can verify that that would work, i will expand the JSON login input to provide the project-specific cookie name as part of the output. >From there it "should" be relatively simple (e.g. using JavaScript) to construct an RSS pull URL (as shown above). i'm unfortunately all out of energy for the time being (i was recently contracted out to a new customer in the TV industry, and they keep me busier than i'd really like to be!), so i can't commit to the experimentation. If someone else can verify that this approach would/might be useful, though, i can extend the JSON API to provide the output data needed for this approach. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ -------------------------------------------------------------------------------- _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
