Hi,
On 10/26/2012 08:15 PM, Barry Warsaw wrote:
One thing we need though is an authenticating proxy for the REST API so that
non-localhost users can script their own changes to lists they own or are
members of. We can't expose the admin REST API to non-localhost and I really
don't want to have to add the authentication layer to the default REST API (at
least not right now).
It's possible that such an authenticating layer could be implemented as part
of Postorius, since I think Django supports REST also, and you'll *have* to be
authenticated to interact with Postorius. OTOH, it would be nice if that
could be provided without requiring Django.
Of course it would be nice if a public API wouldn't require Django. But
we already have authorization functionality for all kinds of roles in
Postorius. And to add a JSON API shouldn't be so hard.
In fact, I played around with this a little over the weekend. I didn't
want to change too much of the existing authorization system, only
slightly enhance it to provide a simple way for non-browser clients to
log into Postorius with existing user credentials. What I came up with
is a simple view decorator that checks for an HTTP Basic Auth header if
the current user isn't logged in and uses these credentials to start a
new Django session. Clients that can handle session cookies can use that
in all concurrent requests (which makes it a little faster). Clients
that don't support cookies can just send the auth header again with the
next call.
Theres also an API resource that returns a json string with all mailing
lists (very similar, but not identical to the one the core API returns).
If anyone's interested: I added a small proof of concept for a command
line client to a private branch on launchpad. It's far from mature, just
to see if the idea works...
https://code.launchpad.net/~flo-fuchs/+junk/mmremote. (Please make sure
to use the latest revision of Postorius).
Another thought: We will add some convenience AJAX functionality to the
Postorius UI. For this alone it's worth having a number of JSON
resources available. In other words: Postorius would be the first client
to use its own API :-)
Cheers
Florian
Cheers,
-Barry
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/f%40state-of-mind.de
Security Policy: http://wiki.list.org/x/QIA9
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
