[Zope-dev] Re: [Zope] authenticating over XML-RPC to implement the Blogger API
Nathan Sain
njsain@antler.oursc.k12.ar.us
Tue, 5 Feb 2002 10:02:15 -0600 (CST)
My thoughts as well. As far as I can tell here are my options:
I look at the CookieCrumbler last night, and wondered if I can use the
BeforeTraversehook that it uses. ZPublisher calls request.processInputs() before
traversal right? If thatis so then request should have the args from the XML-RPC message by the time
BeforeTraverse kicks in. If the username,password pair is prefixed with
'zid' and 'zpw' orsome other recognizable prefix I think BeforeTraverse can pick out the
username,password from request.args and do the auth magic right?
It may be possible to hijack the SecurityManager with a external
method, but thisseems dangerous. Any other ideas?
> I don't think basic auth is going to cut it. The API wants username
> and password to be passed as arguments. Probably need to hack a user
> folder implementation.
>
> ----- Original Message -----
> From: "Andy" <andy@agmweb.ca>
> To: <njsain@antler.oursc.k12.ar.us>; <zope@zope.org>;
> <zope-dev@zope.org> Sent: Sunday, February 03, 2002 10:33 PM
> Subject: Re: [Zope] authenticating over XML-RPC to implement the
> Blogger API
>
>
> ZSyncer does user authentication over xmlrpc via
> xmlrpclibBasicAuth.py, download it and take a look.
>
>> ----- Original Message -----
>> From: "Nathan Sain" <njsain@antler.oursc.k12.ar.us>
>> To: <zope@zope.org>; <zope-dev@zope.org>
>> Sent: Monday, February 04, 2002 9:19 AM
>> Subject: [Zope] authenticating over XML-RPC to implement the Blogger
>> API
>>
>>
--
Nathan Sain
Deer High School IT Dept.
P.O. Box 56
Deer, AR 72628
(870)428-5433