Fwd How do I know if I need to re-authenticate

Just forwarding this email thread as it might benefit others as Holger suggested. On 11/20/13 11:19 AM, "holger krekel" <hol...@merlinux.eu> wrote:
hi Laurent,
On Wed, Nov 20, 2013 at 19:07 +0000, Brack, Laurent P. wrote:
Hi Holger,
Thanks a lot for the clarification. Something strange though as even if I am logged in, the simple case shows that I am not logged in
$ devpi login lpbrac password for user lpbrac: logged in 'lpbrac', credentials valid for 10.00 hours
$ devpi use using index: http://devpi-eu.dolby.net/lpbrac/dev/ (logged in as lpbrac)
$ curl http://devpi-eu.dolby.net/lpbrac/dev/+api { "type": "apiconfig", "result": { "index": "http://devpi-eu.dolby.net/lpbrac/dev/", "authstatus": [ "noauth", "" ], "simpleindex": "http://devpi-eu.dolby.net/lpbrac/dev/+simple/", "login": "http://devpi-eu.dolby.net/+login", "pypisubmit": "http://devpi-eu.dolby.net/lpbrac/dev/", "resultlog": "http://devpi-eu.dolby.net/+tests" } }
Indeed, as you found out below, you need to send the auth information along with the +api request for the server to tell you if it's actual/valid. (The "curl" request could come from any user as it stands).
cheers, holger
Looking a little more into it (wrireshark), I found out that the major difference is that the local authentication token is embedded in the request.
Basically here is the example
In [7]: from requests import *
In [8]: session = Session()
In [10]: r = session.request("get", url = "http://devpi-eu.dolby.net/lpbrac/dev/+api", auth=None)
In [11]: r.json() Out[11]: {u'result': {u'authstatus': [u'noauth', u''], u'index': u'http://devpi-eu.dolby.net/lpbrac/dev/', u'login': u'http://devpi-eu.dolby.net/+login', u'pypisubmit': u'http://devpi-eu.dolby.net/lpbrac/dev/', u'resultlog': u'http://devpi-eu.dolby.net/+tests', u'simpleindex': u'http://devpi-eu.dolby.net/lpbrac/dev/+simple/'}, u'type': u'apiconfig'}
In [13]: auth = s._devpi_cfg.get_auth()
In [14]: r = session.request("get", url = "http://devpi-eu.dolby.net/lpbrac/dev/+api", auth=auth)
In [15]: r.json() Out[15]: {u'result': {u'authstatus': [u'ok', u'lpbrac'], u'index': u'http://devpi-eu.dolby.net/lpbrac/dev/', u'login': u'http://devpi-eu.dolby.net/+login', u'pypisubmit': u'http://devpi-eu.dolby.net/lpbrac/dev/', u'resultlog': u'http://devpi-eu.dolby.net/+tests', u'simpleindex': u'http://devpi-eu.dolby.net/lpbrac/dev/+simple/'}, u'type': u'apiconfig'}
In [16]:
Thanks for the hintÅ I learnt something in the process.
/Laurent
On 11/20/13 5:35 AM, "holger krekel" <hol...@merlinux.eu<mailto:hol...@merlinux.eu>> wrote:
Hi Laurent,
On Wed, Nov 20, 2013 at 00:47 +0000, Brack, Laurent P. wrote: Hi Holger, I am trying to determine if I need to re-authenticate from time to time (that is, even though I have the password key in the devpi client store, it might be expired on the server side).
When I perform a devpi use, I see the following
SREQ* * * * * * * * * * * * * * * * * * * * * * * * * method get url http://devpi-eu.dolby.net/lpbrac/dev/+api kvdict None EREQ* * * * * * * * * * * * * * * * * * * * * * * * * <<< SRESP* * * * * * * * * * * * * * * * * * * * * * * * * STATUS CODE: 200 REASON: OK RESULT: {u'authstatus': [u'ok', u'lpbrac'], u'index': u'http://devpi-eu.dolby.net/lpbrac/dev/', u'login': u'http://devpi-eu.dolby.net/+login', u'pypisubmit': u'http://devpi-eu.dolby.net/lpbrac/dev/', u'resultlog': u'http://devpi-eu.dolby.net/+tests', u'simpleindex': u'http://devpi-eu.dolby.net/lpbrac/dev/+simple/'} MESSAGE: <<< ERESP* * * * * * * * * * * * * * * * * * * * * * * * * which is processed by Current.configure_fromurl. So basically, if I perform a get the +api resource, how do I get the authentication status from the server side?
In theory the "authstatus" above should tell if the login is "expired" (instead of "ok"), also according to devpi_server/view.py:117 and devpi_server/auth.py.
So i guess you can do something like this::
r = requests.get("http://devpi-eu.dolby.net/lpbrac/dev/+api") status = r.json()["result"]["authstatus"] if status[0] != "ok": # need to re-login
hope that helps.
On a side note, i'd prefer to discuss such questions over the mailing list so that more people profit from the discussion.
cheers, holger
I hope my question is clear. Thanks in advance /Laurent
participants (1)
-
Laurent Brack