Hi,
On 10/26/2012 08:15 PM, Barry Warsaw wrote:
One thing we need though is an authenticating proxy for the REST API so that non-localhost users can script their own changes to lists they own or are members of. We can't expose the admin REST API to non-localhost and I really don't want to have to add the authentication layer to the default REST API (at least not right now).
It's possible that such an authenticating layer could be implemented as part of Postorius, since I think Django supports REST also, and you'll *have* to be authenticated to interact with Postorius. OTOH, it would be nice if that could be provided without requiring Django.
Of course it would be nice if a public API wouldn't require Django. But we already have authorization functionality for all kinds of roles in Postorius. And to add a JSON API shouldn't be so hard.
In fact, I played around with this a little over the weekend. I didn't want to change too much of the existing authorization system, only slightly enhance it to provide a simple way for non-browser clients to log into Postorius with existing user credentials. What I came up with is a simple view decorator that checks for an HTTP Basic Auth header if the current user isn't logged in and uses these credentials to start a new Django session. Clients that can handle session cookies can use that in all concurrent requests (which makes it a little faster). Clients that don't support cookies can just send the auth header again with the next call.
Theres also an API resource that returns a json string with all mailing lists (very similar, but not identical to the one the core API returns).
If anyone's interested: I added a small proof of concept for a command line client to a private branch on launchpad. It's far from mature, just to see if the idea works... https://code.launchpad.net/~flo-fuchs/+junk/mmremote. (Please make sure to use the latest revision of Postorius).
Another thought: We will add some convenience AJAX functionality to the Postorius UI. For this alone it's worth having a number of JSON resources available. In other words: Postorius would be the first client to use its own API :-)
Cheers Florian
Cheers, -Barry
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/f%40state-of-mind....
Security Policy: http://wiki.list.org/x/QIA9