[Mailman-Developers] Listadmin and other alternate interfaces for Mailman
Barry Warsaw
barry at list.org
Wed Nov 7 22:58:46 CET 2012
On Nov 05, 2012, at 09:18 PM, Florian Fuchs wrote:
>Of course it would be nice if a public API wouldn't require Django. But we
>already have authorization functionality for all kinds of roles in
>Postorius. And to add a JSON API shouldn't be so hard.
I think it's great for Postorius to provide an authenticated API. The beauty
of our approach is that if someone wants to start a separate project for a
Django-less authenticated API, there's nothing stopping them.
>In fact, I played around with this a little over the weekend. I didn't want
>to change too much of the existing authorization system, only slightly
>enhance it to provide a simple way for non-browser clients to log into
>Postorius with existing user credentials. What I came up with is a simple
>view decorator that checks for an HTTP Basic Auth header if the current user
>isn't logged in and uses these credentials to start a new Django
>session. Clients that can handle session cookies can use that in all
>concurrent requests (which makes it a little faster). Clients that don't
>support cookies can just send the auth header again with the next call.
Does Django support OAuth? If so, I think that will be better in the long run
than Basic AUTH, though I think both must be used over HTTPS for security
reasons.
I had some very interesting discussions with one of the original OAuth authors
at UDS-R, and while v1 has its issues, v2 seems to be even worse. Yet, it
seems like the best option out there if users want to use applications without
having to provide their login credentials directly.
Fortunately, there are several Python libraries that support at least OAuth
v1, although the library I'm currently liking is liboauth, which supports both
v1 (client) and the draft for v2. As I understand it, only Facebook's API
requires v2; most services support v1 and it's not that hard to support on
both the client and server.
>Theres also an API resource that returns a json string with all mailing lists
>(very similar, but not identical to the one the core API returns).
>
>If anyone's interested: I added a small proof of concept for a command line
>client to a private branch on launchpad. It's far from mature, just to see if
>the idea
>works... https://code.launchpad.net/~flo-fuchs/+junk/mmremote. (Please make
>sure to use the latest revision of Postorius).
>
>Another thought: We will add some convenience AJAX functionality to the
>Postorius UI. For this alone it's worth having a number of JSON resources
>available. In other words: Postorius would be the first client to use its own
>API :-)
I *love* eating my own dogfood. :)
-Barry
More information about the Mailman-Developers
mailing list