[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Rtliber-help] Rtliber-help post from address@hidden requires approv
|
From: |
Yoni Rabkin |
|
Subject: |
Re: [Rtliber-help] Rtliber-help post from address@hidden requires approval |
|
Date: |
Mon, 01 Aug 2016 09:32:47 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
The code seems to work fine. However, before I install it can you please
make a could of modifications?
Since I (and many others) simply store our passwords in a different,
access restricted, file which is later loaded by .emacs, I want there to
be the option of still using the old method of providing
authentication. Can you please modify your code so that people who want
to use the old method can still do that? Perhaps based on a
customization option (for example
`rt-liberation-rest-use-auth-source-p').
Finally, please update the manual with instructions on how to configure
and use the new authentication method and send a separate documentation
patch.
Thank you!
> Dear Yoni,
>
> I've recently started using rt-liberation, and it's great.
>
> However, I was a bit confused about how it handles user credentials. The
> only way I see to set the password is to store it in the
> rt-liber-rest-password variable.
>
> Since I didn't want to put my plaintext password in my .emacs, I added
> some code to rt-liberation-rest to use auth-source to handle user
> credentials (the code is a modified version of nnimap-credentials).
>
> While I was at it, I also moved the credentials to the data part of the
> http request, instead of sending them in the query string. I think
> it's a bit safer this way.
>
> I'm attaching the patch with these changes, in case you're interested.
>
>
> Regards,
> Juan
>
>
>
> diff --git a/rt-liberation-rest.el b/rt-liberation-rest.el
> index b46867c..fd0b860 100644
> --- a/rt-liberation-rest.el
> +++ b/rt-liberation-rest.el
> @@ -31,6 +31,7 @@
>
> (require 'url)
> (require 'url-util)
> +(require 'auth-source)
>
>
> (defvar rt-liber-rest-debug-buffer-name "*rt-liber-rest debug log*"
> @@ -65,73 +66,73 @@
> (goto-char (point-max))
> (insert str))))
>
> -(defun rt-liber-rest-search-string (scheme url username password query)
> +(defun rt-liber-rest-search-string (scheme url query)
> "Return the search query string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/search/ticket" "?"
> - "user=" user "&"
> - "pass=" pass "&"
> - "query=" (url-encode-url query) "&"
> - "format=i" "&"
> - "orderby=+Created")))
> -
> -(defun rt-liber-rest-show-string (scheme url ticket-id-list username
> password query)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/search/ticket" "?"
> + "query=" (url-encode-url query) "&"
> + "format=i" "&"
> + "orderby=+Created"))
> +
> +(defun rt-liber-rest-show-string (scheme url ticket-id-list query)
> "Return the ticket show string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/ticket/" ticket-id-list
> - "/show" "?"
> - "user=" user "&"
> - "pass=" pass "&")))
> -
> -(defun rt-liber-rest-history-string (scheme url ticket-id username password)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/ticket/" ticket-id-list
> + "/show"))
> +
> +(defun rt-liber-rest-history-string (scheme url ticket-id)
> "Return the ticket show string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/ticket/" ticket-id
> - "/history" "?"
> - "format=l" "&"
> - "user=" user "&"
> - "pass=" pass)))
> -
> -(defun rt-liber-rest-command-edit-string (scheme url ticket-id username
> password)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/ticket/" ticket-id
> + "/history" "?"
> + "format=l"))
> +
> +(defun rt-liber-rest-command-edit-string (scheme url ticket-id)
> "Return the ticket edit string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/ticket/" ticket-id
> - "/edit" "?"
> - "user=" user "&"
> - "pass=" pass)))
> -
> -(defun rt-liber-rest-call (url)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/ticket/" ticket-id
> + "/edit"))
> +
> +(defun rt-liber-rest-call (url username)
> "Perform a REST call with URL."
> - (let ((url-request-method "POST"))
> - (let ((response
> - (url-retrieve-synchronously url))
> - str)
> - (setq str
> - (decode-coding-string
> - (with-current-buffer response
> - (buffer-substring-no-properties (point-min)
> - (point-max)))
> - 'utf-8))
> -
> - (rt-liber-rest-write-debug
> - (format "outgoing rest call -->\n%s\n<-- incoming\n%s\n" url str))
> - str)))
> + (let* ((auth-source-creation-prompts
> + '((user . "RT user at %h: ")
> + (secret . "RT password for address@hidden: ")))
> + (auth (nth 0 (auth-source-search :max 1
> + :host (car (split-string
> rt-liber-rest-url "/"))
> + :user username
> + :require '(user secret)
> + :create t)))
> + (user (url-encode-url (plist-get auth :user)))
> + (secret (plist-get auth :secret))
> + (password (url-encode-url
> + (if (functionp secret)
> + (funcall secret)
> + secret)))
> + (url-request-method "POST")
> + (url-request-extra-headers
> + '(("Content-Type" . "application/x-www-form-urlencoded")))
> + (url-request-data (concat "user=" user "&" "pass=" password))
> + (response (url-retrieve-synchronously url))
> + str)
> + (setq str
> + (decode-coding-string
> + (with-current-buffer response
> + (buffer-substring-no-properties (point-min)
> + (point-max)))
> + 'utf-8))
> +
> + (rt-liber-rest-write-debug
> + (format "outgoing rest call -->\n%s\n<-- incoming\n%s\n" url str))
> + str))
>
> (defun rt-liber-rest-query-runner (op query-string)
> "Run OP on QUERY-STRING."
> @@ -142,24 +143,21 @@
> (rt-liber-rest-call
> (rt-liber-rest-search-string rt-liber-rest-scheme
> rt-liber-rest-url
> - rt-liber-rest-username
> - rt-liber-rest-password
> - query-string)))
> + query-string)
> + rt-liber-rest-username))
> ((string= op "show")
> (rt-liber-rest-call
> (rt-liber-rest-show-string rt-liber-rest-scheme
> rt-liber-rest-url
> query-string
> - rt-liber-rest-username
> - rt-liber-rest-password
> - query-string)))
> + query-string)
> + rt-liber-rest-username))
> ((string= op "history")
> (rt-liber-rest-call
> (rt-liber-rest-history-string rt-liber-rest-scheme
> rt-liber-rest-url
> - query-string
> - rt-liber-rest-username
> - rt-liber-rest-password)))
> + query-string)
> + rt-liber-rest-username))
> (t (error "unknown op [%s]" op))))
>
> (defun rt-liber-rest-parse-http-header ()
> @@ -260,9 +258,7 @@
> (rt-liber-rest-command-edit-string
> rt-liber-rest-scheme
> rt-liber-rest-url
> - ticket-id
> - rt-liber-rest-username
> - rt-liber-rest-password)))
> + ticket-id)))
> (rt-liber-rest-handle-response response-buffer)))
> (message "edit command ended at %s" (current-time-string)))
>
>
> ----------
>
> From: address@hidden
> Subject: confirm 743a7e0ae4008786232bdcef809a0b7a66c07b51
> Date: Sat, 30 Jul 2016 12:36:53 -0400
> Date: Sat, 30 Jul 2016 12:36:53 -0400 (1 day, 20 hours, 51 minutes ago)
>
> If you reply to this message, keeping the Subject: header intact,
> Mailman will discard the held message. Do this if the message is
> spam. If you reply to this message and include an Approved: header
> with the list password in it, the message will be approved for posting
> to the list. The Approved: header can also appear in the first line
> of the body of the reply.
> ----------
>
--
"Cut your own wood and it will warm you twice"
- Re: [Rtliber-help] Rtliber-help post from address@hidden requires approval,
Yoni Rabkin <=