[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Rtliber-help] Rtliber-help post from address@hidden requires approv
|
From: |
Yoni Rabkin |
|
Subject: |
Re: [Rtliber-help] Rtliber-help post from address@hidden requires approval |
|
Date: |
Sat, 30 Jul 2016 23:16:29 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
> From: address@hidden
> Subject: User credentials
> To: address@hidden
> Date: Sat, 30 Jul 2016 13:36:23 -0300 (10 hours, 37 minutes, 46 seconds ago)
>
> Dear Yoni,
>
> I've recently started using rt-liberation, and it's great.
>
> However, I was a bit confused about how it handles user credentials. The
> only way I see to set the password is to store it in the
> rt-liber-rest-password variable.
>
> Since I didn't want to put my plaintext password in my .emacs, I added
> some code to rt-liberation-rest to use auth-source to handle user
> credentials (the code is a modified version of nnimap-credentials).
>
> While I was at it, I also moved the credentials to the data part of the
> http request, instead of sending them in the query string. I think
> it's a bit safer this way.
>
> I'm attaching the patch with these changes, in case you're interested.
Thank you for the patch. I'll review this as soon as I can for inclusion
into rt-liberation.
> Regards,
> Juan
>
>
>
> diff --git a/rt-liberation-rest.el b/rt-liberation-rest.el
> index b46867c..fd0b860 100644
> --- a/rt-liberation-rest.el
> +++ b/rt-liberation-rest.el
> @@ -31,6 +31,7 @@
>
> (require 'url)
> (require 'url-util)
> +(require 'auth-source)
>
>
> (defvar rt-liber-rest-debug-buffer-name "*rt-liber-rest debug log*"
> @@ -65,73 +66,73 @@
> (goto-char (point-max))
> (insert str))))
>
> -(defun rt-liber-rest-search-string (scheme url username password query)
> +(defun rt-liber-rest-search-string (scheme url query)
> "Return the search query string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/search/ticket" "?"
> - "user=" user "&"
> - "pass=" pass "&"
> - "query=" (url-encode-url query) "&"
> - "format=i" "&"
> - "orderby=+Created")))
> -
> -(defun rt-liber-rest-show-string (scheme url ticket-id-list username
> password query)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/search/ticket" "?"
> + "query=" (url-encode-url query) "&"
> + "format=i" "&"
> + "orderby=+Created"))
> +
> +(defun rt-liber-rest-show-string (scheme url ticket-id-list query)
> "Return the ticket show string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/ticket/" ticket-id-list
> - "/show" "?"
> - "user=" user "&"
> - "pass=" pass "&")))
> -
> -(defun rt-liber-rest-history-string (scheme url ticket-id username password)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/ticket/" ticket-id-list
> + "/show"))
> +
> +(defun rt-liber-rest-history-string (scheme url ticket-id)
> "Return the ticket show string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/ticket/" ticket-id
> - "/history" "?"
> - "format=l" "&"
> - "user=" user "&"
> - "pass=" pass)))
> -
> -(defun rt-liber-rest-command-edit-string (scheme url ticket-id username
> password)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/ticket/" ticket-id
> + "/history" "?"
> + "format=l"))
> +
> +(defun rt-liber-rest-command-edit-string (scheme url ticket-id)
> "Return the ticket edit string."
> - (let ((user (url-encode-url username))
> - (pass (url-encode-url password)))
> - (concat scheme
> - "://"
> - url
> - "/REST/1.0/ticket/" ticket-id
> - "/edit" "?"
> - "user=" user "&"
> - "pass=" pass)))
> -
> -(defun rt-liber-rest-call (url)
> + (concat scheme
> + "://"
> + url
> + "/REST/1.0/ticket/" ticket-id
> + "/edit"))
> +
> +(defun rt-liber-rest-call (url username)
> "Perform a REST call with URL."
> - (let ((url-request-method "POST"))
> - (let ((response
> - (url-retrieve-synchronously url))
> - str)
> - (setq str
> - (decode-coding-string
> - (with-current-buffer response
> - (buffer-substring-no-properties (point-min)
> - (point-max)))
> - 'utf-8))
> -
> - (rt-liber-rest-write-debug
> - (format "outgoing rest call -->\n%s\n<-- incoming\n%s\n" url str))
> - str)))
> + (let* ((auth-source-creation-prompts
> + '((user . "RT user at %h: ")
> + (secret . "RT password for address@hidden: ")))
> + (auth (nth 0 (auth-source-search :max 1
> + :host (car (split-string
> rt-liber-rest-url "/"))
> + :user username
> + :require '(user secret)
> + :create t)))
> + (user (url-encode-url (plist-get auth :user)))
> + (secret (plist-get auth :secret))
> + (password (url-encode-url
> + (if (functionp secret)
> + (funcall secret)
> + secret)))
> + (url-request-method "POST")
> + (url-request-extra-headers
> + '(("Content-Type" . "application/x-www-form-urlencoded")))
> + (url-request-data (concat "user=" user "&" "pass=" password))
> + (response (url-retrieve-synchronously url))
> + str)
> + (setq str
> + (decode-coding-string
> + (with-current-buffer response
> + (buffer-substring-no-properties (point-min)
> + (point-max)))
> + 'utf-8))
> +
> + (rt-liber-rest-write-debug
> + (format "outgoing rest call -->\n%s\n<-- incoming\n%s\n" url str))
> + str))
>
> (defun rt-liber-rest-query-runner (op query-string)
> "Run OP on QUERY-STRING."
> @@ -142,24 +143,21 @@
> (rt-liber-rest-call
> (rt-liber-rest-search-string rt-liber-rest-scheme
> rt-liber-rest-url
> - rt-liber-rest-username
> - rt-liber-rest-password
> - query-string)))
> + query-string)
> + rt-liber-rest-username))
> ((string= op "show")
> (rt-liber-rest-call
> (rt-liber-rest-show-string rt-liber-rest-scheme
> rt-liber-rest-url
> query-string
> - rt-liber-rest-username
> - rt-liber-rest-password
> - query-string)))
> + query-string)
> + rt-liber-rest-username))
> ((string= op "history")
> (rt-liber-rest-call
> (rt-liber-rest-history-string rt-liber-rest-scheme
> rt-liber-rest-url
> - query-string
> - rt-liber-rest-username
> - rt-liber-rest-password)))
> + query-string)
> + rt-liber-rest-username))
> (t (error "unknown op [%s]" op))))
>
> (defun rt-liber-rest-parse-http-header ()
> @@ -260,9 +258,7 @@
> (rt-liber-rest-command-edit-string
> rt-liber-rest-scheme
> rt-liber-rest-url
> - ticket-id
> - rt-liber-rest-username
> - rt-liber-rest-password)))
> + ticket-id)))
> (rt-liber-rest-handle-response response-buffer)))
> (message "edit command ended at %s" (current-time-string)))
>
>
> ----------
>
> From: address@hidden
> Subject: confirm 743a7e0ae4008786232bdcef809a0b7a66c07b51
> Date: Sat, 30 Jul 2016 12:36:53 -0400
> Date: Sat, 30 Jul 2016 12:36:53 -0400 (10 hours, 37 minutes, 16 seconds ago)
>
> If you reply to this message, keeping the Subject: header intact,
> Mailman will discard the held message. Do this if the message is
> spam. If you reply to this message and include an Approved: header
> with the list password in it, the message will be approved for posting
> to the list. The Approved: header can also appear in the first line
> of the body of the reply.
> ----------
>
--
"Cut your own wood and it will warm you twice"
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Rtliber-help] Rtliber-help post from address@hidden requires approval,
Yoni Rabkin <=