My thoughts as well. As far as I can tell here are my options: I look at the CookieCrumbler last night, and wondered if I can use the BeforeTraversehook that it uses. ZPublisher calls request.processInputs() before traversal right? If thatis so then request should have the args from the XML-RPC message by the time BeforeTraverse kicks in. If the username,password pair is prefixed with 'zid' and 'zpw' orsome other recognizable prefix I think BeforeTraverse can pick out the username,password from request.args and do the auth magic right? It may be possible to hijack the SecurityManager with a external method, but thisseems dangerous. Any other ideas?
I don't think basic auth is going to cut it. The API wants username and password to be passed as arguments. Probably need to hack a user folder implementation.
----- Original Message ----- From: "Andy" <andy@agmweb.ca> To: <njsain@antler.oursc.k12.ar.us>; <zope@zope.org>; <zope-dev@zope.org> Sent: Sunday, February 03, 2002 10:33 PM Subject: Re: [Zope] authenticating over XML-RPC to implement the Blogger API
ZSyncer does user authentication over xmlrpc via xmlrpclibBasicAuth.py, download it and take a look.
----- Original Message ----- From: "Nathan Sain" <njsain@antler.oursc.k12.ar.us> To: <zope@zope.org>; <zope-dev@zope.org> Sent: Monday, February 04, 2002 9:19 AM Subject: [Zope] authenticating over XML-RPC to implement the Blogger API
-- Nathan Sain Deer High School IT Dept. P.O. Box 56 Deer, AR 72628 (870)428-5433