Quantcast

XMLRPC Roundup API authentication issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

XMLRPC Roundup API authentication issue

Nicolas CHAUDAN
Hello everyone,

I am trying to create an API using the client API of the XMLRPC acess to roundup which you can find
here but I have some issues regarding the authentication. Indeed, I have permission denied when I try to "lookup" or  "display" on the class user while I provided the url with the admin authentication.
So I have looked at the python file (xmlrpc.py) which implements these methods (eg display, lookup, etc...) and I have found that the method getuid (which is defined in roundupdb.py) doesn't get the right value. I mean that even if I send the admin authentication in the url he it doesn't get it and so it considers that the one who owns the connection to the database is Anonymous.
In the definition of the method getuid, there is "journaltag" and I can't figure out where it come from and I think this is the key to the resolution of my problem.

Does anyone have the same issue ?

I would appreciate your help.

Kind regards,


Nicolas Chaudan


Ce message et toutes les pièces jointes (ci-après le 'Message') sont établis à l'intention exclusive des destinataires et les informations qui y figurent sont strictement confidentielles. Toute utilisation de ce Message non conforme à sa destination, toute diffusion ou toute publication totale ou partielle, est interdite sauf autorisation expresse.

Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de le copier, de le faire suivre, de le divulguer ou d'en utiliser tout ou partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de votre système, ainsi que toutes ses copies, et de n'en garder aucune trace sur quelque support que ce soit. Nous vous remercions également d'en avertir immédiatement l'expéditeur par retour du message.

Il est impossible de garantir que les communications par messagerie électronique arrivent en temps utile, sont sécurisées ou dénuées de toute erreur ou virus.
____________________________________________________

This message and any attachments (the 'Message') are intended solely for the addressees. The information contained in this Message is confidential. Any use of information contained in this Message not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval.

If you are not the addressee, you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return message.

E-mail communication cannot be guaranteed to be timely secure, error or virus-free.


------------------------------------------------------------------------------

_______________________________________________
Roundup-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/roundup-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: XMLRPC Roundup API authentication issue

Ralf Schlatterbeck-3
On Tue, Aug 25, 2015 at 01:31:38PM +0200, Nicolas CHAUDAN wrote:

> Hello everyone,
>
> I am trying to create an API using the client API of the XMLRPC acess to
> roundup which you can find here but I have some issues regarding the
> authentication. Indeed, I have permission denied when I try to "lookup" or
>  "display" on the class user while I provided the url with the admin
> authentication.
> So I have looked at the python file (xmlrpc.py) which implements these
> methods (eg display, lookup, etc...) and I have found that the method
> getuid (which is defined in roundupdb.py) doesn't get the right value. I
> mean that even if I send the admin authentication in the url he it doesn't
> get it and so it considers that the one who owns the connection to the
> database is Anonymous.
> In the definition of the method getuid, there is "journaltag" and I can't
> figure out where it come from and I think this is the key to the
> resolution of my problem.

Im regularly using xmlrpc without problems, can you give us the URL you
are using to connect to the server (without password of course)?

Can you get a log from the roundup server side? This should tell you why
it failed. I'm sure that getuid works as advertised, so you are probably
really connected as anonymous for one reason or other.

Ralf
--
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: [hidden email]
allmenda.com member                     email: [hidden email]

------------------------------------------------------------------------------
_______________________________________________
Roundup-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/roundup-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: XMLRPC Roundup API authentication issue

Nicolas CHAUDAN
Thank you for you answer.
The URL is not the problem because I can see some classes but not all as I am considered as Anonymous. I can't set or create.
Maybe that I have to do something on Apache to allow authentication from the url.
I do not know how to get log from the server.

Nicolas


Ce message et toutes les pièces jointes (ci-après le 'Message') sont établis à l'intention exclusive des destinataires et les informations qui y figurent sont strictement confidentielles. Toute utilisation de ce Message non conforme à sa destination, toute diffusion ou toute publication totale ou partielle, est interdite sauf autorisation expresse.

Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de le copier, de le faire suivre, de le divulguer ou d'en utiliser tout ou partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de votre système, ainsi que toutes ses copies, et de n'en garder aucune trace sur quelque support que ce soit. Nous vous remercions également d'en avertir immédiatement l'expéditeur par retour du message.

Il est impossible de garantir que les communications par messagerie électronique arrivent en temps utile, sont sécurisées ou dénuées de toute erreur ou virus.
____________________________________________________

This message and any attachments (the 'Message') are intended solely for the addressees. The information contained in this Message is confidential. Any use of information contained in this Message not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval.

If you are not the addressee, you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return message.

E-mail communication cannot be guaranteed to be timely secure, error or virus-free.


------------------------------------------------------------------------------

_______________________________________________
Roundup-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/roundup-users
Loading...