= Description = Background: When upgrading from 1.8.5 to 1.8.7 our XMLRPC stuff broke due to pretty silent change http://hg.moinmo.in/moin/1.8/rev/28d3928f6e6e which changed XMLRPC getAuthToken/applyAuthToken to be the only way to auth XMLRPC. Well, such is life and we scrambled to check our stuff, however there was a twist into it. Bug: XMLRPC getAuthToken return empty token if auth backend is ''HTTPAuth''. This is due to getAuthToken code trying to call ''login'' in chosen auth handler and HTTPAuth implementing only ''request'' auth handling, not ''login'' (or ''logout'') handling. Thus {{{getAuthToken}}} always gets {{{None}}} as return value from auth handler for ''login'' event. Should either {{{getAuthToken}}} call auth for request mode or ''HTTPAuth'' implement ''login'' method? == Steps to reproduce == ## Describe the steps needed to reproduce the bug. If we can't reproduce it, we probably can't fix it. 1. Install MoinMoin 1.8.7 1. Configure Wiki Instance {{{ ... from MoinMoin.auth.http import HTTPAuth auth = [HTTPAuth(autocreate=True)] actions_excluded = [] ... }}} 1. Configure HTTP Basic Auth e.g. on apache in the front of the Wiki 1. Run (or similar to test {{{getAuthToken}}}) {{{ import xmlrpclib wiki = xmlrpclib.ServerProxy("https://%s:%s@wikihost/?action=xmlrpc2" % (username, password)) auth_token = wiki.getAuthToken(username, password) mc = xmlrpclib.MultiCall(wiki) mc.applyAuthToken(auth_token) mc.getPage("FrontPage") result = mc() }}} 1. Observe {{{auth_token}}} to be empty (empty on 1.8.5 and 1.8.7, and on 1.8.7 subsequent calls to fail) == Example == ##Add URL that show the bug, screenshot or test wiki markup that fail... ##URL: ##{{attachment:screenshot.png}} ##{{{ ##Example wiki markup that fail ##}}} == Component selection == ## Where you think is this bug happening ? (general, plugin [plugin name], theme [theme name], ... * XMLRPC == Details == ## If you got a traceback, please save the traceback page as html and attach here: ## [[attachment:traceback.html]] ## if the bug is in this wiki, just kill the table and write: This Wiki. ## If a traceback is not available, please fill in the details here: || '''!MoinMoin Version''' || Tested on 1.8.5 and 1.8.7 || || '''OS and Version''' || || || '''Python Version''' || || || '''Server Setup''' || || || '''Server Details''' || || || '''Language you are using the wiki in''' (set in the browser/UserPreferences) || || == Workaround == Patch for {{{xmlrpc/__init__.py}}} for MoinMoin 1.8.7 to change auth handler to be called in ''request'' mode instead of ''login'' mode which has not been implemented for the HTTPAuth backend. {{{ --- __init__.py.orig 2010-02-23 13:01:54.000000000 +0200 +++ __init__.py 2010-02-23 15:20:16.000000000 +0200 @@ -692,7 +692,7 @@ u = self.request.cfg.session_handler.start(self.request, id_handler) u = self.request.handle_auth(u, username=username, - password=password, login=True) + password=password) self.request.cfg.session_handler.after_auth(self.request, id_handler, u) }}} = Discussion = * Sorry about the breakage, it was for fixing a security issue. I'll review your patch later. * A: No prob and thanks for great software. My patch in the workaround might not be the way (or even secure) to go for everyone, just happened to work for us as a workaround with the HTTPAuth backend. Auth backends had some abstraction layers in front of them so weren't sure what is the "proper" fix and did't quite follow ''login'' and ''request'' logic. Furthermore the session stuff has changed quite a bit in 1.9. However it would be nice that {{{getAuthToken}}} would somehow still work with 1.8.x and HTTPAuth backend (with this workaround if it is safe in these conditions or with a better fix) since the XMLRPC support has been very useful at least for us. :) = Plan = ## This part is for Moin``Moin developers: * Priority: * Assigned to: * Status: ---- ## If you are a moin core developer, replace the category to Category* in these cases: ## Category MoinMoinNoBug - if this is not a bug. ## Category MoinMoinBugConfirmed - if you can confirm the bug on current code. ## Category MoinMoinBugFixed - after the bug is fixed in current code. CategoryMoinMoinBug