Partly OT: Authenticating a Script
Paul Sargent
something similar.
I'm thinking that I'd like to have a way of creating blog entries via
some kind of e-mail to blog gateway. In essence I don't think this is a
hard thing, but I've got a hole in my thinking that I could do with
some help filling.
Basic Plan:
1. Some machine somewhere receives the e-mail.
2. It recognises it as a blog entry, and passes it to a script.
3. Script does a 'POST' to the django view to create the entry.
1 & 2 are completely off topic, and quite simple really, so no need to
go into them.
3 is reasonably simple, but I want this to have some form of
authorization. Django's normal authorization framework seems rather
awkward, because I'd need my script to go through a login process to
get the right cookie (right?).
Any other suggestions for authenticating in the view?
Waylan Limberg
>
>
> 3 is reasonably simple, but I want this to have some form of
> authorization. Django's normal authorization framework seems rather
> awkward, because I'd need my script to go through a login process to
> get the right cookie (right?).
>
> Any other suggestions for authenticating in the view?
>
>
Hmm, I guess I would create a separate "view" which does not have any
url mapped to it. As it is not available publicly (over http), do you
really need any other authentication than the systems file
permissions? Of course, you may need to write a little more code to
make sure everything is available that you would normally get via an
http request but that shouldn't be to difficult.
--
----
Waylan Limberg
way...@gmail.com
Ivan Sagalaev
> 3 is reasonably simple, but I want this to have some form of
> authorization. Django's normal authorization framework seems rather
> awkward, because I'd need my script to go through a login process to
> get the right cookie (right?).
>
> Any other suggestions for authenticating in the view?
You can use HTTP Authorization for this. In one of my projects I need to
handle not only clients with regular browsers but also download managers
for which redirects to the login view would be useless. I've made a
small middleware (attached) that does HTTP authorization. It works after
standard Django's authorization and checks if user is already
authenticated that way and if not tries HTTP auth.
The tricky part that you should write is choosing what to answer a
non-authorized user: redirect it to the login page or just answer "401
not authorized". This really depends on your project. You can check for
specific URLs that should be accessed only by non-browser clients or
some custom HTTP header set in request by your script.
Paul Sargent
Waylan Limberg wrote:
> Hmm, I guess I would create a separate "view" which does not have any
> url mapped to it. As it is not available publicly (over http), do you
> really need any other authentication than the systems file
> permissions? Of course, you may need to write a little more code to
> make sure everything is available that you would normally get via an
> http request but that shouldn't be to difficult.
I was intending that the e-mail wasn't recieved on the same machine as
the blog is served from. Hence the http step.
Ivan Sagalaev wrote :
> You can use HTTP Authorization for this. In one of my projects I need to
> handle not only clients with regular browsers but also download managers
> for which redirects to the login view would be useless. I've made a
> small middleware (attached) that does HTTP authorization. It works after
> standard Django's authorization and checks if user is already
> authenticated that way and if not tries HTTP auth.
That sounds interesting. I'll take a look see if it fits.
Thanks