#3831 Trac XMLRPC interface is broken
Closed: Fixed None Opened 10 years ago by mkosek.

Trac XMLRPC interface is broken:

{{{
$ python
Python 2.7.3 (default, Aug 9 2012, 17:23:57)
[GCC 4.7.1 20120720 (Red Hat 4.7.1-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.

from xmlrpclib import ServerProxy
p = ServerProxy('https://mkosek:PASSWORD@fedorahosted.org/freeipa/login/rpc')
p.system.getAPIVersion()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/xmlrpclib.py", line 1224, in call
return self.__send(self.__name, args)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1578, in __request
verbose=self.__verbose
File "/usr/lib64/python2.7/xmlrpclib.py", line 1264, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1297, in single_request
return self.parse_response(response)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1473, in parse_response
return u.close()
File "/usr/lib64/python2.7/xmlrpclib.py", line 791, in close
raise ResponseError()
xmlrpclib.ResponseError: ResponseError()

}}}


This is expected behavior as we switched to OpenID, so the /login handler should not be operational anymore (it has been like that for quite some time already).

The error is mainly because /login now also doesn't ask for username/password anymore (they were being ignored anyway).

Have you tried this code before yesterday as well?

I used code like this yesterday and it worked.

If this is true and I cannot authenticate this way (although this way is documented in the Trac RPC API documentation [https://fedorahosted.org/freeipa/rpc here]), can you please provide an example how should I authenticate with OpenID or a link to any example so that I can use XMLRPC in Python again?

Then your code probably does not need authentication, or it has been a bug on our side: the built-in authentication mechanism described in the Trac documentation should have been disabled a long time ago already.

Regarding authentication with OpenID: I am afraid that this is a very hard thing to do automated, until our OAuth systems are in place.

Could you please tell me what you're trying to accomplish with your code?

I found out that my code worked because it only read information from Trac, but did not do any changes. You are right on that part.

However, there are other internal tools or web applications where I need to authenticate to Trac so that they can also do write operations, e.g. create new tickets (RPC call ''ticket.create''). That's why I need some way to authenticate to Trac in Python.

If this is not possible, it's a show-stopper for our internal tool chain.

For the record:

I have modified the hotfix to authopenid.py to only listen on /login, and not listen on /login/* anymore.
I also modified hosted.conf to only require http basic auth on /login/xmlrpc.

Both of these changes make it so that this use case (xmlrpc) is still possible, while also giving the user the option to login at /login (as most of the "access denied" messages from trac redirect there).

I am leaving this ticket open to make sure to port this as well to our centralized authorization system once that is in place (OAuth).

For now, I'm going to close this ticket.

When we finally get OAuth in place, I'll send an announcement.

Login to comment on this ticket.

Metadata