* Refactor XMLRPC interface.

* Make it accessible through web-server.

Author: stefanseefeld

roundup/cgi/client.py

@@ -16,6 +16,7 @@
 from roundup.cgi.form_parser import FormParser
 from roundup.mailer import Mailer, MessageSendError
 from roundup.cgi import accept_language
+from roundup import xmlrpc
 
 def initialiseSecurity(security):
     '''Create some Permissions and Roles on the security object
@@ -354,10 +355,41 @@ def main(self):
         """ Wrap the real main in a try/finally so we always close off the db.
         """
         try:
-            self.inner_main()
+            if self.env.get('CONTENT_TYPE') == 'text/xml':
+                self.handle_xmlrpc()
+            else:
+                self.inner_main()
         finally:
             if hasattr(self, 'db'):
                 self.db.close()
+
+
+    def handle_xmlrpc(self):
+
+        # Pull the raw XML out of the form.  The "value" attribute
+        # will be the raw content of the POST request.
+        assert self.form.file
+        input = self.form.value
+        # So that the rest of Roundup can query the form in the
+        # usual way, we create an empty list of fields.
+        self.form.list = []
+
+        # Set the charset and language, since other parts of
+        # Roundup may depend upon that.
+        self.determine_charset()
+        self.determine_language()
+        # Open the database as the correct user.
+        self.determine_user()
+
+        # Call the appropriate XML-RPC method.
+        handler = xmlrpc.RoundupDispatcher(self.db, self.userid, self.translator,
+                                           allow_none=True)
+        output = handler.dispatch(input)
+        self.db.commit()
+
+        self.setHeader("Content-Type", "text/xml")
+        self.setHeader("Content-Length", str(len(output)))
+        self.write(output)
 
     def inner_main(self):
         """Process a request.

roundup/scripts/roundup_xmlrpc_server.py

@@ -5,20 +5,113 @@
 # For license terms see the file COPYING.txt.
 #
 
-import getopt, os, sys, socket
-from roundup.xmlrpc import RoundupServer, RoundupRequestHandler
+import base64, getopt, os, sys, socket, urllib
+from roundup.xmlrpc import translate
+from roundup.xmlrpc import RoundupInstance
+import roundup.instance
 from roundup.instance import TrackerError
+from roundup.cgi.exceptions import Unauthorised
 from SimpleXMLRPCServer import SimpleXMLRPCServer
+from SimpleXMLRPCServer import SimpleXMLRPCRequestHandler
+
+
+class RequestHandler(SimpleXMLRPCRequestHandler):
+    """A SimpleXMLRPCRequestHandler with support for basic
+    HTTP Authentication."""
+
+    TRACKER_HOMES = {}
+    TRACKERS = {}
+
+    def is_rpc_path_valid(self):
+        path = self.path.split('/')
+        name = urllib.unquote(path[1]).lower()
+        return name in self.TRACKER_HOMES
+
+    def get_tracker(self, name):
+        """Return a tracker instance for given tracker name."""
+
+        if name in self.TRACKERS:
+            return self.TRACKERS[name]
+
+        if name not in self.TRACKER_HOMES:
+            raise Exception('No such tracker "%s"'%name)
+        tracker_home = self.TRACKER_HOMES[name]
+        tracker = roundup.instance.open(tracker_home)
+        self.TRACKERS[name] = tracker
+        return tracker
+
+
+    def authenticate(self, tracker):
+
+        
+        # Try to extract username and password from HTTP Authentication.
+        username, password = None, None
+        authorization = self.headers.get('authorization', ' ')
+        scheme, challenge = authorization.split(' ', 1)
+
+        if scheme.lower() == 'basic':
+            decoded = base64.decodestring(challenge)
+            username, password = decoded.split(':')
+        if not username:
+            username = 'anonymous'
+        db = tracker.open('admin')
+        try:
+            userid = db.user.lookup(username)
+        except KeyError: # No such user
+            db.close()
+            raise Unauthorised, 'Invalid user'
+        stored = db.user.get(userid, 'password')
+        if stored != password:
+            # Wrong password
+            db.close()
+            raise Unauthorised, 'Invalid user'
+        db.setCurrentUser(username)
+        return db
+
+
+    def do_POST(self):
+        """Extract username and password from authorization header."""
+
+        db = None
+        try:
+            path = self.path.split('/')
+            tracker_name = urllib.unquote(path[1]).lower()
+            tracker = self.get_tracker(tracker_name)
+            db = self.authenticate(tracker)
+
+            instance = RoundupInstance(db, None)
+            self.server.register_instance(instance)
+            SimpleXMLRPCRequestHandler.do_POST(self)
+        except Unauthorised, message:
+            self.send_error(403, '%s (%s)'%(self.path, message))
+        except:
+            if db:
+                db.close()
+            exc, val, tb = sys.exc_info()
+            print exc, val, tb
+            raise
+        if db:
+            db.close()
+
+
+class Server(SimpleXMLRPCServer):
+
+    def _dispatch(self, method, params):
+
+        retn = SimpleXMLRPCServer._dispatch(self, method, params)
+        retn = translate(retn)
+        return retn
+
 
 def usage():
-    print """
+    print """Usage: %s: [options] [name=tracker home]+
 
 Options:
  -i instance home  -- specify the issue tracker "home directory" to administer
  -V                -- be verbose when importing
  -p, --port <port> -- port to listen on
 
-"""
+"""%sys.argv[0]
 
 def run():
 
@@ -30,38 +123,42 @@ def run():
         return 1
 
     verbose = False
-    tracker = ''
     port = 8000
     encoding = None
 
     for opt, arg in opts:
         if opt == '-V':
             verbose = True
-        elif opt == '-i':
-            tracker = arg
         elif opt in ['-p', '--port']:
             port = int(arg)
         elif opt in ['-e', '--encoding']:
             encoding = encoding
 
-        if sys.version_info[0:2] < (2,5):
-            if encoding:
-                print 'encodings not supported with python < 2.5'
-                sys.exit(-1)
-            server = SimpleXMLRPCServer(('', port), RoundupRequestHandler)
-        else:
-            server = SimpleXMLRPCServer(('', port), RoundupRequestHandler,
-                                        allow_none=True, encoding=encoding)
-    if not os.path.exists(tracker):
-        print 'Instance home does not exist.'
-        sys.exit(-1)
-    try:
-        object = RoundupServer(tracker, verbose)
-    except TrackerError:
-        print 'Instance home does not exist.'
-        sys.exit(-1)
+    tracker_homes = {}
+    for arg in args:
+        try:
+            name, home = arg.split('=', 1)
+            # Validate the argument
+            tracker = roundup.instance.open(home)
+        except ValueError:
+            print 'Instances must be name=home'
+            sys.exit(-1)
+        except TrackerError:
+            print 'Tracker home does not exist.'
+            sys.exit(-1)
+
+        tracker_homes[name] = home
+
+    RequestHandler.TRACKER_HOMES=tracker_homes
 
-    server.register_instance(object)
+    if sys.version_info[0:2] < (2,5):
+        if encoding:
+            print 'encodings not supported with python < 2.5'
+            sys.exit(-1)
+        server = Server(('', port), RequestHandler)
+    else:
+        server = Server(('', port), RequestHandler,
+                        allow_none=True, encoding=encoding)
 
     # Go into the main listener loop
     print 'Roundup XMLRPC server started on %s:%d' \