Allow watch on private sites

[GoogleCodeExporter]

Enhancement request this.
Be nice to enable specto to use firefox cookies to watch sites that require
a login to view the pages

Original issue reported on code.google.com by evilsc...@gmail.com on 20 Nov 2007 at 11:49

[GoogleCodeExporter]

Hi, sorry for not replying sooner. I think I'd like a feature like this too. Do 
you
mean for pages protected by htaccess, for example this?
http://www.he.net/~jdoe/info/htaccess/example/restricted.html

Otherwise I doubt the feasibility of this thing. In any case, I have no idea 
how to
implement this, so, if someone wants to make a patch for this, that would be 
welcome ;)

Original comment by nekoh...@gmail.com on 24 Nov 2007 at 12:56

• Changed state: Accepted
• Added labels: Type-Enhancement, WatchType-Web
• Removed labels: Type-Defect

[GoogleCodeExporter]

Don't know about grabbing cookies, but they're really little more than extra 
header
lines in the HTTP request:

http://en.wikipedia.org/wiki/HTTP_cookie#Implementation

As for HTTP-based authentication, they come in two flavours:

http://en.wikipedia.org/wiki/Basic_access_authentication
http://en.wikipedia.org/wiki/Digest_access_authentication

The first uses base64, the second uses MD5 hashing.

Original comment by tungin...@gmail.com on 17 Dec 2007 at 11:13

[GoogleCodeExporter]

http://www.voidspace.org.uk/python/articles/urllib2.shtml#id6 for basic
authentification maybe?

Original comment by nekoh...@gmail.com on 16 Mar 2008 at 12:17

[GoogleCodeExporter]

Urllib2 is usually the way to go for http auth. It's easy by the way.

Cookies are also possible, but it's much more difficult. You would have to find 
the
form where the auth is usually entered in the html page, and then put those 
forms in
the ui and ask the user to write the good info. Then, send the GET or POST info 
to
the server. Usually, the server will give you a new address to read to, and 
it's not
sure that it's the same page that our user wants to monitor.

It means that you would store in the database two addresses. 
1- The one with the authentication agent, ex. login.php
2- The one with the real data that we want to monitor, ex. forums.php?id=2

And there is a good chance that the user will give you none of those two, but 
only
index.php, where he usually puts his user_id and password. Or he will give you
forums.php?id=2, which will redirect to a error page.

With all this information in hand, i suggest that we split this issue in two 
parts :
1- Implementing http auth, with a medium priority, milestone 0.3, Enhancement
2- Implementing cookie auth, with a low priority, deferred to milestone 0.4 
minimum.

Original comment by pascal.p...@gmail.com on 19 Dec 2008 at 3:14

[GoogleCodeExporter]

1- Implementing http auth, with a medium priority, milestone 0.3, Enhancement

Are you sure you want to do this in the 0.3 release?
We were hoping to release a rc version before christmas so i don't know if 
there will 
be enought time...
I think it is better to move them both to the 0.4 release

Original comment by woutclym...@gmail.com on 19 Dec 2008 at 12:44

[GoogleCodeExporter]

Indeed, this should come for 0.4, 0.3 is quite overdue already :) and even 
then, this
will require that someone does work on this.

Original comment by nekoh...@gmail.com on 20 Dec 2008 at 7:33

[GoogleCodeExporter]

Yeah sorry about that, didn't really know about the timeline...
However, is splitting a good idea?

Original comment by pascal.p...@gmail.com on 27 Dec 2008 at 1:09

[GoogleCodeExporter]

Well, if specto could authenticate everytime, why bother with cookies? It's not 
like
asking the user to enter the password on every refresh, anyway, no?

Original comment by nekoh...@gmail.com on 27 Dec 2008 at 1:06

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

The attached patch implements HTTP Basic authentication as proposed in comment 
3.
Some rough edges:
- does not indicate that username and password are optional
  (collapsible group would look nice)
- does not indicate it only does basic auth
- no error checking (other than 'look at the log'), but other plugins are 
similar

Original comment by joost.cassee on 8 May 2009 at 11:32

Attachments:

• httpauth.patch

[GoogleCodeExporter]

Sorry for taking so much time to reply, busy like a bee :) anyway, just wanted 
to
comment that I tried this patch today using the demo from
http://www.he.net/faq/tutorials/htaccess/demo.html and it works. It even saves 
the
password in the gnome keyring.

Now, indeed, this should ideally be in an expander so that their optional 
nature is
clearer. We also need to decide if this should go in the 0.3 release or wait 
for 0.4
for further testing and polish.

Original comment by nekoh...@gmail.com on 24 May 2009 at 9:55

• Added labels: Milestone-Release0.3, Patch

[GoogleCodeExporter]

Committed Joost's patch to the main development branch, created issue #249 for 
the
eventual polish we would like to have. 

As we now have basic HTTP auth implemented, I'll close this issue, but it could 
be
reopened if you folks believe it is unsatisfactory and can be extended easily. 
In any
case, do mention if this fix works for you so I can mark it Verified eventually.

Original comment by nekoh...@gmail.com on 30 May 2009 at 2:57

• Changed state: Fixed