enable and document basic list call from python library

[axfelix]

Hi,

We wanted to use this from within a Python script and found that those methods weren't really documented or designed that way, so I've added a basic method and example for doing that.

[codecov-io]

Codecov Report

Merging #170 into master will decrease coverage by 0.14%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##           master     #170      +/-   ##
==========================================
- Coverage   92.17%   92.03%   -0.15%     
==========================================
  Files          13       13              
  Lines         588      590       +2     
==========================================
+ Hits          542      543       +1     
- Misses         46       47       +1

Impacted Files	Coverage Δ
osfclient/cli.py	96.96% <66.66%> (-0.58%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 44b9a87...91976d0. Read the comment docs.

[benlindsay]

I like the idea of showing how to do it from python in the docs. However, I'm not sure we want to encourage people to put passwords in plain text in python scripts. I'm no security expert though. Also, the [project] notation in the python script might be a little confusing since it looks like a python list. I might recommend something like "myusername" instead of [username] and "xyz123" or "myprojectid" instead of [project].

[axfelix]

Yeah, obviously it'd be preferable if you could use a token there instead, but I wanted there to be some way of running it unsupervised -- obviously password could be passed as input from some other part of a script. Happy to make the other changes though.

[benlindsay]

Doesn't it still work without passing a password from python? Either by setting OSF_PASSWORD or by manually typing it in once OSFClient gets to this line: password = getpass.getpass('Please input your password: ')?

[axfelix]

Yeah, the environment variable method still works either way, it just didn't strike me as super pythonic.

[benlindsay]

Hmm...what seems un-pythonic about it to you? Have you seen examples of high-quality python code that includes plaintext passwords? Putting passwords and keys in environment variables is a pretty common thing to do from what I've seen, even with python projects.

[axfelix]

Well, again, it just makes it more explicit this way if you wanted to pass input from elsewhere, since token auth isn't an option. But I'm happy to retract the change to cli.py and relabel the readme changes if you just want to merge those.

[benlindsay]

Gotcha. I guess I'm just not comfortable enough to make those changes to cli.py at the moment. I don't know enough about possible side effects and I don't have the bandwidth to get there. But if you retract the changes to cli.py, remove the password stuff, and change the [...] stuff, then I'd merge it.

[axfelix]

Another issue is that my example doesn't seem to work without setting a password :)

$ OSF_PASSWORD=password
$ python
Python 3.5.2 (v3.5.2:4def2a2901a5, Jun 25 2016, 22:18:55) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import osfclient
>>> import osfclient.cli
>>> osf_login = osfclient.OSF(username="garnett@sfu.ca")
>>> osf_login.project="9qkmd"
>>> osfclient.cli.list_(osf_login)
Please set a username (run `osf -h` for details).

I may have to return to this a bit later.

[benlindsay]

Yo, you should change your password ASAP. I just logged in (and back out immediately) with your credentials.

[axfelix]

Yeah, I know, lazy paste :)