Closed Bug 972642 Opened 10 years ago Closed 10 years ago

Allow access to a mini-manifest with a token

Categories

(Marketplace Graveyard :: Reviewer Tools, enhancement, P1)

Product:
Marketplace Graveyard
Component:
Reviewer Tools
Platform:
x86
macOS
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
2014-02-25

People

(Reporter: andy+bugzilla, Assigned: robhudson)

References

Details

(Whiteboard: [feature]) 

When a reviewer hits the reviewer pages on Android, they will need to get a link to a mini-manifest that contains a token somewhere in the URL

The token will be time limited and single use. The token should be relatively unguessable and placed somewhere for later requests, eg: in memcache.

We can't feature detect that a user will be hitting the APK Factory so for the moment we'll have to detect that the client is Android and > version 29.
Note: that should be greater than *or equal to* version 29, as Fx29 includes the Synthetic APKs feature.
(In reply to Andy McKay [:andym] from comment #0)
> We can't feature detect that a user will be hitting the APK Factory so for
> the moment we'll have to detect that the client is Android and > version 29.

how are we doing it for the consumer pages?
Do reviewers install from consumer pages as well the reviewer pages?
(In reply to Andy McKay [:andym] from comment #3)
> Do reviewers install from consumer pages as well the reviewer pages?

No.  I assumed the same issue would occur for consumer apps but you clarified that it doesn't on IRC.
https://github.com/mozilla/zamboni/commit/01d1cca
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-02-25
(In reply to Rob Hudson [:robhudson] from comment #5)
> https://github.com/mozilla/zamboni/commit/01d1cca

If a token would be ignored for 'normal' installations (i.e. non apk'd, pre fx29) - and indications are it would - then couldn't we remove the UA version detection and just generate a token for every Android download?
(In reply to Andrew Williamson [:eviljeff] from comment #6)
> (In reply to Rob Hudson [:robhudson] from comment #5)
> > https://github.com/mozilla/zamboni/commit/01d1cca
> 
> If a token would be ignored for 'normal' installations (i.e. non apk'd, pre
> fx29) - and indications are it would - then couldn't we remove the UA
> version detection and just generate a token for every Android download?

I suppose we could. But if it's there already why make it less correct? Or do you feel the UA version detection makes things worse?
(In reply to Rob Hudson [:robhudson] from comment #7)
> I suppose we could. But if it's there already why make it less correct? Or
> do you feel the UA version detection makes things worse?

yeah just trying to avoid the version detection where its not unavoidable.
Can you please add some specific STRs to this bug or mark it as [qa-] ?
Severity: normal → enhancement
Whiteboard: [feature]
You need to log in before you can comment on or make changes to this bug.