Closed
Bug 1018325
Opened 10 years ago
Closed 8 years ago
[PulseGuardian] Restrict logins to mozillians
Categories
(Webtools :: Pulse, defect, P2)
Webtools
Pulse
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mcote, Assigned: mcc.ricardo)
References
Details
After thinking about this more and dealing with some (admittedly accidental) abuse of Pulse last night, I can't think of a good reason for letting anyone at all register PulseGuardian accounts. We should restrict this service to vouched Mozillians, probably using Persona like we do for many services, such as Air Mozilla. The system should otherwise work as it does now, except that logging in should (via Persona) now be separated from creating a Rabbit user. Eventually we may want to allow creating multiple users associated with the same account, but for now one is probably enough.
Comment 1•10 years ago
|
||
Totally forgot this bug! So we switched to Persona since then, but still unsure how to restrict login to mozillians. Maybe there's a people API for this? (otherwise we could just restrict based on the email domains)
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86 → All
Reporter | ||
Comment 2•10 years ago
|
||
I don't know exactly, but, as I mentioned, we restrict logins to things like Air Mozilla to Mozillians; we should figure out what they do. :peterbe might know; needinfoing him.
Flags: needinfo?(peterbe)
Comment 3•10 years ago
|
||
Air Mozilla does a couple of things with the Mozillians API that isn't just about auth. But it starts here: https://github.com/mozilla/airmozilla/blob/master/airmozilla/base/mozillians.py#L38 With that little function available, the way we use this is by using the django-browserid plugin which allows you to override the class that does something once when user has signed in with Persona. https://github.com/mozilla/airmozilla/blob/master/airmozilla/auth/views.py#L32-L45 The logic is simple: 1. You managed to auth with Persona? Great. 2. Is the domain of your email address something like 'mozilla.com' or 'mozillafoundation.org' or ... Then you're in! 3. No, but does your email address matched an account on mozillians.org (User API) that is vouched for? Then you're in!
Flags: needinfo?(peterbe)
Reporter | ||
Comment 4•10 years ago
|
||
Ahmed, I don't think you're actively working on this, so I'm unassigning you just to free it up for other contributors. Please correct me if I'm wrong (and please feel free to look at other PulseGuardian bugs if you're ever bored :).
Assignee: ahmed.kachkach → nobody
Status: ASSIGNED → NEW
Reporter | ||
Updated•10 years ago
|
Priority: -- → P2
Assignee | ||
Comment 5•10 years ago
|
||
Ahmed, if you're not actively working on this I'll pick it up. Peter, thank you so much for the input. You basically gave us the solution :) Now we just need to implement and test it.
Reporter | ||
Comment 6•10 years ago
|
||
Ricardo: Ahmed didn't reassign himself in the 1.5 months since I unassigned him, so I think that means you're safe to take it. :)
Assignee | ||
Comment 7•10 years ago
|
||
Though so. But since I was only be able to pick this up later, I just though about alerting Ahmed :) Assigning to me.
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → mcc.ricardo
Status: NEW → ASSIGNED
Assignee | ||
Comment 8•10 years ago
|
||
Hi Mark, In order to use the Mozillian API to check if a user is vouched, we need access to an API key. Here's the wiki for that: https://wiki.mozilla.org/Mozillians/API
Flags: needinfo?(mcote)
Reporter | ||
Comment 9•10 years ago
|
||
Ah thanks for digging that up! I filed bug 1091682.
Flags: needinfo?(mcote)
Assignee | ||
Comment 10•10 years ago
|
||
Excellent :)
Reporter | ||
Comment 11•10 years ago
|
||
Might take a while to get that sorted out, so feel free to browse other bugs. :)
Assignee | ||
Comment 12•10 years ago
|
||
Absolutely. Just got home, I'll start working on something else :)
Reporter | ||
Comment 13•8 years ago
|
||
With Persona going away, we're going to switch to Okta (see bug 1286611). This is more restrictive than Mozillians, so we won't need this bug anymore.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•