[RelengAPI] Much more flexible token authentication



4 years ago
4 years ago


(Reporter: dustin, Assigned: dustin)




(1 attachment)

HTTP/1.1 301 Permanent Redirect

Location: https://github.com/mozilla/build-relengapi/issues/163
Assignee: relops → dustin
Depends on: 1132997
Blocks: 1133842
Comment on attachment 8566066 [details] [review]

This has merged in, but as said in my last (after-merge) comment there...

For history purposes, in my own relengapi testing instance, I just updated to post-this-change. and Had the unfortunate issue of "I was logged in" and thus got errors about the base.tokens.view being invalid, and had to force a logout to avoid.

Then I had the issue that I couldn't view the tokenauth page because the relengapi db was not updated. (auth_tokens had the old schema) and since we don't have any alembic/DB-migration stuff the fastest for me was to drop table auth_tokens table and recreate it. BUT in production right now we have two existing tokens: https://api.pub.build.mozilla.org/tokenauth/ that would restrict us doing a simple drop->createdb

Not sure what the right solution is for these but it should probably be articulated before we go live with this version
Attachment #8566066 - Flags: review?(bugspam.Callek) → review+
You'll note that both of those commits were flagged as [BREAKING CHANGE]
(In reply to Dustin J. Mitchell [:dustin] from comment #3)
> You'll note that both of those commits were flagged as [BREAKING CHANGE]

Doesn't mean we can ignore the downstream entirely. As in if I am/was logged in and we deploy this as-is, *every* page I load will ISE on me, and I won't even have a logout option unless I know the magic logout url.

We also need to care to either preserve the mapper api tokens, or get the mapper client updated/prepared in advance of this deploy.
I said that to indicate that I was already aware of these issues when I wrote the commits.
https://github.com/mozilla/build-relengapi/pull/201 adds the logging that was holding this open, and will be merged by and by.
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.