Closed
Bug 1132957
Opened 10 years ago
Closed 10 years ago
[RelengAPI] Much more flexible token authentication
Categories
(Infrastructure & Operations :: RelOps: General, task)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: dustin)
References
Details
Attachments
(1 file)
HTTP/1.1 301 Permanent Redirect
Location: https://github.com/mozilla/build-relengapi/issues/163
|
Assignee | |
Updated•10 years ago
|
Assignee: relops → dustin
|
|
Assignee | |
Comment 1•10 years ago
|
||
Attachment #8566066 -
Flags: review?(bugspam.Callek)
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8566066 [details] [review]
https://github.com/mozilla/build-relengapi/pull/175
This has merged in, but as said in my last (after-merge) comment there...
For history purposes, in my own relengapi testing instance, I just updated to post-this-change. and Had the unfortunate issue of "I was logged in" and thus got errors about the base.tokens.view being invalid, and had to force a logout to avoid.
Then I had the issue that I couldn't view the tokenauth page because the relengapi db was not updated. (auth_tokens had the old schema) and since we don't have any alembic/DB-migration stuff the fastest for me was to drop table auth_tokens table and recreate it. BUT in production right now we have two existing tokens: https://api.pub.build.mozilla.org/tokenauth/ that would restrict us doing a simple drop->createdb
Not sure what the right solution is for these but it should probably be articulated before we go live with this version
Attachment #8566066 -
Flags: review?(bugspam.Callek) → review+
|
|
Assignee | |
Comment 3•10 years ago
|
||
You'll note that both of those commits were flagged as [BREAKING CHANGE]
|
|
||
Comment 4•10 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #3)
> You'll note that both of those commits were flagged as [BREAKING CHANGE]
Doesn't mean we can ignore the downstream entirely. As in if I am/was logged in and we deploy this as-is, *every* page I load will ISE on me, and I won't even have a logout option unless I know the magic logout url.
We also need to care to either preserve the mapper api tokens, or get the mapper client updated/prepared in advance of this deploy.
|
|
Assignee | |
Comment 5•10 years ago
|
||
I said that to indicate that I was already aware of these issues when I wrote the commits.
|
|
Assignee | |
Comment 6•10 years ago
|
||
https://github.com/mozilla/build-relengapi/pull/201 adds the logging that was holding this open, and will be merged by and by.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•