Closed
Bug 1163760
Opened 10 years ago
Closed 10 years ago
Backport upstream bug 1144468 to bmo to add authentication delegation
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dylan, Assigned: dylan)
References
Details
Attachments
(1 file)
|
10.16 KB,
patch
|
dkl
:
review+
gozer
:
review+
|
Details | Diff | Splinter Review |
As this will undoubtedly happening "soon", might as well have a bug around to reference.
|
Assignee | |
Comment 1•10 years ago
|
||
And finally. Note that valid_login returns just "true" for bmo.
Attachment #8611364 -
Flags: review?(dkl)
|
|
Assignee | |
Comment 2•10 years ago
|
||
Per RRA in bug 1164495, the authentication delegation feature needs a sec-review by someone outside the team.
We mentioned this sec-review would need to take into account the API keys (bug 1045145). I note that that was already sec-reviewed.
The API documentation isn't part of this patch because bmo doesn't have rst documenation, but it is the same as upstream: https://bugzilla.readthedocs.org/en/latest/integrating/auth-delegation.html#auth-delegation.
:gozer does not have perms to set sec-review, so is not a candidate for that. :mcote, how should I proceed? Perhaps :mgoodwin who did the sec-review in bug 1045145?
Status: NEW → ASSIGNED
Flags: needinfo?(mcote)
|
||
Comment 3•10 years ago
|
||
For this part, which is a technical code review, I don't think the sec-review flag is particularly important. It's more important to find someone who knows the language and, ideally, the project. I suggested gozer because he's a Perl hacker and has had some interaction with the Bugzilla code base. That said, if mgoodwin feels that he's qualified, all the better, since he's obviously security focussed!
Flags: needinfo?(mcote)
|
||
Comment 4•10 years ago
|
||
(In reply to Dylan William Hardison [:dylan] from comment #1)
> Created attachment 8611364 [details] [diff] [review]
> 1163760_1.patch
>
> And finally. Note that valid_login returns just "true" for bmo.
Yeah we havent backported the versioned REST API which fixes this issue. Valid JSON is supposed to be an array or object and not a single value. But XMLRPC and JSONRPC can do it. For REST only we convert "true" to { "result" : "true" }.
We could backport the upstream fix for REST only and hopefully not break any clients.
dkl
|
|
||
Comment 5•10 years ago
|
||
Comment on attachment 8611364 [details] [diff] [review]
1163760_1.patch
Review of attachment 8611364 [details] [diff] [review]:
-----------------------------------------------------------------
r=dkl
Attachment #8611364 -
Flags: review?(dkl) → review+
|
|
Assignee | |
Comment 6•10 years ago
|
||
Comment on attachment 8611364 [details] [diff] [review]
1163760_1.patch
Second review requested to make sure this isn't a horrible idea. :)
Attachment #8611364 -
Flags: review?(gozer)
|
||
Updated•10 years ago
|
Attachment #8611364 -
Flags: review?(gozer) → review+
|
|
Assignee | |
Comment 7•10 years ago
|
||
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
f2c52df..3cf3faf master -> master
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 8•10 years ago
|
||
I've got the following message when I try to use this:
> This site does not have auth delegation enabled.
> Please contact an administrator if you require this functionality.
Maybe the auth_delegation param is not yet enabled with the admin settings?
|
|
||
Comment 9•10 years ago
|
||
(In reply to Kohei Yoshino [:kohei] from comment #8)
> > This site does not have auth delegation enabled.
> > Please contact an administrator if you require this functionality.
>
> Maybe the auth_delegation param is not yet enabled with the admin settings?
Correct. It is just waiting some last minute discussion/checks and should be enabled soon.
dkl
You need to log in
before you can comment on or make changes to this bug.
Description
•