Closed Bug 1200461 Opened 9 years ago Closed 9 years ago

hgsetup should check and ask for Bugzilla apikey instead of password

Categories

(Firefox Build System :: Mach Core, enhancement)

Product:
Firefox Build System
Component:
Mach Core
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(firefox43 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla43
Tracking Flags:
Tracking Status
firefox43 --- fixed

People

(Reporter: xidorn, Unassigned)

References

Details

Attachments

(1 file)

MozReview Request: Bug 1200461 - Prompt for Bugzilla API Key instead of password; r?smacleod
40 bytes, text/x-review-board-request
smacleod
: review+
Details 
The extension reviewboard currently relies on Bugzilla apikey, and we should also make bzpost use that (bug 1200449). Thus we should replace the prompt for password with that for apikey.

Also it'd probably be better to check that the user is not using the old settings in addition, because they are not safe.
Blocks: 1199034
A good first step would be to rip out the prompt for the password. We can add API key prompting back later. This is a bit sub-optimal, but pushing to MozReview will print a nice error message with instructions if API keys aren't being used. So it's not the end of the world.
Bug 1200461 - Prompt for Bugzilla API Key instead of password; r?smacleod

All extensions in version-control-tools should support Bugzilla API Keys
now. MozReview requires them. We'll likely remove support for passwords
and cookie auth in the future. This commit transitions the Mercurial
setup wizard to API Keys exclusively.
Attachment #8657376 - Flags: review?(smacleod)
Comment on attachment 8657376 [details]
MozReview Request: Bug 1200461 - Prompt for Bugzilla API Key instead of password; r?smacleod

https://reviewboard.mozilla.org/r/18371/#review17043

::: tools/mercurial/hgsetup/wizard.py:406
(Diff revision 1)
> +            if bzpass or bzuserid or bzcookie:
> +                print(LEGACY_BUGZILLA_CREDENTIALS_DETECTED)
> +                c.clear_legacy_bugzilla_credentials()

I don't think we should be so aggressive to just remove the old credentials without prompting (especially since they're techincally supported still).

How about we deploy this with a prompt to remove the credentials (or, remove them if we verify you *do* have the api key).
Attachment #8657376 - Flags: review?(smacleod) → review+
https://hg.mozilla.org/mozilla-central/rev/9c23f4fdd401
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox43: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Product: Core → Firefox Build System
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: