Closed
Bug 701424
Opened 14 years ago
Closed 13 years ago
Switch authentication to BrowserID for etherpad.mozilla.org
Categories
(Websites Graveyard :: etherpad.mozilla.org, defect)
Websites Graveyard
etherpad.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ozten, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [qa+])
Team pads have authentication. This is not tied to LDAP. A user has one email and password per teampad.
We should switch this authentication over to BrowserID.
|
Reporter | |
Comment 1•14 years ago
|
||
@jake - I've got this somewhat working and want to fold any Mozilla changes.
Where is your repo? (Mine is based off of gith.com/ether/pad).
|
|
||
Comment 2•14 years ago
|
||
Austin: can you provide the same sort of info that we ask for at https://wiki.mozilla.org/WebAppSec/Security_Review_Request ?
|
|
||
Comment 3•14 years ago
|
||
@ozten: My repo is github.com/superawesome/pad.
Somebody already forked my pad to github.com/mozilla/pad... however just today I pushed a very small (2-character) change that you'll want to re-pull from mine. I don't have access to the mozilla github.com stuff. :(
I think all the Mozilla-specific things in mine happened before the fork, but you might want to double-check the commit timings.
|
|
Reporter | |
Comment 4•14 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #3)
According to https://github.com/mozilla/pad/admin/collaboration you have access.
Is it read only access?
|
|
Reporter | |
Comment 5•14 years ago
|
||
1) A quick intro to what this app does.
This is a feature enhancement to remove email+password authentication and replace it with BrowserID based authentication.
2) Where is the source code located?
https://github.com/mozilla/pad
3) Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
Stage is being built in Bug#698110.
4) Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
Websites/Other
5) Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)?
Email and full name.
6) Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
Stand-alone app with a MySQL backend.
7) Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
Please create 2 accounts for each role supported in the application and add the username and password into the security review request bug. Without this information we can't begin our review.
You will be able to create test accounts via BrowserID.
8) What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
Allowing arbitrary users to log into arbitrary pads.
9) Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed?
No changes are being made to the existing admin panels.
10) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
As discussed in IRC and email, this is low priority. It will be great to get your eyes on it as time permits.
|
|
Reporter | |
Comment 6•14 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #3)
I need help making sure I've merged the right branch, but I've got a patch ready.
What is the hostname for stage? How do you want to handle deployment?
|
|
||
Comment 7•14 years ago
|
||
We'll handle deployment like any of our other web apps. That is:
etherpad-dev.allizom.org - dev instance, auto-deploy every X minutes
etherpad.allizom.org - stage instance, updated upon push request bug
etherpad.mozilla.org - prod instance, updated upon push request bug
|
|
Reporter | |
Comment 8•14 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #7)
Which repo and branch will you deploy from?
I've merged superawesome/master. I'll push to mozilla/master, unless you have plans for a different repo/branch.
|
|
||
Comment 9•14 years ago
|
||
I'll pull from mozilla/master then.
Often webdev likes to make separate branches and/or tags for released versions, and leave 'master' like 'trunk'. If you want to that as well, feel free... just let me know what tag/branch should be used for dev/stage/prod environments.
For slower-moving apps we sometimes just use master for everything, and it's up to webdev to make sure that the branch is in the proper state before we deploy it.
Either way, it's really up to you. Just let us know what you prefer.
|
|
Reporter | |
Comment 10•14 years ago
|
||
Great, let's start simple. We can always change the process later.
mozilla/master is ready for etherpad-dev.allizom.org.
|
|
||
Updated•14 years ago
|
Component: Other → etherpad.mozilla.org
QA Contact: other → etherpad-mozilla-org
|
|
||
Updated•14 years ago
|
Whiteboard: [qa+]
|
|
||
Comment 11•13 years ago
|
||
This is deployed!
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•9 years ago
|
Product: Websites → Websites Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•