Closed
Bug 866832
Opened 11 years ago
Closed 11 years ago
Have webmaker id passed to create/update/delete for tag verification
Categories
(Webmaker Graveyard :: MakeAPI, defect)
Webmaker Graveyard
MakeAPI
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cade, Assigned: cade)
References
Details
(Whiteboard: u=dev p=1 s=2013w19)
Attachments
(1 file)
In order for tag "domains" ( "webmaker.org", "popcorn.webmaker.org", etc ) to be applied only by authenticated users, we need to have the API authenticate accounts against the webmaker login server. Admins should be able to apply the reserved domains on top of their own email. This will allow tagged approval for promotion publicly. Apps ( like Thimble or Popcorn Maker) should be able to update makes on behalf of logged in users, OR, logged in users can directly update certain fields of makes. i.e. tag a project as favourite or add a hashtag to a project of their own.
Updated•11 years ago
|
Whiteboard: [MakeAPI] → u=dev p=1 s=2013w18
Comment 1•11 years ago
|
||
Relevant tag documentation: https://wex.etherpad.mozilla.org/MakeAPI-tags
Assignee | ||
Comment 2•11 years ago
|
||
I did a first pass at this. Basically, Create update and delete will be secured with basic authentication. Apps/tools that we trust will authenticate users and make API calls on their behalf, passing the Make API their id and a flag indicating if they're an administrator (AFAIK, that information will be in the encrypted session cookie) This patch adds a new piece of middleware that checks if tags are being added/changed and applies the security logic that was in the requirements for application tags. i.e. admin can add any application tag, user can only add and application tag that contains their own webmakerid before the ':'
Attachment #744667 -
Flags: feedback?(swex)
Comment 3•11 years ago
|
||
:cade - so in other words, you're relying on the other apps NEVER making a call to the makeAPI unless they know there's an authenticated user?
Assignee | ||
Comment 4•11 years ago
|
||
Yup. All actions that'd trigger a call to Create/update/delete on the Make API in Popcorn Maker or Thimble already require authentication with persona/webmaker, so there's not much to do there right now, just have to get those apps passing the id and admin flag with their API calls.
Assignee | ||
Comment 5•11 years ago
|
||
Altering to title to better reflect the work done.
Summary: Use Webmaker SSO to authenticate API calls → Have webmaker id passed to create/update/delete for tag verification
Updated•11 years ago
|
Whiteboard: u=dev p=1 s=2013w18 → u=dev p=1 s=2013w19
Assignee | ||
Updated•11 years ago
|
Attachment #744667 -
Flags: feedback?(swex) → review?(jon)
Comment 6•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 r-, notes in the pull request. What's a good way to test this? The localdata generator doesn't add admin tags, right?
Attachment #744667 -
Flags: review?(jon) → review-
Assignee | ||
Comment 7•11 years ago
|
||
No, I don't believe it does at this point in time.
Assignee | ||
Updated•11 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 9•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 This patch supports tag filtering based on the rules we've set out for tags in https://wex.etherpad.mozilla.org/MakeAPI-tags Regular users can add raw tags, and user tags (userid:tag) all other user tags and application tags are stripped from makes. Admins can add any tag. I still have to add in logic that allows apps to add application tags, so that they can apply tags with it's their own specific application tags. (popcorn.webmaker.org:project,thimble.webmaker.org:project) Lets double check that all tag rules are being enforced.
Attachment #744667 -
Flags: review?(swex)
Attachment #744667 -
Flags: review?(jon)
Attachment #744667 -
Flags: review?(david.humphrey)
Attachment #744667 -
Flags: review-
Comment 10•11 years ago
|
||
Chris, README looks pretty out of sync with the state of the code. Can you confirm this is right?
Comment 11•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 Comments in PR
Attachment #744667 -
Flags: review?(david.humphrey) → review-
Assignee | ||
Comment 13•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 I think I got all of issues fixed from last week. next round of review!
Attachment #744667 -
Flags: review?(swex)
Attachment #744667 -
Flags: review?(jon)
Attachment #744667 -
Flags: review?(david.humphrey)
Attachment #744667 -
Flags: review-
Assignee | ||
Comment 14•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 I've asked :jbuck for a review
Attachment #744667 -
Flags: review?(jon)
Updated•11 years ago
|
Attachment #744667 -
Flags: review?(david.humphrey) → review-
Assignee | ||
Comment 15•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 one step closer!
Attachment #744667 -
Flags: review- → review?(david.humphrey)
Comment 16•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 Few things in the PR, r+ with that.
Attachment #744667 -
Flags: review?(david.humphrey) → review+
Assignee | ||
Comment 17•11 years ago
|
||
Comment on attachment 744667 [details] [review] https://github.com/mozilla/MakeAPI/pull/47 Landing....
Attachment #744667 -
Flags: review?(jon)
Comment 18•11 years ago
|
||
Commit pushed to master at https://github.com/mozilla/MakeAPI https://github.com/mozilla/MakeAPI/commit/2e89dc4010ee260c5df9337126c4900634f8a951 Fixes Bug 866832 - Tag Filtering for Make Creation and Updating
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Attachment mime type: text/plain → text/x-github-pull-request
You need to log in
before you can comment on or make changes to this bug.
Description
•