Closed Bug 867218 Opened 13 years ago Closed 13 years ago

Configure cookieSession() on login.wm.o to use the "webmaker.org" shared session

Categories

(Webmaker Graveyard :: Login, defect)

Product:
Webmaker Graveyard
Component:
Login
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: sedge, Assigned: jon)

References

Details

(Whiteboard: u=dev p=1 s=2013w19)

Attachments

(1 file, 4 obsolete files)

https://github.com/mozilla/login.webmaker.org/pull/47
53 bytes, text/x-github-pull-request
humph
: review+
jon
: review+
boozeniges
: review+
Details | Review
Login.wm.o must attach authentication data to a shared sessionCookie for "webmaker.org". This requires the app to modify its own sessionCookie to attach data to the shared one.
Attached file Pull request for this patch (obsolete) —
https://bugzilla.mozilla.org/show_bug.cgi?id=867218
Attachment #744293 - Flags: review?(swex)
Attachment #744293 - Flags: review?(ross)
Attachment #744293 - Flags: review?(pomax)
Attachment #744293 - Flags: review?(jon)
Attachment #744293 - Flags: review?(david.humphrey)
Process point: someone to review the code changes, and maybe, if you think it necessary, another person to review the architecture change(s) if any. In Mozilla that's usually known as a Review and Super Review. There are times where a change crosses a bunch of code/expertise boundaries, and getting specific people to review various bits of what you've done makes sense. I'd suggest that you can usually get away with 1 or 2 reviews, 3 in rare situations. You'll never need 5 reviewers for a patch, ime. That said, I'm loving watching you dive into hard problems, put up patch after patch, and not get frustrated or lose your edge. Great work.
Comment on attachment 744293 [details] Pull request for this patch Clearing some reviewers to keep this moving.
Attachment #744293 - Flags: review?(swex)
Attachment #744293 - Flags: review?(pomax)
Attachment #744293 - Flags: review?(david.humphrey)
Attachment #744293 - Flags: review?(ross)
Attachment #744293 - Flags: review?(jon)
Attachment #744293 - Flags: review-
r-, your branch isn't based on master so will need a rebase first.
Confused - I see that the pull request is closed, can't see if it got openned up somewhere else?
Thanks for adding in a well described integration guide - it made no sense when reading the PR but reading it as an actual file it's fantastic. Other than a couple of points I made (which may well be invalid or unnecessary) I'll happily r+ this once it's all properly rebased.
Attached file Pull request for this patch (obsolete) —
https://github.com/mozilla/login.webmaker.org/pull/42
Attachment #744293 - Attachment is obsolete: true
Attachment #744622 - Flags: review?(ross)
Attachment #744622 - Flags: review?(pomax)
Comment on attachment 744622 [details] [review] Pull request for this patch I think there are a couple of comments on the ticket that at the moment warrant a fail pending further discussion. Would like to re-iterate the work on the readme - that's a very good integration guide.
Attachment #744622 - Flags: review?(ross) → review-
Comment on attachment 744622 [details] [review] Pull request for this patch this pull request got closed.
Attachment #744622 - Flags: review?(pomax)
Attachment #744622 - Flags: review-
Blocks: 866815
Attached file Pull request for this patch (obsolete) —
https://github.com/mozilla/login.webmaker.org/pull/46
Attachment #744622 - Attachment is obsolete: true
Attachment #745917 - Flags: review?(pomax)
At this point we're attempting to fully understand why the session-sharing between apps isn't stable. Apps can assume we WILL get it there, and the other teams can assume "req.session.auth"'s existence to confirm a logged in user. Req.session.auth will contain an attribute called "_id", containing the user's email for further API calls to the login server if needed.
Whiteboard: u=dev c=login p=1 s=2013w18 → u=dev p=1 s=2013w19
Comment on attachment 745918 [details] [review] PR for thimble implementation closing, and will add a new attachement with a our operational changes surgically injected into master, for added win.
Attachment #745918 - Flags: review?(pomax) → review-
Attachment #746021 - Flags: review?(kieran.sedgwick)
Attachment #746021 - Flags: review?(ross)
Attachment #746021 - Flags: review?(jon)
Attachment #745917 - Flags: review?(pomax)
Attachment #746021 - Flags: review?(scott)
One thing that's still missing is an updated README. I shall make this update happen, too.
Attachment #745917 - Attachment is obsolete: true
Attachment #745918 - Attachment is obsolete: true
readme updated.
Comment on attachment 746021 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/47 r+ from an understanding and smell test review. Hoping that additional reviews can clear up any "this doesn't actually work" reviews.
Attachment #746021 - Flags: review?(ross) → review+
note: unhappy with the use of both parser_secret and session_secret, filed https://github.com/visionmedia/express/issues/1607 to find out what the correct way of doing things is here, since the docs are not sufficient to determine that.
I'm having a hard time figuring out what this patch is doing, and how to test it. I'll take a deeper look, but any more info would be appreciated.
Comment on attachment 746021 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/47 This doesn't need so many reviewers.
Attachment #746021 - Flags: review?(scott)
perhaps not, but thecount has so far been the only one to signal actual "I tried to use it and I ran into these problems" issues, so his review on IRC has been pretty invaluable.
also note that in order to test this, you will also need a consumer app, such as the SSO-enabled branch of thimble: https://github.com/pomax/thimble.webmaker.org/tree/bug866815
Comment on attachment 746021 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/47 switched review to humph so it doesn't block
Attachment #746021 - Flags: review?(kieran.sedgwick) → review?(david.humphrey)
Attachment #746021 - Flags: review?(david.humphrey) → review-
Blocks: 869576
No longer blocks: 869576
Blocks: 869576
Comment on attachment 746021 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/47 updated the pull request based on the comments.
Attachment #746021 - Flags: review- → review?(david.humphrey)
Attachment #746021 - Flags: review?(david.humphrey) → review+
Blocks: 866832
Comment on attachment 746021 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/47 r+ with nits, use SESSION_SECRET for both cookieParser and cookieSession, rather than separate secrets.
Attachment #746021 - Flags: review?(jon) → review+
replaced parser_secret with session_secret and updated the pull request.
merged. follow-up bugs filed, closing this one.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
we're not quite there yet. Deploying to heroku still had some issues, so we need to ensure that works before we can permanently close.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Going to back out Pomax's changes
Assignee: kieran.sedgwick → jon
Status: REOPENED → ASSIGNED
Commit pushed to master at https://github.com/mozilla/login.webmaker.org https://github.com/mozilla/login.webmaker.org/commit/c31162a9cfd0fcde65c615de6e0a889fb1dab520 Revert bug 867218 - Use shared sessions for SSO This reverts commit a50d164deb7107969d53d98cac6d0cbf31975e73, reversing changes made to 6f395225ad42ab007a15357be5a180c987e657e2.
Based on bug 867223 we're not doing it this way.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → INVALID
Attachment mime type: text/plain text/plain text/plain text/plain → text/x-github-pull-request text/x-github-pull-request text/x-github-pull-request text/x-github-pull-request
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: