Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Ensure origin for packaged app is unique

VERIFIED FIXED in 2013-07-18

Status

Marketplace
Developer Pages
P1
normal
VERIFIED FIXED
4 years ago
4 years ago

People

(Reporter: andym, Assigned: robhudson)

Tracking

2013-07-18
x86
Mac OS X
Points:
---

Details

(Reporter)

Description

4 years ago
In bug 852720 packaged apps were allowed to have an origin in the manifest. This is for the developer tools to ensure that if an origin is present on a packaged app, it is unique within the marketplace.
Why do we need them to be unique?
(Reporter)

Comment 2

4 years ago
I'm trying to remember the security meeting, I was wonder the impression we didn't want colliding origins. But I can't remember exactly, Raymond can you remember.

If they aren't unique, I can't use them for receipts and would have to use something else.
Flags: needinfo?(rforbes)
Blocks: 867265
Nevermind, https://bugzilla.mozilla.org/show_bug.cgi?id=879437#c13 says they are unique
No longer blocks: 867265
Flags: needinfo?(rforbes)
Priority: -- → P1
(Reporter)

Updated

4 years ago
Blocks: 867265
(Assignee)

Comment 4

4 years ago
When the switch 'webapps-unique-by-domain' is enabled this already happens. Should we separate packaged app origins from this switch so they are always unique? Seems like a good idea to me.
(Assignee)

Updated

4 years ago
Assignee: nobody → robhudson.mozbugs
(Assignee)

Comment 5

4 years ago
https://github.com/mozilla/zamboni/commit/19e7156
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2013-06-27

Comment 6

4 years ago
Please add STR here or mark it with [qa-] if no QA is needed.
(Assignee)

Comment 7

4 years ago
To verify:
Submit a packaged app with an origin. Try to submit a 2nd packaged app with that same origin. You should get an error at submission time.

Comment 8

4 years ago
I tried to submit a 2nd packaged app with the same origin, and after I clicked contine, it just refreshed the submission page and no error message was displayed. I got the same behavior after submitting a packaged app with an invalid origin. Verified in https://marketplace-dev.allizom.org/developers/submit/ on FF25 (Win 7)
Please see screencast http://screencast.com/t/8LJxXDTdXQwQ
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Updated

4 years ago
Duplicate of this bug: 892247
(Assignee)

Updated

4 years ago
Target Milestone: 2013-06-27 → 2013-07-18
(Assignee)

Comment 10

4 years ago
I started working on this and it's more complicated than it seems. (Likewise for bug 892694 when we get to it).

The reason is we're validating a zip file before we actually save it. If the zip file is bad we want to toss it away and only create the FileUpload record that has the validation results with it. If the file size is < 2.5MB Django keeps it in memory but parse_addon requires a file on disk.

The form is going to have to check if it's an in-memory file and if so, create the file on disk to pass it to parse_addon in order to get the origin out of it.

The most straightforward approach is to do the above in the form -- make a tempfile, parse it, then throw it away when done.

But I'm also wondering if it might be nice to update our SafeUnzip library to take a file-like object and not assume a file on disk so we can pull this file out and handle it all in-memory.
(Assignee)

Comment 11

4 years ago
I went with the in-memory approach:
https://github.com/mozilla/zamboni/commit/29960747
Status: REOPENED → RESOLVED
Last Resolved: 4 years ago4 years ago
Resolution: --- → FIXED

Comment 12

4 years ago
Verified as fixed in https://marketplace-dev.allizom.org/developers/submit/ on FF25 (Win 7).
Postfix screencast http://screencast.com/t/yn2fSEQD
Closing bug.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.