Closed
Bug 879012
Opened 11 years ago
Closed 11 years ago
Add SSO auth for the Admin Login Console
Categories
(Webmaker Graveyard :: Login, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: sedge, Assigned: sedge)
References
Details
(Whiteboard: u=dev c=login p=1 s=2013w24)
Attachments
(1 file)
It currently uses basicauth. DANGER! DANGER!
|
Assignee | |
Updated•11 years ago
|
Summary: Audit security for the Admin Login Console → Add SSO auth for the Admin Login Console
|
|
Assignee | |
Updated•11 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: u=dev c=login p=1 s=2013w23
|
|
Assignee | |
Comment 1•11 years ago
|
||
[WIP] Work in progress, first run.
Attachment #760566 -
Flags: review?(pomax)
Comment on attachment 760566 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/94 preliminary comments in the pull request
Attachment #760566 -
Flags: review?(pomax) → review-
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: u=dev c=login p=1 s=2013w23 → u=dev c=login p=1 s=2013w24
|
|
Assignee | |
Comment 3•11 years ago
|
||
An unsecured Login console doth an unhappy user-base make.
Severity: normal → blocker
|
|
Assignee | |
Updated•11 years ago
|
Attachment #760566 -
Flags: review?(chris)
|
||
Comment 5•11 years ago
|
||
Comment on attachment 760566 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/94 Lots of cleanup to do, some questions to answer in the pull request, and we should drop basic auth completely from the admin console. Use Persona SSO exclusively, and deny non-admins.
Attachment #760566 -
Flags: review?(chris) → review-
|
|
Assignee | |
Updated•11 years ago
|
Attachment #760566 -
Flags: review- → review?(chris)
|
|
Assignee | |
Comment 6•11 years ago
|
||
Comment on attachment 760566 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/94 Needs local testing
Attachment #760566 -
Flags: review?(chris) → review?(pomax)
|
||
Comment 7•11 years ago
|
||
Comment on attachment 760566 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/94 R+
Attachment #760566 -
Flags: review?(pomax) → review+
Comment on attachment 760566 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/94 r-, comments in the pull request (we need to catch the error that might occur)
|
|
Assignee | |
Updated•11 years ago
|
Attachment #760566 -
Flags: review- → review?(pomax)
Comment on attachment 760566 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/94 let's see if this holds up on staging. R+
Attachment #760566 -
Flags: review?(pomax) → review+
|
||
Comment 10•11 years ago
|
||
Commits pushed to master at https://github.com/mozilla/login.webmaker.org https://github.com/mozilla/login.webmaker.org/commit/1a13e23fdbd24d09aa545e806472230c87eeef8a [Bug 879012] Added a security to the admin console, and unsecured api routes https://github.com/mozilla/login.webmaker.org/commit/c56609e28046440af9d8e9649c34cadb4d2cceda Merge pull request #94 from ksedge/bug879012 [WIP - DO NOT MERGE][Bug 879012] Added a security to the admin console, and unsecured api ro...
|
|
Assignee | |
Comment 11•11 years ago
|
||
Epic wins.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Attachment mime type: text/plain → text/x-github-pull-request
You need to log in
before you can comment on or make changes to this bug.
Description
•