Closed
Bug 916955
Opened 11 years ago
Closed 11 years ago
Ember.show API doesn't error if an invalid token is provided
Categories
(bugzilla.mozilla.org :: API, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: erik.bryn, Assigned: dkl)
Details
For example: https://bugzilla-dev.allizom.org/rest/ember/show/916522?Bugzilla_token=asdjklfjaslkdf Ideally, this would fail as I would want to prompt the user to relogin if a token expired.
Assignee | ||
Comment 1•11 years ago
|
||
Sorry meant to post this in IRC but my internet has been flakey today. We decided a while back that tokens would be treated similarly to cookies in that if a cookie/token is not valid it is simple ignored rather than throwing an error. https://bugzilla.mozilla.org/show_bug.cgi?id=893195#c22 We added User.valid_login (GET /valid_login?token=XXXX&login=dkl@mozilla.com) webservice method that will confirm if a cookie or token is still valid for a given user. What we need to do though is, if a token is invalid for /rest/ember/show, basically same as not being logged in, we do not provide an update_token for passing to Bug.update. I will do this and push to bugzilla-dev. dkl
So my main concern is I don't want to cache an unauthenticated Ember.show API response if the frontend thinks it's logged in. Since responses are specific to the current user, it would be bad to have the cache contain mixed authenticated/unauthenticated responses. Ideally any operation made with an invalid token would fail so the frontend knows it needs to reauthenticate. I don't think it's reasonable to have to hit the User.valid_login API prior to any cached API call for the client to detect it's token is no longer valid. If we can't remedy this in the API, I'm going to have to resort to some hacky mechanism for detecting whether every cached API response is an authenticated response or not.
An idea just occurred to me: perhaps the API could provide an HTTP header that let's me detect whether the response was authenticated or not.
Another discovery: an error is thrown if the username/password is incorrect. Seems inconsistent.
Assignee | ||
Comment 5•11 years ago
|
||
(In reply to Erik Bryn from comment #4) > Another discovery: an error is thrown if the username/password is incorrect. > Seems inconsistent. yeah for background info see the comments in bug 893195.
Assignee | ||
Comment 6•11 years ago
|
||
Ember.show will now throw invalid token error if one is provided but the user is not logged in. Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2 added extensions/Ember/template modified extensions/Ember/lib/WebService.pm added extensions/Ember/template/en added extensions/Ember/template/en/default added extensions/Ember/template/en/default/hook added extensions/Ember/template/en/default/hook/global added extensions/Ember/template/en/default/hook/global/user-error-errors.html.tmpl Committed revision 9012. Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2-dev added extensions/Ember/template modified extensions/Ember/lib/WebService.pm added extensions/Ember/template/en added extensions/Ember/template/en/default added extensions/Ember/template/en/default/hook added extensions/Ember/template/en/default/hook/global added extensions/Ember/template/en/default/hook/global/user-error-errors.html.tmpl Committed revision 8553.
Assignee: nobody → dkl
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
OS: Mac OS X → All
Hardware: x86 → All
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•