Allow access to a mini-manifest with a token

RESOLVED FIXED in 2014-02-25

Status

Marketplace
Reviewer Tools
P1
enhancement
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: Andy McKay, Assigned: robhudson)

Tracking

2014-02-25
x86
Mac OS X
Points:
---

Details

(Whiteboard: [feature])

(Reporter)

Description

4 years ago
When a reviewer hits the reviewer pages on Android, they will need to get a link to a mini-manifest that contains a token somewhere in the URL

The token will be time limited and single use. The token should be relatively unguessable and placed somewhere for later requests, eg: in memcache.

We can't feature detect that a user will be hitting the APK Factory so for the moment we'll have to detect that the client is Android and > version 29.
Note: that should be greater than *or equal to* version 29, as Fx29 includes the Synthetic APKs feature.
(In reply to Andy McKay [:andym] from comment #0)
> We can't feature detect that a user will be hitting the APK Factory so for
> the moment we'll have to detect that the client is Android and > version 29.

how are we doing it for the consumer pages?
(Reporter)

Comment 3

4 years ago
Do reviewers install from consumer pages as well the reviewer pages?
(In reply to Andy McKay [:andym] from comment #3)
> Do reviewers install from consumer pages as well the reviewer pages?

No.  I assumed the same issue would occur for consumer apps but you clarified that it doesn't on IRC.
(Assignee)

Comment 5

4 years ago
https://github.com/mozilla/zamboni/commit/01d1cca
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-02-25
(In reply to Rob Hudson [:robhudson] from comment #5)
> https://github.com/mozilla/zamboni/commit/01d1cca

If a token would be ignored for 'normal' installations (i.e. non apk'd, pre fx29) - and indications are it would - then couldn't we remove the UA version detection and just generate a token for every Android download?
(Assignee)

Comment 7

4 years ago
(In reply to Andrew Williamson [:eviljeff] from comment #6)
> (In reply to Rob Hudson [:robhudson] from comment #5)
> > https://github.com/mozilla/zamboni/commit/01d1cca
> 
> If a token would be ignored for 'normal' installations (i.e. non apk'd, pre
> fx29) - and indications are it would - then couldn't we remove the UA
> version detection and just generate a token for every Android download?

I suppose we could. But if it's there already why make it less correct? Or do you feel the UA version detection makes things worse?
(In reply to Rob Hudson [:robhudson] from comment #7)
> I suppose we could. But if it's there already why make it less correct? Or
> do you feel the UA version detection makes things worse?

yeah just trying to avoid the version detection where its not unavoidable.

Comment 9

4 years ago
Can you please add some specific STRs to this bug or mark it as [qa-] ?

Updated

4 years ago
Severity: normal → enhancement
Whiteboard: [feature]
You need to log in before you can comment on or make changes to this bug.