Closed Bug 975413 Opened 10 years ago Closed 10 years ago

Fireplace should call search API without authentication credentials

Categories

(Marketplace Graveyard :: API, defect, P2)

x86_64
Linux
defect

Tracking

(Not tracked)

VERIFIED FIXED
2014-03-11

People

(Reporter: mat, Unassigned)

Details

(Keywords: perf)

To improve its cacheability, we need to remove everything that's user-dependant from the search API and start requesting it without ?_user param.

The 'user' key on each app in the result that contains installed/developed/purchased flags should be obsolete once bug 969433 is done, at least on the fireplace endpoint.

However, there is another piece of code in the search API that is dependant on the user: the region bypass system. If you are a collection curator or have the Regions:BypassFilters permission, you are allowed to pass the special region=None parameter (called "No region in search" in fireplace) in order to search for apps everywhere and not just in your current region.

AFAIK this system is used by payment testers before we enable payments in a region (not entirely sure how that works, though) and collection curators, since there is no lookup search API.

The ultimate goal is to improve cacheability, so we need fireplace calls to search/featured to be anonymous, at least for all normal users. So I see 2 options:

1) We remove that check and allow everyone to pass region=None. We modify fireplace to make all search requests anonymous.

2) We keep that check. In fireplace, we only pass user info to the endpoint if the user has the relevant permission.

Thoughts ?
Flags: needinfo?(krupa.mozbugs)
Flags: needinfo?(amckay)
We decided just Friday to stop the use of Regions:BypassFilters for testing of payments. Testing in that way isn't really of value and something we don't think its worth supporting. So please do whatever makes the most sense for you.
Flags: needinfo?(krupa.mozbugs)
Flags: needinfo?(amckay)
Excellent, thanks.
Component: General → API
Priority: -- → P2
Merged https://github.com/mozilla/fireplace/commit/6778c8af8672330b6c516ef55424514a1b58698b

STR:
- Go to consumer pages while logged out.
- Open debug page, select "no region in search" region
- Make sure the homepage works, do a search, you should see apps.

- Go to consumer pages, log in
- In network tab, make sure requests to search and categories api are done without the '_user' parameter in the URL

Also retest scenarios from bug 969433.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Scenario 1(logged out, no region in search): Verified as fixed
Scenario 2(logged in) : Verified as fixed in network tab : _user parameter is not seen in the URL
Scenario 3: Verified everything from bug 969433
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.