KARL4

Remove traces of JWT login

Bug #1682917 reported by Paul Everitt on 2017-04-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	KARL4	Fix Released	Low	Jim Fulton	KARL4 032 "June 2017"

Bug Description

In my failed attempt to make a rich frontend, I asked Carlos over a year ago to give my a JWT-based login. This meant:

- Some views that processed credentials and returned a JWT token
- A series of dependencies: wsgicors, pyramid_jwt, cryptography, etc.

Let's back out of all of that. Go back and find the commits to see what was brought in. It would be very nice to not have those dependencies (and that security method) still around.

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2017-04-17:

Here are some commits with the changes we made in support of this:

https://github.com/karlproject/karl/commits/master?after=ccec15e2491043e7a9bc4a1ce00843109a969b45+244
https://github.com/karlproject/karl/commits/master?after=ccec15e2491043e7a9bc4a1ce00843109a969b45+279

https://github.com/karlproject/karl/commit/5b3adfee4ad1e6045354fb2f2f53e61dd555547b
https://github.com/karlproject/karl/commit/bb87eb8810c04f2e1e73dd7479013f33a7fca206
https://github.com/karlproject/karl/commit/0789d659c69f935208376704b6613992e69a37df
https://github.com/karlproject/karl/commit/a00e197c8988e5c6931064d250cdcfca7a80f25f
https://github.com/karlproject/karl/commit/4092d92d828f5f3ead30dfcc6a21d3a938dd82d0

Paul Everitt (paul-agendaless) on 2017-05-03

Changed in karl4:
assignee:	Carlos de la Guardia (cguardia) → Paul Everitt (paul-agendaless)

Paul Everitt (paul-agendaless) on 2017-05-07

Changed in karl4:
assignee:	Paul Everitt (paul-agendaless) → Jim Fulton (jim-zope)

Revision history for this message

Jim Fulton (jim-zope) wrote on 2017-05-30:

Was this ever used? I just grepped /api/login in prod logs from August and didn't get any hits, so I assume not.

Revision history for this message

Jim Fulton (jim-zope) wrote on 2017-05-30:

(I grepped current prod logs as well).

Revision history for this message

Jim Fulton (jim-zope) wrote on 2017-05-30:

I assume you're use that ripping out jwt isn't going to break the rest of login. :) If I can log in on stage, is that a sufficient test?

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2017-05-30: Re: [Bug 1682917] Remove traces of JWT login

Yep, it’s sufficient. We’ll have Nat kick in various weird ways as well.

—Paul

> On May 30, 2017, at 4:29 PM, Jim Fulton <email address hidden> wrote:
>
> I assume you're use that ripping out jwt isn't going to break the rest
> of login. :) If I can log in on stage, is that a sufficient test?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1682917
>
> Title:
> Remove traces of JWT login
>
> Status in KARL4:
> New
>
> Bug description:
> In my failed attempt to make a rich frontend, I asked Carlos over a
> year ago to give my a JWT-based login. This meant:
>
> - Some views that processed credentials and returned a JWT token
> - A series of dependencies: wsgicors, pyramid_jwt, cryptography, etc.
>
> Let's back out of all of that. Go back and find the commits to see
> what was brought in. It would be very nice to not have those
> dependencies (and that security method) still around.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/karl4/+bug/1682917/+subscriptions

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2017-05-30:

It was used on an Angular admin front end I was stupidly working on, which is now removed.

—Paul

> On May 30, 2017, at 4:16 PM, Jim Fulton <email address hidden> wrote:
>
> Was this ever used? I just grepped /api/login in prod logs from August
> and didn't get any hits, so I assume not.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1682917
>
> Title:
> Remove traces of JWT login
>
> Status in KARL4:
> New
>
> Bug description:
> In my failed attempt to make a rich frontend, I asked Carlos over a
> year ago to give my a JWT-based login. This meant:
>
> - Some views that processed credentials and returned a JWT token
> - A series of dependencies: wsgicors, pyramid_jwt, cryptography, etc.
>
> Let's back out of all of that. Go back and find the commits to see
> what was brought in. It would be very nice to not have those
> dependencies (and that security method) still around.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/karl4/+bug/1682917/+subscriptions

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2017-06-19:

Jim, I think this was done and released, right?

Changed in karl4:
status:	New → In Progress
milestone:	031 → 032

Revision history for this message

Paul Everitt (paul-agendaless) wrote on 2017-08-01:

I'm going to mark this as done and released.

Changed in karl4:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.