broken inline incremental ajax diff on private branches
Bug #904070 reported by
Martin Pool
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Colin Watson |
Bug Description
following on from bug 813349: the inline incremental diff does not work on private branches, because loggerhead and lp use different authentication cookies.
There are a few ways we could fix this:
1- it actually work for private branches
1a- make lp and loggerhead understand the same cookie
1b- make the front end check and rewrite the authentication when it passes through a request
2- add a feature scope that checks privacy and use this to turn off the feature there (which would be generally useful)
3- in code, turn this off for private branches
I'm inclined to do #2.
Related branches
lp://staging/~cjwatson/launchpad/better-bzr-mp-diffs
- William Grant (community): Approve (code)
-
Diff: 506 lines (+230/-34)11 files modifiedlib/lp/code/browser/branch.py (+48/-0)
lib/lp/code/browser/branchmergeproposal.py (+9/-12)
lib/lp/code/browser/configure.zcml (+5/-1)
lib/lp/code/browser/gitrepository.py (+12/-10)
lib/lp/code/browser/tests/test_branch.py (+72/-0)
lib/lp/code/browser/tests/test_branchmergeproposal.py (+19/-2)
lib/lp/code/browser/tests/test_gitrepository.py (+18/-2)
lib/lp/code/interfaces/branch.py (+10/-1)
lib/lp/code/model/branch.py (+6/-0)
lib/lp/code/tests/helpers.py (+16/-1)
lib/lp/services/webapp/publisher.py (+15/-5)
tags: | added: javascript |
Changed in launchpad: | |
assignee: | nobody → Colin Watson (cjwatson) |
status: | Triaged → In Progress |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I like the sound of 1a tbh. I think we should add a translatePath-like method that takes the value of the session cookie, and have the loggerhead glue read this cookie (in secure mode, though it should not be sent at all over http) and pass it to the translatePath method. This would allow us to get rid of a lot of code from the glue, and the hack where logging out goes via bazaar.lp.net.
It might involve a bit of grovelling around in the auth code to interpret the cookie. Thinking about it a little more, it might even 'just work' to attach the cookie verbatim to the XML-RPC request to translatePath... that would need testing though. This would make the xml-rpc method implementation simpler, and avoid the risk of disclosing the session cookie in oopses and such. I don't know if the PrivateXMLRPCPu blication stuff is set up to process the session cookie either, but that can't be too hard to change if needed...