launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] lp:~xnox/launchpad/devel into lp:launchpad

To: William Grant <me@xxxxxxxxxxxxxxxxxx>
From: Dimitri John Ledkov <launchpad@xxxxxxxxxxxx>
Date: Thu, 24 Apr 2014 16:04:40 -0000
In-reply-to: <20140424155744.27100.44411.codereview@gac.canonical.com>
Reply-to: mp+217079@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

> This seems to remove the test that verifies the behaviour that every existing
> Launchpad API client relies on. Why do you want to change the behaviour in the
> first place?

Right, i'll readd it back again. At the moment it exposes a bug though, since header-signature type doesn't appear to invalidate request token, thus one can exchange for access token unlimited amount of times. Only body-signature type seems to correctly raise 401 upon subsequent requests.

So at the moment the test change exposes buggy behaviour with header-signature. I'll make sure to re-introduce body-signature tests and test header-signatures separately.


----------------------------------------------------------------------
File "lib/lp/services/oauth/stories/access-token.txt", line 42, in access-token.txt
Failed example:
    auth_browser.open(
        'http://launchpad.dev/+access-token')
Differences (ndiff with -expected +actual):
    - Traceback (most recent call last):
    - ...
    - HTTPError: HTTP Error 401: Unauthorized

-- 
https://code.launchpad.net/~xnox/launchpad/devel/+merge/217079
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.

References

Re: [Merge] lp:~xnox/launchpad/devel into lp:launchpad
From: William Grant, 2014-04-24