launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #20347
[Merge] lp:~cjwatson/launchpad/snap-authorize-view into lp:launchpad
The proposal to merge lp:~cjwatson/launchpad/snap-authorize-view into lp:launchpad has been updated.
Description changed to:
Now that +login supports acquiring discharge macaroons (see the prerequisite branch), we can add a view that fetches a root macaroon from SCA, sends the user off to SSO to get a discharge for it via OpenID, and stores the result when they come back. In subsequent branches, we'll redirect to this view when users make changes to store upload settings, and mail the user if their existing store secrets have expired pointing them to this view.
There are a couple of slightly shonky bits here, which I think are acceptable for the time being but are worth noting:
* +login redirects to this view at the end of the OpenID exchange, so we end up storing data in GET requests and manually committing transactions. It's at least idempotent, but perhaps in future we should do an OpenID-like thing where we return an auto-submitting form rather than redirecting.
* Since we don't want to give SSO access to the root macaroon (it happens to be fine in this instance, but is a poor precedent to set), we store it in Snap.store_secrets before the exchange is complete. This means that if you hit Snap:+authorize when you already had valid secrets then Launchpad won't be able to upload builds for you until you complete the exchange. Fortunately this is mostly "don't do that, then".
Since this introduces pymacaroons, we need https://code.launchpad.net/~cjwatson/meta-lp-deps/libsodium/+merge/294316 deployed to buildbot and production systems and a corresponding dependencies commit before we can land this.
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/snap-authorize-view/+merge/294358
--
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/snap-authorize-view into lp:launchpad.
References