You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Chris Chabot (JIRA)" <ji...@apache.org> on 2008/05/21 18:55:55 UTC

[jira] Resolved: (SHINDIG-293) OAuth for v0.7

     [ https://issues.apache.org/jira/browse/SHINDIG-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Chabot resolved SHINDIG-293.
----------------------------------

    Resolution: Fixed
      Assignee: Chris Chabot

Thanks for the great patch and amazing work bruno (& jorge, gonzalo, etc) !

I've gone through the pach together with bruno and gonzalo the last day and a half and ran had to change a few things before i could apply it:

- Code formatting, there wasn't a single function that followed the code style of the rest of php shindig... 
   spaces instead of tabs, function { on the wrong line, no spaces before or after=operators, etc
   reformatted the whole (huge) patch, took a bit of work and time though, so please next time take care of this :)
- Dead code, signUrl was legacy cruft that could be removed, did so
- Dead code in comments ... either code experiments or old java code left in comments, or alternate code paths that didn't end up being actuated, fixed
- Few java porting legacy constructions that don't work in PHP such as:
  overloading constructors, PHP only has one constructor, use __constructor ($default = null) or something to give a java like behavior
  classes being instanced, and then re-instanced with another 'constructor'
  etc..
- public.crt was put in the shidnig/php/ root, but due to mod_rewrite you can't access the files there... ive created a new servlet to serve out this certificate, and changed the SigningFetcherFactory to reflect this new location
- Seemed to be some issues in the SignedFetcherFactory where one of the following things were cached under the same cache key:
  A string, content of the priv key
  A resource handle, of a successfull openssl_get_private... function
  A boolean, false
- Also don't cache unless the operation was successfull! If you don't cache on failure the server will try again the next time, which is exactly what we want ...

General note:
Most of the operations in this patch are not checked for their return values, resulting in PHP errors in json replies and such things.. this makes the code difficult to maintain, hard to debug and sometimes impossible to see errors (for example: running out of space in your temp filesystem without being notified) that should be noticed.. not to mention that the code now continues even though there were failures, which leads to a slew of other hard to diagnose behaviors :)

Please make it a habit to always:

if (!$res = operation()) {
  throw new Exception("What failed");
}

Apart from these issues, the code looks absolutely great, and i'm committing the modified code now.


> OAuth for v0.7 
> ---------------
>
>                 Key: SHINDIG-293
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-293
>             Project: Shindig
>          Issue Type: New Feature
>          Components: Common Components (PHP)
>            Reporter: bruno rovagnati
>            Assignee: Chris Chabot
>         Attachments: oauth_php.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> First Implementation of the OAuth feature for shindig PHP 
> HMAC Authorized req
> RSA Authorized and Signed requests

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.