You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@whimsical.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2016/03/20 14:26:33 UTC

[jira] [Commented] (WHIMSY-54) Re-organise auth. by TLD?

    [ https://issues.apache.org/jira/browse/WHIMSY-54?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15203293#comment-15203293 ] 

Sebb commented on WHIMSY-54:
----------------------------

It should be possible to have the server save the authenticated user id in a variable.
For example, HTTP_X_AUTHENTICATED_USER is used by reporter.a.o

This would be safer than saving the auth credentials, and can be used to implement additional karma checks if necessary for a particular app.

> Re-organise auth. by TLD?
> -------------------------
>
>                 Key: WHIMSY-54
>                 URL: https://issues.apache.org/jira/browse/WHIMSY-54
>             Project: Whimsy
>          Issue Type: Improvement
>            Reporter: Sebb
>
> Various parts of Whimsy require auth.
> At present this is done per app, which results in quite a complicated scheme.
> Also the auth conf is held in puppet whereas the app is in the Whimsy repo, so it's tricky to relate them.
> When adding a new app, the puppet config has to be updated as well.
> This can easily be overlooked.
> Maybe we should just use auth at the top level directory?
> This might require some apps to be moved, but would be much simpler to maintain going forward.
> The following levels are used currently:
> None
> ASF Committers
> ASF Members and Incubator PMC
> ASF Members and Officers
> ASF Members
> ASF Secretarial Team
> This suggests the following directories as a minimum:
> committers
> incubator
> officers
> members
> secretary



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)