[PATCH 0 of 1 RFC] login-required pragma

Thomas De Schampheleire patrickdepinguin at gmail.com
Wed Mar 25 06:34:44 EDT 2015


On Mon, Mar 23, 2015 at 8:36 PM, Mads Kiilerich <mads at kiilerich.com> wrote:
> On 03/22/2015 02:34 PM, Thomas De Schampheleire wrote:
>>
>> Hi Mads,
>>
>> On Fri, Mar 20, 2015 at 1:09 AM, Mads Kiilerich <mads at kiilerich.com>
>> wrote:
>>>
>>> On 03/19/2015 09:34 PM, Thomas De Schampheleire wrote:
>>>>
>>>> Hi,
>>>>
>>>> Issue I'm trying to solve is this: we're implementing a script to
>>>> create a pull request directly from a repo, without using the web
>>>> interface. This script uses an API key to authenticate.
>>>>
>>>> When authentication fails (invalid API key) you still get a valid
>>>> redirection response, but to a login screen rather than to the
>>>> pullrequest
>>>> page. This makes it difficult for the script to differentiate a success
>>>> from
>>>> a failure. One would have to search the response body for a certain
>>>> string,
>>>> which is fragile.
>>>>
>>>> The RFC that I'm sending adds an HTTP pragma header 'login-required' to
>>>> the
>>>> response, which can be checked by the script in a reliable way.
>>>>
>>>> Let me know what you think of this, and whether you see alternative
>>>> solutions.
>>>
>>>
>>> So you are creating the web service / API for PR creation you mentioned?
>>
>> Yes indeed. However, it turned out to be much more easy: just adding
>> the 'PullRequestController:create' method in the API whitelist is
>> enough. I don't need any further adaptation, so I did not use a
>> regular API.
>>
>> This login-required pragma could solve my problem, but meanwhile I
>> think a better approach is to simply check the redirection URL: if it
>> contains 'login' then authentication failed. This simpler solution
>> does not require changes in Kallithea and is fine for me. So this
>> patch can be rejected.
>
>
> How about this: When accessing through API, don't redirect to login on
> missing authentication; just fail.

Sounds good. I implemented this, and cleaned up the LoginRequired
logic. Will send patches in a few minutes...

Thanks for the feedback,
Thomas


More information about the kallithea-general mailing list