-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change token path authentication to /PROJECT/join/TOKEN #843
Conversation
Thanks for opening a new discussion on this.
Could you please elaborate on why this would be bad from your standpoint? Thanks :-) If the URL is related to a project id, then the name could be |
Disregard this, I haven't understood this was a pull request with code attached and was thinking about it the wrong way. I find it a bit hackish to check on the dot in the URL, but that could work! |
@almet commented on 10 oct. 2021, 16:34 UTC+2:>
When deserializing,
Regarding the path, I have mixed feeling:
|
I feel we should go this way with /join. The odds that this is used are fairly low in my opinion. I see two ways to solve this :
But… whatever works! :-) |
@almet commented on 10 oct. 2021, 22:02 UTC+2:
In this case we need to keep the regexp converter for |
I feel like If you think it's too long, just shorten |
Or it could mean that we need to change the URL structure altogether but… yeah, this would kinda suck. Sorry for making this wrong choice in the first place.
Okay, I think I'm coming to the same conclusion. I would be against the |
this remove the need for the regex route converter. Nice.
OK, done, I think it can be merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good. I would change the name of the route though. Cheers!
The last change here is on invalid token. At first, I mimic the old behavior by redirecting to the authentication form, but it was error prone from both the code and the user point of view. |
Tests are using a lot of CPU an (wo)manpower, but sometimes, you know it worth it. |
See #802 for initial conversation.
I left
project_id/token
since we need to validate that the project exist before validating the token.Otherwise, it means extracting it from the token without verifying the signature in a first step, and I'm not comfortable with this. With this, the project is checked with
pull_project
preprocessor, as every other endpoint.Discussion is opened 😄