Skip to content
Snippets Groups Projects

fix: Migrate away from /userinfo

Merged fix: Migrate away from /userinfo
zacharysabourin/eclipse-openvsx-api:zacharysabourin/main/25 into main
1 unresolved thread
Merged Zachary Sabourin requested to merge zacharysabourin/eclipse-openvsx-api:zacharysabourin/main/25 into main
1 unresolved thread

Resolves #25 (closed)

Merge request reports

Approved by
Martin Lowe

Merged by Zachary SabourinZachary Sabourin 1 year ago (Jun 29, 2023 6:02pm UTC)

Merge details

Pipeline #19129 passed

Stage: external

    Pipeline passed for 1a81dc82 on main

    Activity

    Filter activity
    • Approvals
    • Assignees & reviewers
    • Comments (from bots)
    • Comments (from users)
    • Commits & branches
    • Edits
    • Labels
    • Lock status
    • Mentions
    • Merge request status
    • Tracking
    src/main/java/org/eclipsefoundation/openvsx/request/OAuthFilter.java
    55 62
    56 63 DrupalOAuthData tokenStatus = oauthService.validateTokenStatus(token, validScopes.get(),
    57 64 validClientIds.get());
    58 if (tokenStatus != null) {
    59 65
    60 // Set token data into context
    61 requestContext.setProperty(RequestContextPropertyNames.TOKEN_STATUS, tokenStatus);
    66 // The incoming token must have a user associated with it.
    67 if (tokenStatus == null || tokenStatus.getUserId() == null) {
    68 throw new FinalForbiddenException("Invalid user credentials");
    • Martin Lowe
      Martin Lowe @malowe ·
      Maintainer

      Just checking, but all endpoints require auth for this API? This is an inversion of what was here before and I want to be sure that is intended

    • Zachary Sabourin
      Zachary Sabourin @zacharysabourin ·
      Author Contributor

      Yup! The behavior is the same. All endpoints are authenticated.

      It didn't need to explicitly deny the user since it would spit out any auth errors from /userinfo. Since I'm relying on the user search, I'm just denying any anonymous tokens

    • Please register or sign in to reply
  • Martin Lowe approved this merge request

    approved this merge request

  • Zachary Sabourin merged

    merged

  • Zachary Sabourin mentioned in commit 1a81dc82

    mentioned in commit 1a81dc82

    • Please register or sign in to reply

    Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent