Implementation of Oauth of Github, Google and Microsoft #4298
Conversation
feyruzb
force-pushed
the
branch-2-backup
branch
2 times, most recently
from
5ce7f18 to
68eaf7b
Compare
feyruzb
force-pushed
the
branch-2-backup
branch
2 times, most recently
from
de2e213 to
d3f6b29
Compare
There was a problem hiding this comment.
Please see my remarks.
I have some additional comments apart from the direct in code messages:
- My major concern with the implementation is that the oauth related API and its implementation is not generalized enough. The configuration is good enough for the time being.
- I am not sure if we are allowed to use the Git Hub logo in our repo.
- Please invite @cservakt to review the JS and VueJS parts.
I did not do a thorough review of the oauth flow in authentication.py after you addressed the above issues I will do another round concentrating on that.
Thanks for the hard work!
feyruzb
force-pushed
the
branch-2-backup
branch
10 times, most recently
from
12c68e7 to
f064c2b
Compare
feyruzb
force-pushed
the
branch-2-backup
branch
3 times, most recently
from
b4d5a0a to
d3847d6
Compare
…s, commented lines
feyruzb
force-pushed
the
branch-2-backup
branch
7 times, most recently
from
d107d90 to
fcc5cd5
Compare
| @@ -16,6 +16,9 @@ Table of Contents | |||
| * [<i>LDAP</i> authentication](#ldap-authentication) | |||
| * [Configuration options](#configuration-options) | |||
| * Membership in custom groups with [<i>regex_groups</i>](#regex_groups-authentication) | |||
There was a problem hiding this comment.
The regex_groups could be a sub-point like OAuth authentication.
web/api/authentication.thrift
Outdated
| // Returns list of providers for oauth for respective appearence of buttons. | ||
| list<string> getOauthProviders(), | ||
|
|
||
| // Create a link for the user to log in for github Oauth. |
There was a problem hiding this comment.
Fixed, corrected wrong comment
| "< DATETIME(\"" + date + "\")") | ||
| session.commit() | ||
| LOG.info("Expired state, validation codes removed successfully.") | ||
| except sqlite3.Error as e: |
There was a problem hiding this comment.
Why is it catching only sqlite3 errors? How about other database engines?
There was a problem hiding this comment.
Fixed, removed specific catch for sqlite3 and replaced with more general.
|
|
||
| LOG.info("State inserted successfully.") | ||
|
|
||
| except sqlite3.Error as e: |
There was a problem hiding this comment.
Why is it catching only sqlite3 errors? How about other database engines?
There was a problem hiding this comment.
Fixed, removed specific catch for sqlite3 and replaced with more general.
| @timeit | ||
| def createLink(self, provider): | ||
| """ | ||
| For creating a autehntication link for OAuth for specified provider |
There was a problem hiding this comment.
| For creating a autehntication link for OAuth for specified provider | |
| For creating an authentication link for OAuth for specified provider. |
There was a problem hiding this comment.
Fixed, reformulated the explanation.
| user_info = None | ||
| username = None |
There was a problem hiding this comment.
Unnecessary initialization.
| # if the provider is github it fetches primary email | ||
| # from another api endpoint to maintain username as email | ||
| # consistency between GitHub and other providers |
There was a problem hiding this comment.
What do we use "username" for in CodeChecker? If we want to identify authorized users by their e-mail addresses, then couldn't we use the "email" attribute of their user info? In this case it wouldn't be needed to distinguish GitHub here.
| provider_cfg = self.__auth_config.get( | ||
| 'method_oauth', {}).get("providers", {}).get(provider, {}) | ||
|
|
||
| # turn off configuration if it is set to default values |
There was a problem hiding this comment.
What is the purpose of this protection? I would say that examples can be provided in the documentation, but the template config file can have empty values and OAuth method being disabled.
| @@ -64,6 +66,10 @@ def setup_class_common(): | |||
|
|
|||
| codechecker.add_test_package_product(host_port_cfg, TEST_WORKSPACE) | |||
|
|
|||
| subprocess.Popen(["python3", "oauth_server.py"], | |||
| cwd="tests/functional/authentication") | |||
| sleep(5) | |||
There was a problem hiding this comment.
Is this sleep() operation intended or accidental?
| self.last_access = last_access if last_access else datetime.now() | ||
|
|
||
| def get_access_token(self): |
There was a problem hiding this comment.
Where is this function used?
There was a problem hiding this comment.
not used anywhere yet, just created it in advance to fetch access token.
feyruzb
force-pushed
the
branch-2-backup
branch
12 times, most recently
from
aa6a37c to
6bc0652
Compare
feyruzb
force-pushed
the
branch-2-backup
branch
7 times, most recently
from
d4127c8 to
2452509
Compare
feyruzb
force-pushed
the
branch-2-backup
branch
from
2452509 to
79325da
Compare
fixes #4160
The right way it should look after logging in
new added button to log in with github
Changes: