Launchpad itself

broken inline incremental ajax diff on private branches

Bug #904070 reported by Martin Pool
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Low
Colin Watson

Bug Description

following on from bug 813349: the inline incremental diff does not work on private branches, because loggerhead and lp use different authentication cookies.

There are a few ways we could fix this:

1- it actually work for private branches
  1a- make lp and loggerhead understand the same cookie
  1b- make the front end check and rewrite the authentication when it passes through a request
2- add a feature scope that checks privacy and use this to turn off the feature there (which would be generally useful)
3- in code, turn this off for private branches

I'm inclined to do #2.

Related branches

lp:~cjwatson/launchpad/better-bzr-mp-diffs
William Grant: Approve (code)
Diff: 506 lines (+230/-34)
11 files modified
lib/lp/code/browser/branch.py (+48/-0)
lib/lp/code/browser/branchmergeproposal.py (+9/-12)
lib/lp/code/browser/configure.zcml (+5/-1)
lib/lp/code/browser/gitrepository.py (+12/-10)
lib/lp/code/browser/tests/test_branch.py (+72/-0)
lib/lp/code/browser/tests/test_branchmergeproposal.py (+19/-2)
lib/lp/code/browser/tests/test_gitrepository.py (+18/-2)
lib/lp/code/interfaces/branch.py (+10/-1)
lib/lp/code/model/branch.py (+6/-0)
lib/lp/code/tests/helpers.py (+16/-1)
lib/lp/services/webapp/publisher.py (+15/-5)
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

I like the sound of 1a tbh. I think we should add a translatePath-like method that takes the value of the session cookie, and have the loggerhead glue read this cookie (in secure mode, though it should not be sent at all over http) and pass it to the translatePath method. This would allow us to get rid of a lot of code from the glue, and the hack where logging out goes via bazaar.lp.net.

It might involve a bit of grovelling around in the auth code to interpret the cookie. Thinking about it a little more, it might even 'just work' to attach the cookie verbatim to the XML-RPC request to translatePath... that would need testing though. This would make the xml-rpc method implementation simpler, and avoid the risk of disclosing the session cookie in oopses and such. I don't know if the PrivateXMLRPCPublication stuff is set up to process the session cookie either, but that can't be too hard to change if needed...

Revision history for this message
Robert Collins (lifeless) wrote :

1a is totally appropriate. +1.

Long term we want loggerhead to be a backend service, but this is a good cleanup step that will reduce the surface area to consider when backending it comes along.

Curtis Hovey (sinzui)
tags: added: javascript
Colin Watson (cjwatson)
Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :

Fixed in stable r18707 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/18707>.

tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Colin Watson (cjwatson)
tags: added: qa-ok
removed: qa-needstesting
Colin Watson (cjwatson)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.