Launchpad itself

Merge lp:~cjwatson/launchpad/who-cares-about-anonymous-consumer-keys into lp:launchpad

  1. who-cares-about-anonymous-consumer-keys
  2. Merge into devel
Proposed by Colin Watson
Status: Merged
Merged at revision: 18537
Proposed branch: lp:~cjwatson/launchpad/who-cares-about-anonymous-consumer-keys
Merge into: lp:launchpad
Diff against target: 68 lines (+5/-34)
2 files modified
lib/lp/services/webapp/servers.py (+5/-10)
lib/lp/services/webservice/stories/xx-service.txt (+0/-24)
To merge this branch: bzr merge lp:~cjwatson/launchpad/who-cares-about-anonymous-consumer-keys
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+336864@code.launchpad.net

Commit message

Stop creating OAuthConsumer rows for anonymous webservice requests.

Description of the change

This seems like as good a way as any to deal with the current test failures on devel.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/services/webapp/servers.py'
2--- lib/lp/services/webapp/servers.py 2018-01-25 12:45:47 +0000
3+++ lib/lp/services/webapp/servers.py 2018-01-30 18:36:33 +0000
4@@ -1284,18 +1284,13 @@
5
6 if consumer is None:
7 if anonymous_request:
8- # This is the first time anyone has tried to make an
9- # anonymous request using this consumer name (or user
10- # agent). Dynamically create the consumer.
11- #
12- # In the normal website this wouldn't be possible
13- # because GET requests have their transactions rolled
14- # back. But webservice requests always have their
15- # transactions committed so that we can keep track of
16- # the OAuth nonces and prevent replay attacks.
17+ # Require a consumer key (or user agent) to be present, so
18+ # that we can apply throttling if necessary. But webservice
19+ # GET requests have their transactions rolled back, and at
20+ # the moment we don't do anything with the consumer in this
21+ # case, so there's no point dynamically creating a consumer.
22 if consumer_key == '' or consumer_key is None:
23 raise TokenException("No consumer key specified.")
24- consumer = consumers.new(consumer_key, '')
25 else:
26 # An unknown consumer can never make a non-anonymous
27 # request, because access tokens are registered with a
28
29=== modified file 'lib/lp/services/webservice/stories/xx-service.txt'
30--- lib/lp/services/webservice/stories/xx-service.txt 2016-09-21 02:50:41 +0000
31+++ lib/lp/services/webservice/stories/xx-service.txt 2018-01-30 18:36:33 +0000
32@@ -76,13 +76,6 @@
33 >>> print response.getheader('status')
34 200 Ok
35
36-Launchpad automatically adds new consumer keys it sees to its database.
37-
38- >>> login(ANONYMOUS)
39- >>> print consumer_set.getByKey(u'another-new-consumer').key
40- another-new-consumer
41- >>> logout()
42-
43 Anonymous requests can't access certain data.
44
45 >>> response = anon_webservice.get(body['me_link'])
46@@ -129,23 +122,6 @@
47 ...
48 {...}
49
50-Here, too, the OAuth consumer name is automatically registered if it
51-doesn't exist.
52-
53- >>> login(ANONYMOUS)
54- >>> print consumer_set.getByKey(agent).key
55- unsigned-user-agent
56- >>> logout()
57-
58-Here's another request now that the User-Agent has been registered as
59-a consumer name.
60-
61- >>> response = request_with_user_agent(agent)
62- >>> print response.getOutput()
63- HTTP/1.1 200 Ok
64- ...
65- {...}
66-
67 An unsigned request, like a request signed with the empty string,
68 isn't logged in as any particular user:
69