Merge lp:~leonardr/launchpad/bug-271010 into lp:launchpad
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Leonard Richardson | ||||
Approved revision: | no longer in the source branch. | ||||
Merged at revision: | 12503 | ||||
Proposed branch: | lp:~leonardr/launchpad/bug-271010 | ||||
Merge into: | lp:launchpad | ||||
Diff against target: |
341 lines (+95/-119) 5 files modified
lib/canonical/launchpad/browser/oauth.py (+0/-20) lib/canonical/launchpad/pagetests/oauth/authorize-token.txt (+16/-10) lib/canonical/launchpad/templates/oauth-authorize.pt (+79/-6) lib/canonical/launchpad/templates/token-authorized.pt (+0/-76) lib/canonical/launchpad/zcml/launchpad.zcml (+0/-7) |
||||
To merge this branch: | bzr merge lp:~leonardr/launchpad/bug-271010 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Graham Binns (community) | code | Approve | |
Review via email: mp+51760@code.launchpad.net |
Commit message
[r=gmb][bug=271010] [ui=none] When a request token is authorized, display the success message immediately instead of redirecting to a page that displays the success message. By the time the browser requests that page, the request token may have been exchanged for an access token, making it impossible to display the success message.
Description of the change
When you authorize a request token on +authorize-token, your browser is redirected to another page. If there's an OAuth callback URL set, you get redirected to that URL. If there's no callback URL, you get redirected to +token-authorized, which just prints a message "yay, you authorized the request token".
Here's the problem: newer versions of launchpadlib are polling Launchpad once a second, trying to exchange that request token for an access token. Once the exchange happens, the request token is destroyed and +token-authorized stops working. If the exchange happens before your browser makes that redirect request, by the time you arrive on +token-authorized your request token will no longer exist. You'll get an OOPS (see bug 271010). Worse, it looks like your integration failed, even though it actually succeeded.
This branch gets rid of +token-authorized altogether. The "yay, you authorized the request token" message is now part of the +authorize-token view, and is sent in response to the request that authorizes the request token. There's no redirect (except to an OAuth callback URL, which is a completely different case) and thus no possibility that the request token is destroyed before the message can be printed.