Page MenuHomeDevCentral

[WIP] [DO NOT MERGE] External accounts
Changes PlannedPublic

Authored by dereckson on Jul 2 2016, 08:51.
Tags
None
Referenced Files
F3913451: D445.diff
Thu, Dec 19, 10:07
Unknown Object (File)
Tue, Dec 17, 06:54
Unknown Object (File)
Tue, Dec 17, 02:29
Unknown Object (File)
Tue, Dec 17, 01:50
Unknown Object (File)
Fri, Dec 13, 20:05
Unknown Object (File)
Fri, Dec 13, 18:17
Unknown Object (File)
Fri, Dec 13, 13:15
Unknown Object (File)
Fri, Dec 13, 01:01
Subscribers

Details

Summary

Allow to log in to external accounts.

Pretty ready, but still need:

  • actions logging to provide both to users and site administrators an audit
  • UI to link
  • Undo stuff should be committed as a separate commit (don't forget Controller).
Test Plan
  • unit tests for LinkExternalUserAccount
  • integration tests still to prepare
  • each login and link scenario manually tested and audited

Diff Detail

Repository
rGROVE Auth Grove
Lint
Lint Passed
Unit
Tests Passed
Branch
WIP
Build Status
Buildable 729
Build 856: arc lint + arc unit

Event Timeline

dereckson retitled this revision from to [WIP] [DO NOT MERGE] External accounts.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: dereckson.
dereckson edited edge metadata.

Rebased against D446 and D447.

Two autonomous commits to extract:

  • routing: config/auth.php, app/Http/Controllers/Auth/AuthController.php
  • events listener from config: config/app.php, app/Listeners/ExternalUserListener.php
dereckson edited edge metadata.

Proofing code comments and selection of autonomous parts (see previous comment)

authurl() is now a global function, not a directive,
to avoid URLs to be subst'ed at template compile time.

  • Undo capability
  • UI is working
  • Rebased against D462

Undo should probably released as a keruald/undo library.

Logging and audit should be implemented before to merge this,
so we can also implement logging when we ship this feature.

Previous test issue was introduced when we added the source_username field:
our mock didn't have a nickname property.

I noticed interface offers getNickname and getId method, but public properties
are added by the final implementation. We'll so use get methods.

Space between the trash icon and Delete

app/Undo/UndoStore.php
113

MediaWiki uses fnv1a32 since June 22, instead of sha1.

They wanted an hash with the following specifications:

  • Already implemented in PHP
  • Easy to implement in JavaScript
  • Fast
  • Collision-resistant

FNV-1 is their winner.

https://phabricator.wikimedia.org/rMWdfd046412fc94b7e5788c04a24d2db08480f75c6

Constructor for UndoStore

Use Eloquent relationships.

Eloquent provides mathods to abstract the relationships between models.

Fix UndoStack issue, more tests.

UndoStack: InvalidArgumentException

ExternalSourcesController uses UndoStack

We still need to offer somewhere an easier access to that stack.

Local improvement for UndoStackTest class

Simplify ExternalSourcesController::undo

Get rid of storeUndoToSession

dereckson added a subscriber: xcombelle.
dereckson added inline comments.
app/Http/Controllers/Account/ExternalSourcesController.php
109

Ensure this method can't be called directly by a simple URL visit, but is handled through a CSRF token process (thanks @xcombelle).