On 03/19/2015 09:34 PM, Thomas De Schampheleire wrote:
Hi,
Issue I'm trying to solve is this: we're implementing a script to
create a pull request directly from a repo, without using the web
interface. This script uses an API key to authenticate.
When authentication fails (invalid API key) you still get a valid
redirection response, but to a login screen rather than to the pullrequest
page. This makes it difficult for the script to differentiate a success from
a failure. One would have to search the response body for a certain string,
which is fragile.
The RFC that I'm sending adds an HTTP pragma header 'login-required' to the
response, which can be checked by the script in a reliable way.
Let me know what you think of this, and whether you see alternative
solutions.
So you are creating the web service / API for PR creation you mentioned?
It seems to me like the problem is that you get _any_ redirection all
from from such a "RPC" call. Missing authentication should just fail.
(It would perhaps make sense for a successful REST API call to redirect
to the new resource location but it seems to me like JSON RPC just
should return the location as a result value.)
We spoke about how much logic should be in the "controller" and how much
should be in the "model". In this case I would say that the logic for
login redirection and redirection to the created resource belongs in the
"web controller" while the actual PR creation logic should live in
something that is closer to the model ("model controller"?) so you can
use it from the "api controller".
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
