On 03/22/2015 02:34 PM, Thomas De Schampheleire wrote:
Hi Mads,
On Fri, Mar 20, 2015 at 1:09 AM, Mads Kiilerich <[email protected]> wrote:
On 03/19/2015 09:34 PM, Thomas De Schampheleire wrote:
Hi,
Issue I'm trying to solve is this: we're implementing a script to
create a pull request directly from a repo, without using the web
interface. This script uses an API key to authenticate.
When authentication fails (invalid API key) you still get a valid
redirection response, but to a login screen rather than to the pullrequest
page. This makes it difficult for the script to differentiate a success
from
a failure. One would have to search the response body for a certain
string,
which is fragile.
The RFC that I'm sending adds an HTTP pragma header 'login-required' to
the
response, which can be checked by the script in a reliable way.
Let me know what you think of this, and whether you see alternative
solutions.
So you are creating the web service / API for PR creation you mentioned?
Yes indeed. However, it turned out to be much more easy: just adding
the 'PullRequestController:create' method in the API whitelist is
enough. I don't need any further adaptation, so I did not use a
regular API.
This login-required pragma could solve my problem, but meanwhile I
think a better approach is to simply check the redirection URL: if it
contains 'login' then authentication failed. This simpler solution
does not require changes in Kallithea and is fine for me. So this
patch can be rejected.
How about this: When accessing through API, don't redirect to login on
missing authentication; just fail.
/Mads
_______________________________________________
kallithea-general mailing list
[email protected]
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
