On Mon, Mar 23, 2015 at 8:36 PM, Mads Kiilerich <[email protected]> wrote: > On 03/22/2015 02:34 PM, Thomas De Schampheleire wrote: >> >> Hi Mads, >> >> On Fri, Mar 20, 2015 at 1:09 AM, Mads Kiilerich <[email protected]> >> wrote: >>> >>> On 03/19/2015 09:34 PM, Thomas De Schampheleire wrote: >>>> >>>> Hi, >>>> >>>> Issue I'm trying to solve is this: we're implementing a script to >>>> create a pull request directly from a repo, without using the web >>>> interface. This script uses an API key to authenticate. >>>> >>>> When authentication fails (invalid API key) you still get a valid >>>> redirection response, but to a login screen rather than to the >>>> pullrequest >>>> page. This makes it difficult for the script to differentiate a success >>>> from >>>> a failure. One would have to search the response body for a certain >>>> string, >>>> which is fragile. >>>> >>>> The RFC that I'm sending adds an HTTP pragma header 'login-required' to >>>> the >>>> response, which can be checked by the script in a reliable way. >>>> >>>> Let me know what you think of this, and whether you see alternative >>>> solutions. >>> >>> >>> So you are creating the web service / API for PR creation you mentioned? >> >> Yes indeed. However, it turned out to be much more easy: just adding >> the 'PullRequestController:create' method in the API whitelist is >> enough. I don't need any further adaptation, so I did not use a >> regular API. >> >> This login-required pragma could solve my problem, but meanwhile I >> think a better approach is to simply check the redirection URL: if it >> contains 'login' then authentication failed. This simpler solution >> does not require changes in Kallithea and is fine for me. So this >> patch can be rejected. > > > How about this: When accessing through API, don't redirect to login on > missing authentication; just fail.
Sounds good. I implemented this, and cleaned up the LoginRequired logic. Will send patches in a few minutes... Thanks for the feedback, Thomas _______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
