Re: [LEDE-DEV] github oauth for webpage editing requests too many permission

[Alberto Bursi]

On 06/08/2017 02:44 PM, Thomas Endt wrote:
> Seems there is finally some movement after I nudged a bit: Pull request has
> been opened.
> https://github.com/cosmocode/dokuwiki-plugin-oauth/issues/41
>
> However, the real implementation date is still unknown, and since the
> solution is so easy, I'd say: Go ahead, apply that change to the LEDE wiki.
>
>
> Thomas
>
>
>

I fixed it and tested with my github account, it asks only for read-only 
access to email now.

-Alberto
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] github oauth for webpage editing requests too many permission

[Thomas Endt]

> Von: Lede-dev [mailto:lede-dev-boun...@lists.infradead.org] Im Auftrag
> von Alberto Bursi
> Gesendet: Mittwoch, 7. Juni 2017 20:11
> 
> On 06/07/2017 05:45 PM, Martin Tippmann wrote:
> > On Wed, Jun 7, 2017 at 5:00 PM, Karl Palsson 
> wrote:
> >> Hi,
> >>
> >> I was trying to fix something on the documentation pages of
> >> lede-project today, and tried to login with github.
> >>
> >> However, the docuwiki/oauth thing is demanding full read/write
> access
> >> to my account, which seems excessive...
> > Hi, we already noticed this:
> > http://lists.infradead.org/pipermail/lede-dev/2016-
> October/003099.html
> >
> > https://github.com/cosmocode/dokuwiki-plugin-oauth/issues/41
> >
> > Looks like the original plugin is still not updated.
> >
> 
> Seems like the fix is pretty trivial though (change a line in a php
> file), see this commit from a fork:
> https://github.com/micgro42/dokuwiki-plugin-
> oauth/commit/39b9184bb4c606c3d0fc43d8e565368bcaab2f92
> 
> Anyone with root access to the server can easily do that on our side.
> 
> I can do that if we agree it's OK to do so.
> 
> -Alberto


Seems there is finally some movement after I nudged a bit: Pull request has
been opened.
https://github.com/cosmocode/dokuwiki-plugin-oauth/issues/41

However, the real implementation date is still unknown, and since the
solution is so easy, I'd say: Go ahead, apply that change to the LEDE wiki.


Thomas




___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] github oauth for webpage editing requests too many permission

[Alberto Bursi]

On 06/07/2017 05:45 PM, Martin Tippmann wrote:
> On Wed, Jun 7, 2017 at 5:00 PM, Karl Palsson  wrote:
>> Hi,
>>
>> I was trying to fix something on the documentation pages of
>> lede-project today, and tried to login with github.
>>
>> However, the docuwiki/oauth thing is demanding full read/write
>> access to my account, which seems excessive...
> Hi, we already noticed this:
> http://lists.infradead.org/pipermail/lede-dev/2016-October/003099.html
>
> https://github.com/cosmocode/dokuwiki-plugin-oauth/issues/41
>
> Looks like the original plugin is still not updated.
>

Seems like the fix is pretty trivial though (change a line in a php 
file), see this commit from a fork:
https://github.com/micgro42/dokuwiki-plugin-oauth/commit/39b9184bb4c606c3d0fc43d8e565368bcaab2f92

Anyone with root access to the server can easily do that on our side.

I can do that if we agree it's OK to do so.

-Alberto
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] github oauth for webpage editing requests too many permission

[Karl Palsson]

Hi,

I was trying to fix something on the documentation pages of
lede-project today, and tried to login with github.

However, the docuwiki/oauth thing is demanding full read/write
access to my account, which seems excessive...

```
LEDE Project (lede-project.org) by lede-project
wants to access your karlp account
Personal user data
Full access
This application will be able to read and write all user data.
This includes the following:

Private email addresses
Private profile information
Followers
Learn more
```

Can someone perhaps reconfigure that to request only what's
necessary to do an oauth login for editing, not granting access
to the account?

Sincerely,
Karl P

signature.html
Description: OpenPGP Digital Signature
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev