On Mon, 03 Jun 2013 19:43:28 -0700, Tyler Romeo <tylerro...@gmail.com>
wrote:
On Mon, Jun 3, 2013 at 8:18 PM, Chris Steipp <cste...@wikimedia.org>
wrote:
We are trying to finish the items in scope (SUL rework, OAuth, and a
review of the OpenID extension) by the end of this month.
Speaking of this, there's an OAuth framework attempt here:
https://gerrit.wikimedia.org/r/66286
Am I the only person who thinks it's a bad idea for the AuthPlugin class
to
be relying on the ApiBase class for its interface? Especially since the
AuthPlugin framework isn't supposed to handle authorization logic anyway.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerro...@gmail.com
OAuth shouldn't even be implemented with AuthPluigin in the first place.
At a few glances that code looks messed up. The use of a ScopedCallback
(who the hell added this in the first place) looks messed up too, I see
that as something that could be prone to mistakes. Looks like if you
carelessly forget to hold on to it long enough and all of a sudden code
that's supposed to have limited permissions could get full permissions.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
