On Mon, 03 Jun 2013 19:43:28 -0700, Tyler Romeo <tylerromeo(a)gmail.com>
wrote:
On Mon, Jun 3, 2013 at 8:18 PM, Chris Steipp
<csteipp(a)wikimedia.org>
wrote:
We are trying to finish the items in scope (SUL
rework, OAuth, and a
review of the OpenID extension) by the end of this month.
Speaking of this, there's an OAuth framework attempt here:
https://gerrit.wikimedia.org/r/66286
Am I the only person who thinks it's a bad idea for the AuthPlugin class
to
be relying on the ApiBase class for its interface? Especially since the
AuthPlugin framework isn't supposed to handle authorization logic anyway.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
OAuth shouldn't even be implemented with AuthPluigin in the first place.
At a few glances that code looks messed up. The use of a ScopedCallback
(who the hell added this in the first place) looks messed up too, I see
that as something that could be prone to mistakes. Looks like if you
carelessly forget to hold on to it long enough and all of a sudden code
that's supposed to have limited permissions could get full permissions.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]