On Fri, Oct 21, 2016 at 4:38 PM, Strainu strainu10@gmail.com wrote:
2016-10-22 1:16 GMT+03:00 Gergo Tisza gtisza@wikimedia.org:
Are you worried that the users are going to give positive reviews to themselves to bias the scores?
Authentication is used only to ensure they don't claim somebody else's submissions (say, Gerrit Patch Uploader's :) ). Yes, this could probably be detected manually, but we're trying to go with an automated workflow where manual interventions are at a minimum.
Can you better explain what you are after?
I'm simply trying to make it easy for the users. In the current version of the tool, they login with the github account and the rest happens "magically": the tool retrieves their pull requests and scores them according to a predefined set of criteria - no need for user input of any kind. I just want the same workflow for patches submitted to gerrit and I needed a way to authenticate the users and match the information I have from the OAuth endpoint with reviews from gerrit.
Today there is no accessible mapping between Wikimedia unified accounts (the account you use on en.wikipedia.org as an example) and Wikitech/Gerrit accounts. As Alex pointed out earlier in the thread there is some work being done to unify these systems, but that unification is quite far off currently.
There is however a one to one mapping between a Wikitech username and Gerrit username. My Wikitech username is "BryanDavis" and so is my Gerrit username (https://gerrit.wikimedia.org/r/#/q/owner:BryanDavis). If the mapping is not an identity mapping, then it would be still be contained in the LDAP directory that any Labs project or Tool Labs tool can query. The "cn" LDAP attribute is a user's Wikitech username, so you can search for a Wikitech user's LDAP record with something like `ldapsearch -xLLL cn=BryanDavis` from a command line or a similar query using an LDAP library. I am unsure if Gerrit uses the "cn" or "sn" attribute of the same record as the account's login name. For many records in our LDAP directory it would not matter as the values are the same, but I know I ran across some records when I was deploying https://labsadmin.wikimedia.org/ where the two values differ.
OAuth was recently re-enabled on the Wikitech server, so you would need to register your OAuth consumer there (https://wikitech.wikimedia.org/wiki/Special:OAuthConsumerRegistration) and interact with wikitech.wikimedia.org in your client code.
Bryan