Thank you all for your suggestions. I'll discuss with the people who implemented the original application and decide on the best approach given the limited resources and time.
Strainu
2016-10-22 3:23 GMT+03:00 Gergo Tisza gtisza@wikimedia.org:
On Fri, Oct 21, 2016 at 3:38 PM, Strainu strainu10@gmail.com wrote:
I'm simply trying to make it easy for the users. In the current version of the tool, they login with the github account and the rest happens "magically": the tool retrieves their pull requests and scores them according to a predefined set of criteria - no need for user input of any kind. I just want the same workflow for patches submitted to gerrit and I needed a way to authenticate the users and match the information I have from the OAuth endpoint with reviews from gerrit.
In that case, I would require them to prove account ownership by sending an email to the gerrit email address with a verification link.
Or you could require that that email address is present in Github (it does not have to be the primary address, and this is a good practice anyway as it will ensure that the clone repo on Github attributes the patch to them correctly once it gets merged - although in theory the Gerrit owner, committer and author email address could be three different things, but that's unlikely to happen) and then verify that somehow. You can probably just upload a gist with that address and check whether Github attributes it to them. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l