| Summary: | [ews-app] Use API_KEY to accept results data | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Aakash Jain <aakash_jain> | ||||
| Component: | Tools / Tests | Assignee: | Aakash Jain <aakash_jain> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | aakash_jain, ap, commit-queue, dean_johnson, dewei_zhu, jbedard, kocsen_chung, lforschler, webkit-bug-importer | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | Other | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
Aakash Jain
2019-04-01 13:43:44 PDT
Created attachment 366419 [details]
Patch
Comment on attachment 366419 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=366419&action=review > Tools/BuildSlaveSupport/ews-app/ews/views/results.py:46 > + if data.get('EWS_API_KEY') != os.getenv('EWS_API_KEY', None): Is both bot and server without 'EWS_API_KEY' set still working expected? > Is both bot and server without 'EWS_API_KEY' set still working expected?
Yes, I tested that scenario, works fine.
Comment on attachment 366419 [details]
Patch
r=me
Comment on attachment 366419 [details] Patch Clearing flags on attachment: 366419 Committed r243716: <https://trac.webkit.org/changeset/243716> All reviewed patches have been landed. Closing bug. This is probably _fine_, but traditionally API keys are vended by the application (and then safely kept somewhere) and verified against that. The proposed approach makes this app kind of like a "master password" approach which I think has limitations for the application. Here's a very simple example on what I would expect the functionality of this app to be like: https://django-simple-api-key.readthedocs.io/en/latest/usage.html |