Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MBS-12162: Do not require auth for non-private tag WS queries #2387

Merged
merged 1 commit into from Feb 7, 2022
Merged

MBS-12162: Do not require auth for non-private tag WS queries #2387

merged 1 commit into from Feb 7, 2022

Conversation

reosarevok
Copy link
Member

@reosarevok reosarevok commented Jan 17, 2022
edited

Fix MBS-12162

We were requiring auth for anything related to the tag resource, but as per WS::2::Tag only tag_lookup and tag_submit
should require auth (since they actually interact with the user's own tags). Tag search, which just searches for tag names matching a string, should not require any sort of authentication, since it's equivalent to other public searches.

Tested by actually going to both /ws/2/tag/?query=shoegaze and /ws/2/tag?id=ed35bc92-2b5a-4ddf-96d2-51af9ab239e7&entity=artist and making sure the first no longer requires logging in, while the second still does.

@reosarevok
MBS-12162: Do not require auth for non-private tag WS queries
19b59db 
We were requiring auth for anything related to the tag resource,
but as per WS::2::Tag only tag_lookup and tag_submit
should require auth (since they actually interact with the user's
own tags). Tag search, which just searches
for tag names matching a string, should not require any sort
of authentication, since it's equivalent to other public searches.
@reosarevok reosarevok added the Bug Bugs that should be checked/fixed soonish label Jan 17, 2022
yvanzo
yvanzo approved these changes Feb 3, 2022
View reviewed changes
Copy link
Contributor

@yvanzo yvanzo left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTMBDNT but we are missing tests for this validate method. @reosarevok: Not sure how to add it to the MBS Test Review doc (since it does list existing tests, not missing tests)?

@reosarevok
Copy link
Member Author

I'll try and add a test for this - but feel free to add a new section at the end maybe for stuff we know is missing tests?

@reosarevok
Copy link
Member Author

I started #2411 for adding WebService::Validator tests.

@reosarevok reosarevok merged commit 8e64f02 into metabrainz:master Feb 7, 2022
@reosarevok reosarevok deleted the MBS-12162 branch February 7, 2022 09:49
reosarevok added a commit that referenced this pull request Feb 8, 2022
@reosarevok
Merge branch 'master' into beta
cb8b1fb 
* master:
  Update POT files using the production database
  Update translations from Transifex
  Add cleanup tests for Lantis URLs after 6aac5a2
  Add lantis.jp sidebar
  Add lantis.jp external link favicon
  MBS-12022: Update URL cleanup of Lantis.jp
  MBS-12162: Do not require auth for non-private tag WS queries (#2387)
  MBS-12191: Allow admins to see spammer profiles (#2408)
  MBS-12189: Support "names" prefix for DAHR artists (#2406)
  Add back JSON-LD test for empty artist
  Document Artist::Works test
  Document Artist::Tags test
  Document Artist::Split test
  Document Artist::Show test
  Document Artist::Releases test
  Document Artist::Relationships test
  Document Artist::Recordings test
  Document Artist::Ratings test
  Document Artist::Merge test
  Merge mostly useless Artist::Edits test and Artist::OpenEdits
  Ensure the right error message is shown
  Move URL-related test to EditExternalLinks
  Document Artist::EditRelationships test
  Document Artist::EditExternalLinks test
  Document Artist::EditAlias test
  Document Artist::Edit test
  Check more details data in Artist::Details test
  Document Artist::Details test
  Also check edit note is required on Artist::DeleteAlias
  Document Artist::DeleteAlias test
  Document Artist::Create test
  Document Artist::AnnotationRevision test
  Remove useless use PartialDate calls from tests
  Document Artist::Aliases test and remove cruft
  Document Artist::AddAnnotation test
  Document Artist::AddAlias test
  Also test for contained areas in Area::Users test
  Document Area::Users test
  Document Area::Tags test
  Document Area::Show test
  Document Area::Edit test
  Document Area::Create test
  Document Area::Aliases test
  Document Admin::DeleteEditor test
  Document Admin::WikiDoc::Edit test
  Document Admin::WikiDoc::Delete test
  Test non-privileged users can't access restricted WikiDoc pages
  Document Admin::WikiDoc::Create test
  Readd scope before testing token expiration
  Document Authentication::WS test
  Document RemoveEmptyURLs test
  Separate DataStore::Redis test all into named tests
  Actually check the deleted key in DataStore::Redis
  Add t/author tests to circleci
  Document t/author tests
  Change tabs to spaces
  Escape dots in eol.t and notabs.t regex
  MBS-12188: Allow SNAC links for places (#2404)
  MBS-12187: Load ReleaseEvents with manifest in release merges (#2407)
  Update HACKING.md with recent changes (#2389)
  MBS-12160: Use 'canonical' to display sorted edit data JSON (#2386)
  MBS-12147: State that an email search had no results (#2381)
  MBS-2313: Avoid pointless empty annotation edits (#2397)
  MBS-12168: Avoid breaking list formatting on user bios and collections (#2388)
  Merge Node and browser JS tests (#2403)
  MBS-11532: Don't pass undef ISO variable to localizeAreaName (#2401)
  MBS-12092: Serialize edit_action form after errors are added
  Remove duplicate form serializing
reosarevok added a commit that referenced this pull request Feb 14, 2022
@reosarevok
Merge branch 'beta' into production
0bd96fd 
* beta:
  Update POT files using the production database
  Update translations from Transifex
  Update POT files using the production database
  Update translations from Transifex
  Add cleanup tests for Lantis URLs after 6aac5a2
  Add lantis.jp sidebar
  Add lantis.jp external link favicon
  MBS-12022: Update URL cleanup of Lantis.jp
  MBS-12162: Do not require auth for non-private tag WS queries (#2387)
  MBS-12191: Allow admins to see spammer profiles (#2408)
  MBS-12189: Support "names" prefix for DAHR artists (#2406)
  Add back JSON-LD test for empty artist
  Document Artist::Works test
  Document Artist::Tags test
  Document Artist::Split test
  Document Artist::Show test
  Document Artist::Releases test
  Document Artist::Relationships test
  Document Artist::Recordings test
  Document Artist::Ratings test
  Document Artist::Merge test
  Merge mostly useless Artist::Edits test and Artist::OpenEdits
  Ensure the right error message is shown
  Move URL-related test to EditExternalLinks
  Document Artist::EditRelationships test
  Document Artist::EditExternalLinks test
  Document Artist::EditAlias test
  Document Artist::Edit test
  Check more details data in Artist::Details test
  Document Artist::Details test
  Also check edit note is required on Artist::DeleteAlias
  Document Artist::DeleteAlias test
  Document Artist::Create test
  Document Artist::AnnotationRevision test
  Remove useless use PartialDate calls from tests
  Document Artist::Aliases test and remove cruft
  Document Artist::AddAnnotation test
  Document Artist::AddAlias test
  Also test for contained areas in Area::Users test
  Document Area::Users test
  Document Area::Tags test
  Document Area::Show test
  Document Area::Edit test
  Document Area::Create test
  Document Area::Aliases test
  Document Admin::DeleteEditor test
  Document Admin::WikiDoc::Edit test
  Document Admin::WikiDoc::Delete test
  Test non-privileged users can't access restricted WikiDoc pages
  Document Admin::WikiDoc::Create test
  Readd scope before testing token expiration
  Document Authentication::WS test
  Document RemoveEmptyURLs test
  Separate DataStore::Redis test all into named tests
  Actually check the deleted key in DataStore::Redis
  Add t/author tests to circleci
  Document t/author tests
  Change tabs to spaces
  Escape dots in eol.t and notabs.t regex
  MBS-12188: Allow SNAC links for places (#2404)
  MBS-12187: Load ReleaseEvents with manifest in release merges (#2407)
  Update HACKING.md with recent changes (#2389)
  MBS-12160: Use 'canonical' to display sorted edit data JSON (#2386)
  MBS-12147: State that an email search had no results (#2381)
  MBS-2313: Avoid pointless empty annotation edits (#2397)
  MBS-12168: Avoid breaking list formatting on user bios and collections (#2388)
  Merge Node and browser JS tests (#2403)
  MBS-11532: Don't pass undef ISO variable to localizeAreaName (#2401)
  MBS-12092: Serialize edit_action form after errors are added
  Remove duplicate form serializing
akshaaatt pushed a commit that referenced this pull request Mar 8, 2022
@reosarevok @akshaaatt
MBS-12162: Do not require auth for non-private tag WS queries (#2387)
be9a4ec 
We were requiring auth for anything related to the tag resource,
but as per WS::2::Tag only tag_lookup and tag_submit
should require auth (since they actually interact with the user's
own tags). Tag search, which just searches
for tag names matching a string, should not require any sort
of authentication, since it's equivalent to other public searches.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yvanzo yvanzo yvanzo approved these changes

Assignees
No one assigned
Labels
Bug Bugs that should be checked/fixed soonish
Projects
None yet
Milestone
No milestone
2 participants
@reosarevok @yvanzo