Skip to content
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.

Update loadtests to work on shared services cluster #561

Merged
merged 2 commits into from Feb 12, 2014
Merged

Update loadtests to work on shared services cluster #561

merged 2 commits into from Feb 12, 2014

Conversation

rfk
Copy link
Contributor

@rfk rfk commented Feb 12, 2014

@jbonacci
Copy link

r+
merging...

jbonacci pushed a commit that referenced this pull request Feb 12, 2014
Merge pull request #561 from mozilla/rfk/loads-updates
3d6c178 
Update loadtests to work on shared services cluster
@jbonacci jbonacci merged commit 3d6c178 into master Feb 12, 2014
@shane-tomlinson shane-tomlinson deleted the rfk/loads-updates branch April 18, 2018 12:50
rfk added a commit that referenced this pull request Oct 24, 2018
@rfk @vladikoff
feat(authorization): Require tokenVerified=true for key-bearing scope…
f9ad63e 
…s. (#561) r=@vladikoff

The sync tokenserver does a special check for "fxa-tokenVerified" in order to enforce the use of session verification when accessing sync:

https://github.com/mozilla-services/tokenserver/blob/master/tokenserver/views.py#L140

Let's apply the same check here before granting any scopes that come with keys. In theory the user should always have a verified assertion when requesting one of these scopes, because they will have just done a keyfetch that would have required it. But there is at least one known series of calls to our backend that can yield keys without doing a verification, so it makes sense to double-check here and avoid any loopholes.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rfk @jbonacci