get or create lpuser via api
Bug #598464 reported by
Michael Nelson
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Michael Nelson |
Bug Description
For the buy-something blueprint,
https:/
we will need a way for the software center agent to provide Launchpad with an SSO openID identity and be returned with a launchpad user (creating the lp user if that user doesn't yet have an account). Perhaps something like:
people.
Its use should be restricted to a celebrity (in this case, software-
Related branches
lp://qastaging/~michael.nelson/launchpad/598464-get-or-create-in-devel
- Abel Deuring (community): Approve (code)
-
Diff: 853 lines (+462/-77)14 files modifiedlib/canonical/launchpad/interfaces/account.py (+13/-1)
lib/canonical/launchpad/interfaces/launchpad.py (+3/-0)
lib/canonical/launchpad/webapp/login.py (+20/-63)
lib/canonical/launchpad/webapp/tests/test_login.py (+13/-9)
lib/canonical/launchpad/xmlrpc/application.py (+6/-0)
lib/canonical/launchpad/xmlrpc/configure.zcml (+3/-0)
lib/canonical/launchpad/xmlrpc/faults.py (+11/-0)
lib/lp/registry/configure.zcml (+10/-0)
lib/lp/registry/interfaces/person.py (+58/-1)
lib/lp/registry/model/person.py (+56/-0)
lib/lp/registry/tests/test_personset.py (+92/-1)
lib/lp/registry/tests/test_xmlrpc.py (+125/-0)
lib/lp/registry/xmlrpc/softwarecenteragent.py (+47/-0)
lib/lp/testopenid/browser/server.py (+5/-2)
lp://qastaging/~michael.nelson/launchpad/598464-qa-fix
- Jeroen T. Vermeulen (community): Approve (code)
-
Diff: 12 lines (+1/-1)1 file modifiedlib/lp/registry/model/person.py (+1/-1)
affects: | launchpad-registry → launchpad-foundations |
Changed in launchpad-foundations: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is about creating a user for authentication, I think the foundations team needs to give this consideration. PersonSet should not be creating an Account, and I understand the Lp-foundations teams want to remove the table. This mechanism appears to by bypassing the email confirmation steps to ensure the user is legitimate.
Given that we are attacked by spammers every day, and one has proven to be partiulary adept at exploiting SSO and Launchpad to create identities, I think this feature are described is bad.