Requests to the package index are not oauth signed

Bug #1483866 reported by Natalia Bidart
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
Alejandro J. Cura
unity-scope-click (Ubuntu)
Fix Released
High
dobey

Bug Description

We have added support to the package index so results can be customized depending on the user making the request. Specifically, to make use of the new feature about private packages, the request to the package index must to be oauth signed, otherwise only public package information will be returned.

So, when possible, we should have all queries directed to the package index to be oauth signed, with the SSO oauth token the device has stored.

Related branches

dobey (dobey)
Changed in unity-scope-click (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Rodney Dawes (dobey)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity-scope-click - 0.1.1+15.10.20150812-0ubuntu1

---------------
unity-scope-click (0.1.1+15.10.20150812-0ubuntu1) wily; urgency=medium

  [ Robert Ancell ]
  * Depend on upstart instead of upstart-bin which is a dummy
    transitional package.

  [ Rodney Dawes ]
  * Sign the requests to CPI by default. Add tests to ensure signing is
    requested. (LP: #1483866)

 -- CI Train Bot <email address hidden> Wed, 12 Aug 2015 13:34:30 +0000

Changed in unity-scope-click (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Alejandro J. Cura (alecu) wrote :

I'm reopening this bug, because the search requests are not being actually signed.

There's a missing call to "client->setCredentialsService(sso)" for the webclient used for searches, so only the call to past purchases is being signed.

Changed in unity-scope-click (Ubuntu):
status: Fix Released → Triaged
Changed in canonical-devices-system-image:
assignee: nobody → Alejandro J. Cura (alecu)
importance: Undecided → High
status: New → In Progress
milestone: none → ww02-2016
Changed in canonical-devices-system-image:
milestone: ww02-2016 → ww08-2016
Changed in unity-scope-click (Ubuntu):
assignee: Rodney Dawes (dobey) → Antti Kaijanmäki (kaijanmaki)
dobey (dobey)
Changed in unity-scope-click (Ubuntu):
assignee: Antti Kaijanmäki (kaijanmaki) → Rodney Dawes (dobey)
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unity-scope-click - 0.1.1+16.04.20160323-0ubuntu1

---------------
unity-scope-click (0.1.1+16.04.20160323-0ubuntu1) xenial; urgency=medium

  [ Antti Kaijanmäki, Rodney Dawes ]
  * Fix the signing of store webservice urls (LP: #1483866)

 -- Rodney Dawes <email address hidden> Wed, 23 Mar 2016 21:04:15 +0000

Changed in unity-scope-click (Ubuntu):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Revision history for this message
dobey (dobey) wrote :

Re-opening this again, as we are having to revert this change due to exposure of race conditions causing crashes, which not having the changes for this somehow manages to make not happen.

Changed in canonical-devices-system-image:
status: Fix Committed → Confirmed
Changed in unity-scope-click (Ubuntu):
status: Fix Released → Confirmed
Changed in canonical-devices-system-image:
milestone: ww08-2016 → 11
dobey (dobey)
Changed in unity-scope-click (Ubuntu):
status: Confirmed → In Progress
dobey (dobey)
Changed in canonical-devices-system-image:
status: Confirmed → In Progress
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Changed in unity-scope-click (Ubuntu):
status: In Progress → Fix Committed
dobey (dobey)
Changed in unity-scope-click (Ubuntu):
status: Fix Committed → Fix Released
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers