WordPress.org

Making WordPress.org

Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#1722 closed task (fixed)

Generate a plugins.svn authentication file

Reported by: dd32 Owned by: pento
Milestone: Priority: high
Component: Plugin Directory Keywords: has-patch 2nd-opinion
Cc:

Description

plugins.svn.wordpress.org needs a standard svn formatted authentication file for authenticating users against each plugin directory.

We'll need to provide a URL or REST API endpoint which the SVN server can request a copy of this file from. The SVN server will also need to be updated to fetch it from here rather than from bbPress.

The REST API endpoint should not be readable without our internal authentication token.

An example of what the file should look like is:

[/]
* = r

[/plugin-x]
dd32 = rw
dd63 = rw

[/plugin-y]
dd64 = rw

Attachments (1)

1722.diff (2.8 KB) - added by pento 3 years ago.

Download all attachments as: .zip

Change History (12)

This ticket was mentioned in Slack in #meta by obenland. View the logs.


3 years ago

#2 @obenland
3 years ago

  • Owner set to pento
  • Status changed from new to assigned

#3 @obenland
3 years ago

  • Milestone set to Plugin Directory v3 - M4

This ticket was mentioned in Slack in #meta by obenland. View the logs.


3 years ago

#5 @obenland
3 years ago

  • Milestone changed from Plugin Directory v3 - M4 to Plugin Directory v3 - M5

@pento
3 years ago

#6 @pento
3 years ago

  • Keywords has-patch 2nd-opinion added

@dd32: Can you sanity check this patch? It's a bit weird to be exit()ing a REST API endpoint, but that'll make it easiest to integrate with the existing SVN server.

The output is 2 lines longer than the existing script, because it doesn't trim() the newlines off each end.

To grab the file:

curl -H "Authorization: PLUGIN_API_INTERNAL_BEARER_TOKEN" https://wordpress.org/plugins-wp/wp-json/plugins/v1/svn-access

(With the correct PLUGIN_API_INTERNAL_BEARER_TOKEN, of course.)

#7 @dd32
3 years ago

@pento agreed on all points there.

exit() is weird, but logical in this case - technically I think there's a "proper" way to have an alternate output format, but it'd be overkill here.
Only downside is that post-rest-api actions potentially won't be called, so no caching middleman etc - we don't care about that for this endpoint though.

You could use PLUGINS_TABLE_PREFIX . 'svn_access' if you wanted (which is what we use in the other functions that interact with the table) but 'eh. It would probably be best for us to rename the table to wporg_367_svn_access after launch to ensure that the table never goes astray, so we'd update it then anyway.

only nitpick would be:

this->svn_access = array(); 
$this->svn_access_table = 'plugin_2_svn_access';    

Why define those there, when they can just be defined inline?

protected $svn_access = array();
protected $svn_access_table = 'plugin_2_svn_access';

And in general I also have been using protected over private so that the methods/properties are available to subclasses (if one was to ever exist for some reason).

#8 @pento
3 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 3295:

Plugin Directory: Add an API endpoint for generating the SVN authentication file.

plugins.svn.wordpress.org needs a standard SVN authentication file, which we can generate from the data stored in the plugin_2_svn_access table.

This endpoint is not particularly RESTful, as it dumps the file content to STDOUT, then exit()'s. This endpoint is only for internal use, so it's no big deal.

Fixes #1722.

#9 @pento
3 years ago

In 3297:

Plugin Directory: Add unit tests for the SVN access endpoint.

Because this is an internal endpoint, we can really only test that it return a not_authorized error when the correct Authorization header is missing.

See #1722.

#10 @pento
3 years ago

In 3301:

Plugin Directory: Tidy up the SVN access API

There were some bad variable names, __construct() needed to be public, and caching the DB results was (a) wildly unnecessary; and (b) bad practice.

Despite @rmccue's protests, the exit() is staying.

See #1722.

#11 @samuelsidler
2 years ago

  • Milestone Plugin Directory v3 - M5 deleted

Milestone Plugin Directory v3 - M5 deleted

Note: See TracTickets for help on using tickets.