Closed erwa closed 2 years ago
Merging #520 (b4f441e) into master (980274d) will decrease coverage by
0.01%
. The diff coverage is69.23%
.
@@ Coverage Diff @@
## master #520 +/- ##
==========================================
- Coverage 87.20% 87.18% -0.02%
==========================================
Files 111 111
Lines 2532 2537 +5
==========================================
+ Hits 2208 2212 +4
- Misses 324 325 +1
Impacted Files | Coverage Δ | |
---|---|---|
google_api_lib/sync_tasks.py | 37.14% <57.14%> (+2.66%) |
:arrow_up: |
cardboard/settings.py | 90.21% <83.33%> (+2.04%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 980274d...b4f441e. Read the comment docs.
My first attempt was to run a periodic task on Celery that updated the email whitelisted every minute or so, but then I found out Django doesn't like it if you update settings at runtime -- apparently they're supposed to be immutable: https://stackoverflow.com/questions/6528723/changing-django-settings-at-runtime
I think this approach is easier and cleaner!
Before, the list of whitelisted emails was only calculated once at start-up time, and every time you added a user, you would need to restart Cardboard before that user could log in.
Now we just query the list of emails added to the Google Drive as part of the authentication flow. So as soon as you add a user to a Google Drive, they should be able to login to Cardboard.
The Google Drive API to get the folder permissions is pretty fast, so it doesn't noticeably slow down the login. Also, according to https://support.google.com/a/answer/10445916?hl=en, the default Drive API quota is 10,000 calls every 100 seconds, which is plenty for us.
My implementation of
auth_allowed
is based off the defaultauth_allowed
implementation here: