fuzan / rietveld

Automatically exported from code.google.com/p/rietveld
Apache License 2.0
0 stars 0 forks source link

OAuth 2.0 support not compatible with specifying HTTPS #443

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
Using the version of upload.py currently at 
<https://codereview.appspot.com/static/upload.py>,

    upload.py --oauth2 --server https://codereview.appspot.com/ [...]

What is the expected output? What do you see instead?
I expect upload.py to use OAuth authentication and communicate over HTTPS. 
Instead it tries to visit a URL "https://https://codereview.appspot.com/...".

This appears to be because AbstractRpcServer is willing to accept either 
"domain" or "http[s]://domain", but OpenOAuth2ConsentPage and GetAccessToken 
assume the server value does not have a scheme and "://". However, due to the 
logic in AbstractRpcServer defaulting to HTTP there is no way to cause the RPC 
to occur over HTTPS without specifying the scheme explicitly.

What browser are you using?  What version? On what operating system?
n/a

At what URL are you accessing Rietveld?  (e.g. codereview.appspot.com)
Please note if you are using the Google Apps Labs version (e.g.
codereview.<yourdomain>).
https://codereview.appspot.com/

*** If you are a Google employee please say so or mail rietveld-admins@
directly. ***
Yes.

Please provide any additional information below.
It would also be nice if the RPC defaulted to HTTPS rather than HTTP.

Original issue reported on code.google.com by kpreid@google.com on 10 May 2013 at 12:57

GoogleCodeExporter commented 9 years ago

Original comment by albrecht.andi on 10 May 2013 at 4:17

GoogleCodeExporter commented 9 years ago
Review: http://codereview.appspot.com/9196045

Original comment by albrecht.andi on 10 May 2013 at 4:26

GoogleCodeExporter commented 9 years ago
This issue was closed by revision df4249ba0b3b.

Original comment by albrecht.andi on 10 May 2013 at 4:47