Page MenuHomeSoftware Heritage

origin_save: Use API endpoint to submit save request in Web UI form
ClosedPublic

Authored by anlambert on Apr 28 2021, 12:17 PM.

Details

Summary

The "Save code now" Web UI form was using an internal dedicated endpoint
to submit an origin save request.

That endpoint is redundant with the /origin/save Web API one so drop
it and use Web API instead.

The internal endpoint was there to validate the CSRF token injected
by Django but the /origin/save already has a rate limit of 10 POST
requests per hour to prevent abuse.

Diff Detail

Repository
rDWAPPS Web applications
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Build has FAILED

Patch application report for D5636 (id=20088)

Rebasing onto 11c737df9b...

Current branch diff-target is up to date.
Changes applied before test
commit 5bb09f22893263ee0dab601acef078250923b39f
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Apr 28 12:10:43 2021 +0200

    origin_save: Use API endpoint to submit save request in Web UI form
    
    The "Save code now" Web UI form was using an internal dedicated endpoint
    to submit an origin save request.
    
    That endpoint is redundant with the /origin/save Web API one so drop
    it and use Web API instead.
    
    The internal endpoint was there to validate the CSRF token injected
    by Django but the /origin/save already has a rate limit of 10 POST
    requests per hour to prevent abuse.

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/742/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/742/console

Harbormaster returned this revision to the author for changes because remote builds failed.Apr 28 2021, 12:26 PM
Harbormaster failed remote builds in B21081: Diff 20088!

Build is green

Patch application report for D5636 (id=20118)

Rebasing onto 2fb5a2e72f...

Current branch diff-target is up to date.
Changes applied before test
commit f9b0b666d512564fddfc2fda65b2975fa0ea75c3
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Apr 28 12:10:43 2021 +0200

    origin_save: Use API endpoint to submit save request in Web UI form
    
    The "Save code now" Web UI form was using an internal dedicated endpoint
    to submit an origin save request.
    
    That endpoint is redundant with the /origin/save Web API one so drop
    it and use Web API instead.
    
    The internal endpoint was there to validate the CSRF token injected
    by Django but the /origin/save already has a rate limit of 10 POST
    requests per hour to prevent abuse.

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/745/ for more details.

as said earlier, lgtm.

One indirection less should surely helps maintenance ;)

Thanks.

This revision is now accepted and ready to land.Apr 28 2021, 4:40 PM