Thank you all for your suggestions. I'll discuss with the people who
implemented the original application and decide on the best approach
given the limited resources and time.
Strainu
2016-10-22 3:23 GMT+03:00 Gergo Tisza <gtisza(a)wikimedia.org>rg>:
On Fri, Oct 21, 2016 at 3:38 PM, Strainu
<strainu10(a)gmail.com> wrote:
I'm simply trying to make it easy for the
users. In the current
version of the tool, they login with the github account and the rest
happens "magically": the tool retrieves their pull requests and scores
them according to a predefined set of criteria - no need for user
input of any kind. I just want the same workflow for patches submitted
to gerrit and I needed a way to authenticate the users and match the
information I have from the OAuth endpoint with reviews from gerrit.
In that case, I would require them to prove account ownership by sending an
email to the gerrit email address with a verification link.
Or you could require that that email address is present in Github (it does
not have to be the primary address, and this is a good practice anyway as
it will ensure that the clone repo on Github attributes the patch to them
correctly once it gets merged - although in theory the Gerrit owner,
committer and author email address could be three different things, but
that's unlikely to happen) and then verify that somehow. You can probably
just upload a gist with that address and check whether Github attributes it
to them.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l