On Fri, Oct 21, 2016 at 4:38 PM, Strainu <strainu10(a)gmail.com> wrote:
2016-10-22 1:16 GMT+03:00 Gergo Tisza
<gtisza(a)wikimedia.org>rg>:
Are you worried that the users
are going to give positive reviews to themselves to bias the scores?
Authentication is used only to ensure they don't claim somebody else's
submissions (say, Gerrit Patch Uploader's :) ). Yes, this could
probably be detected manually, but we're trying to go with an
automated workflow where manual interventions are at a minimum.
Can you better explain what you are after?
I'm simply trying to make it easy for the users. In the current
version of the tool, they login with the github account and the rest
happens "magically": the tool retrieves their pull requests and scores
them according to a predefined set of criteria - no need for user
input of any kind. I just want the same workflow for patches submitted
to gerrit and I needed a way to authenticate the users and match the
information I have from the OAuth endpoint with reviews from gerrit.
Today there is no accessible mapping between Wikimedia unified
accounts (the account you use on
en.wikipedia.org as an example) and
Wikitech/Gerrit accounts. As Alex pointed out earlier in the thread
there is some work being done to unify these systems, but that
unification is quite far off currently.
There is however a one to one mapping between a Wikitech username and
Gerrit username. My Wikitech username is "BryanDavis" and so is my
Gerrit username
(<https://gerrit.wikimedia.org/r/#/q/owner:BryanDavis>). If the
mapping is not an identity mapping, then it would be still be
contained in the LDAP directory that any Labs project or Tool Labs
tool can query. The "cn" LDAP attribute is a user's Wikitech username,
so you can search for a Wikitech user's LDAP record with something
like `ldapsearch -xLLL cn=BryanDavis` from a command line or a similar
query using an LDAP library. I am unsure if Gerrit uses the "cn" or
"sn" attribute of the same record as the account's login name. For
many records in our LDAP directory it would not matter as the values
are the same, but I know I ran across some records when I was
deploying
https://labsadmin.wikimedia.org/ where the two values
differ.
OAuth was recently re-enabled on the Wikitech server, so you would
need to register your OAuth consumer there
(<https://wikitech.wikimedia.org/wiki/Special:OAuthConsumerRegistration>)
and interact with
wikitech.wikimedia.org in your client code.
Bryan
--
Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org>
[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA
irc: bd808 v:415.839.6885 x6855