Michael Freedman
Michael Freedman
I want to make a pull request to update `#user_allowed_to_perform_admin_action?` in [api/app/controllers/concerns/retros_auth.rb](http://github.com/pivotal/postfacto/blob/131ed3/api/app/controllers/concerns/retros_auth.rb#L52) from ```ruby def user_allowed_to_perform_admin_action? valid_token_provided? end ``` to ```ruby def user_allowed_to_perform_admin_action? !GoogleClient.provided? || valid_token_provided? end ``` Where `#provided?`...
@gshaw-pivotal When there's no auth how do you expect the `update` and `update_password` endpoints to work? I feel like `update_password` doesn't even make sense in a no auth context?
I’m pretty sure you can’t add a retro from the front end unless you are authenticated? On Thu, Jan 30, 2020 at 11:08 Gavin Shaw wrote: > I think the...
The real question for @liamdarmody and others is. If auth is not configured, does it make sense for any action (update , update password, archive) to have authorization? I say...
as per @seadowg's point - no google authenticated retros still need a password for archiving actions. The challenge is on the client's internal deployment without a password we get no...
@seadowg turns out there was some problem with the internal deployment so that there was no redirect happening to the login page when one attempted to archive a retro and...
This is definitely a pretty cool project.
@flavorjones We're still figuring out what we need for a PoC of the Auth Flow. I have shared our scratch documents with you
This is related to #104
Just a heads up, google is tightening restrictions on apps that request email authorization: https://www.androidpolice.com/2018/10/08/google-updates-gmail-api-policies-developers-will-require-app-reviews-security-assessments/ Given the way we setup auth right now, this probably isn't a problem - just...