echidna icon indicating copy to clipboard operation
echidna copied to clipboard
verified publisher icon w3c

Consolidate checks made by the token checker

Open astorije opened this issue 10 years ago • 3 comments

To be allowed to publish, a couple of checks are made:

  • The token sent to the W3C systems must match the one that was registered at token creation
  • The source URL where the document to be published sits must match the one that was registered at token creation

The first check is done by Symfony via an HTTP call to our private API while the second one is done after receiving the response from this API. This is inconsistent and the latter should not be done in the orchestrator: both checks should be done at the same place, either on the Symfony side or within the TokenChecker on Echidna. A consequence of this is that, at the moment, it is hard to mock (for the tests) and impossible to run the project locally.

The fast and simple solution (I think) here is to move this check to Symfony. The open source friendly solution is to move the token management from our closed source Symfony repo to Echidna... So? @deniak, @plehegar, @tripu?

astorije avatar May 04 '15 16:05 astorije

+1 @astorije. I think the checks should all be moved to symfony.

deniak avatar May 11 '15 07:05 deniak

@tripu as discussed, it would be best to check the token before downloading and installing the document. However, if we were to group the token and source checks (like that suggested in this issue), we would need to ask the requester to provide the shortlink of the specification he's trying to publish and that's probably not acceptable. To solve that problem I think the token checker should parse the document and get the shortlink.

deniak avatar Nov 09 '15 08:11 deniak

Once w3c/specberus#261 is merged, we'll be extracting the shortname as metadata sooner in the process, but still that's Specberus. So +1 to try to infer it earlier in Echidna.

tripu avatar Nov 09 '15 08:11 tripu