Page MenuHomePhabricator
Create Task
Maniphest T132934

Security review of TWL
Closed, DeclinedPublic
Actions

Description

Start with a design review and review of OAuth code. May want a full security review if we're storing private data, even though this will run in labs.

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT132934 Security review of TWL
 Resolved dpatrickT132929 Review TWL OAuth implementation

Event Timeline

csteipp created this task.Apr 18 2016, 4:53 PM
Restricted Application added subscribers: Sadads, Aklapper. · View Herald TranscriptApr 18 2016, 4:53 PM
csteipp added a subtask: T132929: Review TWL OAuth implementation.Apr 18 2016, 4:53 PM
Sadads added a comment.May 6 2016, 5:19 PM

https://github.com/thatandromeda/TWLight/blob/master/TWLight/users/authorization.py

csteipp closed subtask T132929: Review TWL OAuth implementation as Resolved.May 12 2016, 10:33 PM
dpatrick moved this task from Incoming to Scheduled on the deprecated-security-team-reviews board.May 24 2016, 8:28 PM
dpatrick subscribed.Jun 14 2016, 6:54 PM

@Sadads I'm a bit behind and working on completing this review. Is there a demo site available for testing?

Sadads added subscribers: ThatAndromeda, Nikkimaria, Ocaasi.Jun 17 2016, 2:52 AM

that would be @ThatAndromeda for support -- you will have to reach out to her. @Nikkimaria and @Ocaasi can help: I am currently traveling for Wikimania & other conferences.

ThatAndromeda added a comment.Jun 17 2016, 3:06 AM

Github: https://github.com/thatandromeda/twlight

Demo site: https://secret-lowlands-75266.herokuapp.com/oauth/login (There's nothing at / right now, but /oauth/login will show you the logging in part, and create an account for you with the lowest level of privileges.)

These codebases are probably somewhat out of sync at this point, but the authorization parts are the same. Lots of parts are obviously not done, but again, the auth part is stable. The key file there is https://github.com/thatandromeda/TWLight/blob/master/TWLight/users/authorization.py .

dpatrick moved this task from Scheduled to In Progress on the deprecated-security-team-reviews board.Jun 29 2016, 5:35 PM
EBjune subscribed.Nov 28 2017, 4:28 PM

@Sadads @dpatrick This is more than a year old, is this review still in progress/needed?

Reedy closed this task as Declined.Mar 12 2018, 2:31 PM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:58 PM
sbassett moved this task from In Progress to Done on the deprecated-security-team-reviews board.Jul 9 2019, 8:15 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits