Closed
Bug 868897
Opened 12 years ago
Closed 12 years ago
Rating flag API should allow optional authentication
Categories
(Marketplace Graveyard :: API, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
2013-05-09
People
(Reporter: krupa.mozbugs, Assigned: ashort)
References
Details
(Whiteboard: [fireplace] p=1)
steps to reproduce:
1. Tester is not signed in
2. Go to the review lists page for an app on your Firefox OS phone
3. Click on Report for one of the listed reviews
expected behavior:
Report link is not available for anonymous users
observed behavior:
Report link is available to anonymous users
POST /api/v1/apps/rating/447944/flag/?dev=firefoxos&format=json&lang=en-US&pro=fbffffdc.32.1®ion= HTTP/1.1
Host: marketplace-altdev.allizom.org
User-Agent: Mozilla/5.0 (Mobile; rv:18.0) Gecko/18.0 Firefox/18.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://marketplace-altdev.allizom.org/app/airbnb/ratings
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 35
Cookie: lang="en-US\054"; region=us; carrier=telefonica; __utma=106266271.1957641494.1367809669.1367809669.1367809669.1; __utmb=106266271.12.10.1367809669; __utmc=106266271; __utmz=106266271.1367809669.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Connection: keep-alive
Pragma: no-cache
active [7] { handler=47de7240 condition=0 pollflags=5 }
active [6] { handler=47de74a0 condition=0 pollflags=5 }
active [5] { handler=49eec7b0 condition=0 pollflags=5 }
Cache-Control: no-cache
]
I/PRLog ( 108): 2013-05-06 03:22:16.281537 UTC - 766400[42dfdf00]: nsHttpTransaction::HandleContentStart [this=4ba947c0]
Duration: 0.252 4ba947c0 (marketplace-altdev.allizom.org -> POST /api/v1/apps/rating/447944/flag/?dev=firefoxos&format=json&lang=en-US&pro=fbffffdc.32.1®ion=)
http response [
HTTP/1.1 401 UNAUTHORIZED
X-API-Version: 1
Server: gunicorn/0.17.4
Vary: X-API-Filter, X-Requested-With, Accept-Language, Cookie, X-Mobile, User-Agent, Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Access-Control-Expose-Headers: X-API-Filter, X-API-Status, X-API-Version
Strict-Transport-Security: max-age=2592000
Date: Mon, 06 May 2013 03:22:15 GMT
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-Content-Security-Policy-Report-Only: policy-uri /services/csp/policy?build=8585
Via: Moz-pp-zlb09
Connection: keep-alive
X-API-Filter: carrier=telefonica&device=gaia&lang=en-US®ion=us
Set-Cookie: multidb_pin_writes=y; expires=Mon, 06-May-2013 03:22:30 GMT; Max-Age=15; Path=/
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: X-HTTP-Method-Override, Content-Type
]
Comment 1•12 years ago
|
||
Why shouldn't anonymous users be allowed to report reviews?
Comment 2•12 years ago
|
||
(In reply to Matt Basta [:basta] from comment #1)
> Why shouldn't anonymous users be allowed to report reviews?
I think anonymous users should be allowed. If this is just for parity with dev/prod, I'm inclined to say WONTFIX.
Comment 3•12 years ago
|
||
WONTFIX from me too. If it becomes an issue, this is as simple as setting `only-if-logged-in` on the link and turning on authentication for the API.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 4•12 years ago
|
||
I asked us not to list the link since the submission is failing with a 401. Let's fix that issue then.
Reporter | ||
Updated•12 years ago
|
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Summary: Don't show "Report" link to anonymous users → Flagging reviews fails with a 401
Comment 5•12 years ago
|
||
That's a separate issue. Is there a bug on file for it?
Updated•12 years ago
|
Component: Consumer Pages → API
Summary: Flagging reviews fails with a 401 → Rating flag API should allow optional authentication
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → ashort
Priority: -- → P2
Whiteboard: [fireplace] → [fireplace] p=1
Assignee | ||
Comment 6•12 years ago
|
||
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2013-05-09
You need to log in
before you can comment on or make changes to this bug.
Description
•