From patchwork Tue Jul 14 13:34:06 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Fr=C3=A9d=C3=A9ric_Mangano-Tarumi?=
 <fmang@mg0.fr>
X-Patchwork-Id: 1719
Return-Path: <aur-dev-bounces@archlinux.org>
Delivered-To: patchwork@archlinux.org
Received: from apollo.archlinux.org (localhost [127.0.0.1])
	by apollo.archlinux.org (Postfix) with ESMTP id 653F619ED3678
	for <patchwork@archlinux.org>; Tue, 14 Jul 2020 13:34:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 apollo.archlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,MAILING_LIST_MULTI=-1,
	RCVD_IN_DNSWL_MED=-2.3,SPF_HELO_NONE=0.001,T_DMARC_POLICY_NONE=0.01
	autolearn=ham autolearn_force=no version=3.4.4
X-Spam-BL-Results: 
 <dns:1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.8.0.6.0.6.1.0.8.f.4.0.1.0.a.2.list.dnswl.org>
	[127.0.9.2]
Received: from orion.archlinux.org (orion.archlinux.org
 [IPv6:2a01:4f8:160:6087::1])
	by apollo.archlinux.org (Postfix) with ESMTPS
	for <patchwork@archlinux.org>; Tue, 14 Jul 2020 13:34:14 +0000 (UTC)
Received: from orion.archlinux.org (localhost [127.0.0.1])
	by orion.archlinux.org (Postfix) with ESMTP id 8B5611D35CE435;
	Tue, 14 Jul 2020 13:34:12 +0000 (UTC)
Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	(Authenticated sender: luna)
	by orion.archlinux.org (Postfix) with ESMTPSA id 654F01D35CE433;
	Tue, 14 Jul 2020 13:34:12 +0000 (UTC)
Authentication-Results: orion.archlinux.org;
	dkim=pass (1024-bit key) header.d=mg0.fr header.i=@mg0.fr header.b=dAzSnfvv
Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1])
	by luna.archlinux.org (Postfix) with ESMTP id 579C829CB0;
	Tue, 14 Jul 2020 13:34:12 +0000 (UTC)
Authentication-Results: luna.archlinux.org;
	dkim=pass (1024-bit key) header.d=mg0.fr header.i=@mg0.fr header.b=dAzSnfvv
Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1])
 by luna.archlinux.org (Postfix) with ESMTP id 8594929CAD
 for <aur-dev@lists.archlinux.org>; Tue, 14 Jul 2020 13:34:09 +0000 (UTC)
Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70])
 by luna.archlinux.org (Postfix) with ESMTPS
 for <aur-dev@lists.archlinux.org>; Tue, 14 Jul 2020 13:34:09 +0000 (UTC)
Received: from orion.archlinux.org (localhost [127.0.0.1])
 by orion.archlinux.org (Postfix) with ESMTP id 2D5BA1D35CE42C
 for <aur-dev@archlinux.org>; Tue, 14 Jul 2020 13:34:08 +0000 (UTC)
Received: from tsubame.mg0.fr (tsubame.mg0.fr [IPv6:2001:41d0:401:3100::402b])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest
 SHA256) (No client certificate requested)
 by orion.archlinux.org (Postfix) with ESMTPS
 for <aur-dev@archlinux.org>; Tue, 14 Jul 2020 13:34:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mg0.fr;
 s=tsubame; h=Message-ID:Subject:To:From:Date:cc;
 bh=slcEaq7pq0T36XNNfeMkIQqLP3r1SSCoKYdHuZegO3k=; b=dAzSnfvvkHFMGcPnyMmI0pk26Z
 zYDdVuZenxv9Oyze3pSWAsnbL6Gzv8UiDnSSb2l0LcnD2iSJmWOMakVLDKqUrMhxmR1kAxrByxEUb
 yDeMUlHGaRB4faJTWXrgtVtPDAEp503t3GzPB9XNH7V8DfmYyVUg43s8aJtoWpENM26E=;
Received: from fmang by tsubame.mg0.fr with local (Exim 4.94)
 (envelope-from <fmang@mg0.fr>) id 1jvL4Q-00ETqJ-Kd
 for aur-dev@archlinux.org; Tue, 14 Jul 2020 15:34:06 +0200
Date: Tue, 14 Jul 2020 15:34:06 +0200
From: =?utf-8?b?RnLDqWTDqXJpYw==?= Mangano-Tarumi <fmang@mg0.fr>
To: aur-dev@archlinux.org
Subject: [PATCH 1/4] SSO: Explain the rationale behind prompt=login
Message-ID: <20200714133406.GA3451296@tsubame.mg0.fr>
MIME-Version: 1.0
Content-Disposition: inline
X-BeenThere: aur-dev@archlinux.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Arch User Repository \(AUR\) Development" <aur-dev.archlinux.org>
List-Unsubscribe: <https://lists.archlinux.org/options/aur-dev>,
 <mailto:aur-dev-request@archlinux.org?subject=unsubscribe>
List-Archive: <https://lists.archlinux.org/pipermail/aur-dev/>
List-Post: <mailto:aur-dev@archlinux.org>
List-Help: <mailto:aur-dev-request@archlinux.org?subject=help>
List-Subscribe: <https://lists.archlinux.org/listinfo/aur-dev>,
 <mailto:aur-dev-request@archlinux.org?subject=subscribe>
Errors-To: aur-dev-bounces@archlinux.org
Sender: "aur-dev" <aur-dev-bounces@archlinux.org>

We might reconsider it in the future.
---
 aurweb/routers/sso.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
index d0802c34..e1ec7efe 100644
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@@ -28,6 +28,13 @@ oauth.register(
 
 @router.get("/sso/login")
 async def login(request: Request):
+    """
+    Redirect the user to the SSO provider’s login page.
+
+    We specify prompt=login to force the user to input their credentials even
+    if they’re already logged on the SSO. This is less practical, but given AUR
+    has the potential to impact many users, better safe than sorry.
+    """
     redirect_uri = aurweb.config.get("options", "aur_location") + "/sso/authenticate"
     return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login")