Can't remove authorised oauth tokens
Bug #511567 reported by
Peter Clifton
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Unassigned |
Bug Description
I have bughugger authorised as an application which can access launchpad on my behalf.
Out of curiosity, I tried to remove its authorisation from launchpad:
(Button on this page: https:/
This links to this page:
https:/
And I get the following error:
Not allowed here
Sorry, you don't have permission to access this page.
You are logged in as Peter Clifton.
Related branches
lp:~sinzui/launchpad/expire-oauth-token
Merged
into
lp:launchpad
- Michael Nelson (community): Approve (code)
-
Diff: 33 lines (+11/-1)2 files modifiedlib/canonical/launchpad/doc/oauth.txt (+10/-0)
lib/canonical/launchpad/security.py (+1/-1)
affects: | launchpad → launchpad-foundations |
summary: |
- Can't remove authorised app + Can't remove authorised oauth tokens |
Changed in launchpad-foundations: | |
importance: | Critical → High |
assignee: | nobody → Curtis Hovey (sinzui) |
tags: | added: qa-ok |
Changed in launchpad: | |
assignee: | Curtis Hovey (sinzui) → nobody |
To post a comment you must log in.
I get
Unauthorized: (<OAuthAccessToken at 0xde96b90>, 'date_expires', 'launchpad.Edit')
I can see that the permissions are
permission= "launchpad. Edit"
set_ schema= "canonical. launchpad. interfaces. IOAuthAccessTok en"/>
<require
I can see the definition of EditOAuthAccess Token to be
return self.obj.person == user or user.in_admin
Maybe the interface inherritance is bad: IOAuthToken < IOAuthAccessToken?