Ariel Shaqed (Scolnicov)
07/03/2022, 7:58 AMYoni Augarten
07/03/2022, 8:48 AMAriel Shaqed (Scolnicov)
07/03/2022, 8:51 AMAriel Shaqed (Scolnicov)
07/03/2022, 8:52 AMYoni Augarten
07/03/2022, 8:52 AMYoni Augarten
07/03/2022, 8:55 AMresp, err := c.Auth.Authorize(ctx, &auth.AuthorizationRequest{
Username: user.Username,
RequiredPermissions: perms,
})
user.Username
is already assumed to be the email for email-based users, and the username for credential-based.Ariel Shaqed (Scolnicov)
07/03/2022, 9:27 AMUsername
is used for authorization. Is it also safe to use it as an identifier for fetching the user? E.g. this call in CreateCredentials uses whatever it gets from the user; if I wanted to create "credentials for the calling user" then I could use user.Username
to identify the user too, right?Yoni Augarten
07/03/2022, 9:28 AMAriel Shaqed (Scolnicov)
07/03/2022, 9:31 AMuser.Username
to check whether the user is allowed to create credentials for themselves; I am asking is it also the right string to pass to auth.Service.CreateCredentials (the "user to create")? It should be, I am making sure. (Sorry)Yoni Augarten
07/03/2022, 9:35 AMYoni Augarten
07/03/2022, 9:35 AMAriel Shaqed (Scolnicov)
07/03/2022, 9:37 AMWe do need to go over this code because it's very confusingI know 😕 . It was always confusing, then I lost track while we added email. Fix #3244 FTW.