Security review of TWL
Closed, DeclinedPublic

Description

Start with a design review and review of OAuth code. May want a full security review if we're storing private data, even though this will run in labs.

Related Objects

StatusAssignedTask
DeclinedNone
Resolved dpatrick
csteipp created this task.Apr 18 2016, 4:53 PM
Restricted Application added subscribers: Sadads, Aklapper. · View Herald TranscriptApr 18 2016, 4:53 PM

@Sadads I'm a bit behind and working on completing this review. Is there a demo site available for testing?

that would be @ThatAndromeda for support -- you will have to reach out to her. @Nikkimaria and @Ocaasi can help: I am currently traveling for Wikimania & other conferences.

Github: https://github.com/thatandromeda/twlight

Demo site: https://secret-lowlands-75266.herokuapp.com/oauth/login (There's nothing at / right now, but /oauth/login will show you the logging in part, and create an account for you with the lowest level of privileges.)

These codebases are probably somewhat out of sync at this point, but the authorization parts are the same. Lots of parts are obviously not done, but again, the auth part is stable. The key file there is https://github.com/thatandromeda/TWLight/blob/master/TWLight/users/authorization.py .

EBjune added a subscriber: EBjune.Nov 28 2017, 4:28 PM

@Sadads @dpatrick This is more than a year old, is this review still in progress/needed?

Reedy closed this task as Declined.Mar 12 2018, 2:31 PM