New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LB-354: Musicbrainz delete endpoint #409
LB-354: Musicbrainz delete endpoint #409
Conversation
Rebase, please. |
75ee6f1
to
7366137
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me -- one question -- what setup do we need to create the user that can delete users? Should there be a script for that?
try: | ||
r.raise_for_status() | ||
except HTTPError: | ||
raise Unauthorized('Not authorized to use this view') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like how you give no useful info the caller. Well done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://httpstatuses.com/401 - Unauthorized
requires a "WWW-Authenticate" header. Does this get set internally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't seem like werkzeug sets it (https://github.com/pallets/werkzeug/blob/master/werkzeug/exceptions.py#L214)
From the ticket, it seemed like the creation of the |
@@ -120,6 +124,35 @@ def current_status(): | |||
) | |||
|
|||
|
|||
@index_bp.route('/delete-user/<musicbrainz_id>') | |||
def mb_user_deleter(musicbrainz_id): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We decided in last week's meeting that storing the editor IDs in LB et al. is the way to go, so MB will actually send the editor row ID here and not the name. (Not sure if you've already started updating it to expect that, or if musicbrainz_id
is actually the user name here.)
|
||
|
||
def _authorize_mb_user_deleter(auth_token): | ||
query_url = 'https://musicbrainz.org/oauth2/userinfo' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I mentioned this in the BookBrainz PR too, but) it'd be nice if the MusicBrainz server URL were configurable, so we don't have to hand-edit source files when testing this locally (or against test.mb, say). Not just here, but for OAuth logins and all other references too.
I just created the user we need manually and documented it here: https://github.com/metabrainz/syswiki/blob/master/MusicBrainzUserDeleter.md |
7366137
to
f2934f6
Compare
f2934f6
to
9be28ed
Compare
This should be ready for review again, I've rebased, updated it to expect MusicBrainz Row IDs and added more tests. |
OK, I think this is ready to merge. |
Is this working? I deleted my MEB account ages ago yet my LB profile is still present... |
This PR adds the MusicBrainz
delete-user
endpoint as specified by https://tickets.metabrainz.org/browse/MBS-9680.