Excessive permissions required to file a bug using Github #655
Comments
|
Hey @AlfonsoML, thanks for filing. FWIW, I totally agree with you. Unfortunately GitHub doesn't yet provide an oauth scope that restricts access to issues. :( If you'd like to contact GitHub and make that suggestion that might help--we've also asked them to do the same. |
karlcow
changed the title
|
Question: if the user is not filing through webcompat.com UI but directly on GitHub, I guess s/he doesn't need to grant any permissions at all? Could we offer that as a third option, for users who know what they are doing? |
|
Yes, possibly. But GitHub doesn't allow for issue templates so we may find that the quality of the bugs varies wildly. The Webcompat UI at least forces some notion of consistency. Maybe this is just a theoretical concern though. Right now nothing will break (I think). |
|
What if we add in small print underneath the "report" buttons "You can also copy the text you entered above and click here to add a new bug through GitHub. This lets you report under your user name without having to grant our app access to your GitHub account." |
|
Even better - GitHub supports some query string arguments to /issues/new - I just tested :) So we can update that link in real time and add ?title=foo&body=bar |
|
Cool. I can work on this tomorrow morning. |
|
Same concerns than @miketaylr
Issue: Screenshot feature? Maybe not, just something to add to the body. |
|
Hm.. The screenshot feature should "just work" (famous last words) if it submits an image to a GitHub service and gets a magic markdown string back that is added to the body. That magic string is of course passed on to GitHub with the rest of the text with the [Report via GitHub] option.. Is there any functional difference between your [Report via Webcompat] and [Report via GitHub], @karlcow? If we had a [Report via GitHub] button, would be need the webcompat one? |
If I understood your proposal is about making an HTTP POST to the Web site (a bit like a selenium test). Not talking to the API of Github directly. |
|
Let's close until GitHub announces finer grained OAuth scopes. |
|
It seems like something is coming: https://developer.github.com/early-access/integrations/#granular-permissions (still not ready for public to use yet tho... but promising!) |
|
Reopening the issue, after a comment by @dbaron on a recent bug. I was wondering if GitHub was now offering finer granularity. I need to dig a bit more the docs. |
|
To note that the issue is known by GitHub |
|
if I check my current Scopes in my headers, I get |
|
In https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps/ |
|
ok closing again for now. |
|
This is potentially interesting.
and
|
|
@zoepage It's not obvious to me that this is an enhancement. Right now, to file through webcompat.com, I'm required to give webcompat.com the ability to write the code in all the public repositories that I have access to, which is a serious overreach and certainly a vector for security breach access to spread, should webcompat.com get breached. @miketaylr What are your thoughts on converting this to a Github App? Is that a substantial amount of work? |
|
A far simpler solution to writing an entire Github App is to use Github's support for prefilling issues with query parameters. When you click "file", it uploads all images server-side using the API and generates a link, which you are navigated to. You can then submit it after making any edits you need to. |
|
@Manishearth wow! I didn't know this existed. |
|
Added backlog to reopen when it's time to work on it. |
|
Our low band-aid for this is to report anonymously and leave your github username in the field allowing it. It's not perfect but easier than redeveloping the oauth for Github App in our current resources. |
|
This might become more urgent with the #3118 events. |
|
@karlcow isn't the thing described in #655 (comment) a way to avoid a big rewrite? |
|
@dmose it seems interesting, but I don't think it will solve our issues. Maybe I'm wrong.
So I interpret this as only people with specific permissions on the repo will be able to file a complete report as we wish it to be. |
The only thing you will lose out on is labeling, and you can write a pretty lightweight bot to label issues based on metadata in a comment at the end of it or whatever. |
|
You can also use this feature in conjunction with issue templates to autoset labels, but y'all have a lot of them and getting the entire set of possible labels into templates would be annoying. |
|
So to be clear, the issue we are talking about here is people reporting issue with https://webcompat.com/issues/new and wants to log in as a GitHub user to have the report made under their name. The form is created by webcompat.com and then sent to GitHub. We are not using the GitHub form templates to file issues currently (except for the very rare case where people use directly GitHub). This for example doesn't solve our issues. :) It just creates a prefilled form on GitHub, not on webcompat.com |
|
Right, I understand what you want to achieve here. What I'm suggesting is this:
There are two problems here: images, and labels. You can't send images through the query string, and you can't use labels since not everyone has permissions to use labels on the repo. For the former, you can preupload the images server-side and then just insert links. For the latter, you can note the relevant metadata in the issue and have a bot apply the correct labels. I mentioned templates because templates are one way to get around the label restriction, GitHub allows templates to come with preset labels, and you can use the query string thing with templates. But this workaround requires you create one template for each label combination, and is a big hack, using a bot for labeling seems easier. |
|
@Manishearth Thanks for explaining. I understood you were trying to redirect the users to github. :)
|
|
Ah, so then we should be all set? We just need to replace the server side stuff that the "report via github" button does with a simple link generator thing. This doesn't fix anonymous filling, but it makes the github filling much easier and less permissionsy. |
|
it means we have an option if we accept to get out of the current UX workflow. :) |
|
Someone on matrix made the comment about the excessive permissions required by webcompat.com. @ksy36 We should at least re-evaluate seriously what needs to be done to change the code. Then when we have a better idea of the amount of efforts we could decide what to do about it. Probably we would get more authenticated users if the system was more granular. |
|
Removing @miketaylr who has probably no time or desire to work on that. |
Yeah, realistically no.
😭 |
Fixes #655 - Convert OAuth app to GitHub app to limit permissions we request
When I tried to file a bug about a website there are two buttons at the bottom "Report via Github" and "Report anonymously", I clicked on Github and then I was prompted to grant too many permissions:
I had expected to only allow permissions on the webcompat repository and granting permission to read my identity and file a bug on my behalf seems like should be enough, no need to give full permissions on everything
The text was updated successfully, but these errors were encountered: