[aur-dev] cookies + suspended account
Angel Velásquez
angvp at archlinux.org
Wed Feb 27 10:07:22 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26/02/13 16:20, Daniel Wallace wrote:
> Hello, I have been having to deal with some idiot who is pissed off
> in the aur for some reason. He keeps marking all my packages out
> of date. And somehow he is able to continually do this even after
> I have suspended his account. I am not sure if this is because of
> the cookie still working and him still being logged in.
>
> Would it be possible to add captchas to flag packages out of date,
> or to make it so that suspending an account kills the cookie?
>
> https://aur.archlinux.org/account/YyTe/
> https://aur.archlinux.org/account/293oHrnk/
> https://aur.archlinux.org/account/iou
> https://aur.archlinux.org/account/b2qLe1Np/
>
> Thanks,
>
For solving the problem right now -quick and dirty-, we just have to
add a validation (tsk tsk anyone who wants to sum contributions can
code this silly patch), if the user is suspended don't let him flag
the package and actually redirect him to the logout page (to kill
those cookies).
Then again, we must re-think how to handle this issue better, is
horrible to repeat that validation everywhere. Don't we have a magic
function/class which we should invoke for checking permissions on
every interaction with the user? -long time without checking the aur
code-.
Cheers.
- --
Be a local everywhere!
Angel Velasquez
CTO/Co-Founder @ citibuddies
Arch Linux Developer
@citibuddies @angvp #citibuddies
http://www.citibuddies.com
http://www.angvp.com.ar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRLiEqAAoJEEKh2xXsEzutq3IH/jviDOZJhmy9aZoSqzqe27vZ
yGNropWpdSNH6WW3NF1FWFeXFBWKG7crQP77hOvVshbWJRvMJpVbDM6236boPa1r
wTwFofHBo6/+T7j0KUm6GdG21B5kHxh8pNFTUzg3GZn8d0QkFnCtr3X9IB+l/VTM
KP8Wc6uiIFI6CwQLAEmYueSwD6uJAMLKK0sxDW1rSxBBKExbImnGBjSSN11grtL7
E9Cj/QlphlTZAWTs054LyJbQSRm0uu8IT363long2pbWYLxnONqNzKyWJcxiyX0R
CHaGl/28MQfyiYpGFb153qAR7Qp0rZfsGM2lOANweSJYIW/XHVdE1Mgn7yXpXtk=
=6Bnl
-----END PGP SIGNATURE-----
More information about the aur-dev
mailing list