= problem =
Fedora and bugzilla use different account systems - sometimes the emails are the same, other times they are not.
When proposing a blocker/fe bug, we want to add the user to the bug's cc list but that can only happen if a valid bugzilla account is used.
= analysis =
The problem can be worked around in multiple ways: 1. Assume that the user enters a correct bz email (no typos, bz_email concept understood) and * allow proposals w/o adding the user to the bug's cc list * fail the proposal if the bz email does not work 2. Auth against bugzilla instead of FAS 3. Auth against bugzilla for the first proposal and associate a valid bugzilla account with each FAS account used for proposing blockers. * The bugzilla password would '''NOT''' be stored in the blocker tracking app, merely used to verify that the user does have control over the bugzilla account in question and discarded as soon as the initial auth against bugzilla is complete * On blocker/FE proposal, the associated email address would be added to the cc list of the bug being proposed (using the blockergbugs account)
= enhancement recommendation =
(2) is not really a good solution to this and will be ignored.
(1) seems to be a little user-unfriendly and a sub-optimal solution in terms of number of bugzilla requests (either authing against bugzilla for every proposal or handling errors with invalid emails)
(3) seems like the best solution for now and would require: * new database table to store bugzilla email address associations * checking for bugzilla account association before moving on to the blocker proposal page * code to auth a user against bugzilla without storing any cookies or traces of the password locally * filling in the proposal form with the bugzilla email as a non-editable field
Fixed in [http://git.fedorahosted.org/cgit/blockerbugs.git/commit/?h=develop&id=4ffd2dd5700cab8c676ce794720f1e9a5edeb485 4ffd2dd5700cab8c676ce794720f1e9a5edeb485]
Log in to comment on this ticket.