[odrs-web: 2/3] odrs: Generate user_skey from the response app_id

From: Richard Hughes <rhughes src gnome org>
To: commits-list gnome org
Cc:
Subject: [odrs-web: 2/3] odrs: Generate user_skey from the response app_id
Date: Wed, 16 Mar 2022 14:58:37 +0000 (UTC)


commit 8830991ed21f48b096fa6cbf13ea6ffa59e680c5
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Mar 11 16:06:55 2022 +0000

    odrs: Generate user_skey from the response app_id
    
    This is almost entirely based on an investigation by Milan Crha, who
    deserves the credit for this fix:
    https://gitlab.gnome.org/GNOME/gnome-software/-/issues/1010#note_1405055.
    
    Previously, the `user_skey` in each review returned by the `fetch`
    endpoint was being generated from the `user_hash` and `app_id` in the
    HTTP request.
    
    That doesn’t work if the returned reviews cover multiple app IDs, as can
    happen when `compat_ids` are used. For example, my cached
    `~/.cache/gnome-software/odrs/org.gnome.Weather.json` file contains
    reviews with `app_id`s set to:
     * `org.gnome.Weather`
     * `org.gnome.Weather.Application.desktop`
     * `org.gnome.Weather.desktop`
    
    The `user_skey` associated with all of them is identical, and is only
    valid for ID `org.gnome.Weather`.
    
    Fix this by generating a `user_skey` to match the `app_id` in each
    returned review. Continue to use the `user_hash` provided in the HTTP
    request, so the `user_skey` continues to be unique to the requesting
    user.
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>

 app_data/odrs/views_api.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/app_data/odrs/views_api.py b/app_data/odrs/views_api.py
index f2cdbe8..a9ddb76 100644
--- a/app_data/odrs/views_api.py
+++ b/app_data/odrs/views_api.py
@@ -262,7 +262,7 @@ def api_fetch():
         # return all results
         item_new = review.asdict(request_item['user_hash'])
         item_new['score'] = _get_review_score(review, request_item)
-        item_new['user_skey'] = _get_user_key(request_item['user_hash'], request_item['app_id'])
+        item_new['user_skey'] = _get_user_key(item_new['user_hash'], item_new['app_id'])
 
         # the UI can hide the vote buttons on reviews already voted on
         if _vote_exists(review.review_id, user.user_id):
@@ -276,7 +276,7 @@ def api_fetch():
         item_new['score'] = 0
         item_new['app_id'] = request_item['app_id']
         item_new['user_hash'] = request_item['user_hash']
-        item_new['user_skey'] = _get_user_key(request_item['user_hash'], request_item['app_id'])
+        item_new['user_skey'] = _get_user_key(item_new['user_hash'], item_new['app_id'])
         items_new.append(item_new)
 
     # sort and cut to limit

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]