MWX/Invite/notes/take 1

From Woozle Writes Code
< MWX‎ | Invite‎ | notes
Jump to navigation Jump to search

I tried descending my page from SpecialCreateAccount, and overriding its methods when a valid invite has not been received, but got caught up in a tangle of internal security checks which never seemed to be satisfiable. I then came across a note in the AuthManager source code: 

* If you are looking at this because you are working on an extension that creates its own
* login or signup page, then 1) you really shouldn't do that, 2) if you feel you absolutely
* have to, subclass AuthManagerSpecialPage or build it on the client side using the clientlogin
* or the createaccount API. Trying to call this class directly will very likely end up in
* security vulnerabilities or broken UX in edge cases.

...where "security vulnerability" plus "broken UX" sounds kinda like what I was running into, subclassing SpecialCreateAccount (and having already tried subclassing from its parent, LoginSignupSpecialPage).

So I figured maybe this wasn't the right way to go... and there certainly didn't seem to be any instructions on how to make it work right.

AuthManager, however, seems to be strictly for handling logins and creating accounts; I don't need to modify any of that behavior, just grant access to existing functionality. So that doesn't seem like the right path either.

That said, I haven't yet tried subclassing AuthManagerSpecialPage (which doesn't seem to exist??) -- but when all the functionality I want is in SpecialCreateAccount, it doesn't seem right to subclass anything else (because I'd have to replicate that functionality, increasing technical debt).

Retrieved from "https://wooz.dev/mw/index.php?title=MWX/Invite/notes/take_1&oldid=1162"