-
-
Save matthewjackowski/87f9c65f2332e2bab504 to your computer and use it in GitHub Desktop.
| def handleAuthError | |
| puts 'Put error handling code here' | |
| end | |
| project_params = { | |
| slug: "test-#{SecureRandom.uuid}", | |
| description: 'wpml_project', | |
| organization: user_data[:org_slug], | |
| :private => true, | |
| source_language_code: 'en', | |
| name: "Test project-#{SecureRandom.uuid}" | |
| } | |
| begin | |
| project = Transifex::Projects.create(project_params) | |
| project.fetch | |
| rescue => e | |
| handleAuthError if e.message.include? 'Authorization Required' | |
| end |
Other concern was regarding the Gem itself and not the API. Since 'Transifex.configure do block' uses class variables - my concern was that users requests will override each others since client never gets instantiated but instead uses global config and request handling creates new thread. This is partially solved on our side by isolating the code that communicates with third party API's into worker processes.
Does this kind of global configuration imply that Gem was meant to be used with one set of credentials / one API user?
Yes, I agree the intent is to use a single set of credentials at a time. Using security credentials between multiple systems is very problematic with just username and password and can often result in these values being stored remotely without the users knowledge. A better solution is to us a Auth protocol like OAuth which works off of tokens that a user can revoke.
Although, I'm not sure I understand why you need to authenticate as multiple different users. It's really difficult for me to understand what you are trying to accomplish without seeing the code that you are referencing.
This is only a PoC script an as such, many things differ from actual process on production. Eg. project name is generated from WordPress plugin WPML. UNIX timesamp was used only in this PoC script as some degree of guarantee that it will be unique - to some degree. On production we use SHA256 hashes generated from secret salt and number of padded primary keys took from database records that are relevant to project being created. This was we have one-way confirmation of project content.
With this code example I wanted to express concern about current procedure of checking exceptions message to handle different error scenatios without noticing that it also contains adequate HTTP code.