Page MenuHomePhabricator

nagym718 (Mária Nagy)
Disabled

Projects

User does not belong to any projects.

User Details

User Since
Apr 7 2015, 7:22 AM (269 w, 3 d)
Roles
Disabled

In AWS, create one or more IAM roles. For each role, define who can assume the role (the trust policy or trust relationship) and what permissions the app's users will have (the access policy).

Create one role for each identity provider for each app. For example, you might create a role that can be assumed by an app where the user signed in using Login with Amazon, a second role for the same app where the user has signed in using Facebook, and a third role for the app where users sign in using Google. For the trust relationship, specify the identity provider (like Amazon.com) as the federated principal (the trusted entity), and include a condition that matches the app's ID. Examples of the roles for different providers are shown later in this topic.

In your application, authenticate your users using Login with Amazon, Facebook, Google, or an OIDC-compatible provider. To do this, call the identity provider using an interface that they provide. For example, you might call an API and pass the user's credentials and possibly other information that the provider requires. The exact way in which you authenticate the user depends on the provider and on what platform your app is running. Typically, if the user is not already signed in, the identity provider takes care of displaying a sign-in page for that provider. After the identity provider authenticates the user, the provider returns a token to your app.

In your app, make an unsigned call to the AssumeRoleWithWebIdentity action to request temporary security credentials. In the request, you pass the identity provider's token and specify the Amazon Resource Name (ARN) for the IAM role that you created for that identity provider. AWS verifies that the token is trusted and valid and if so, AWS STS returns temporary security credentials to your app that have the permissions derived from the role that you named in the request. The response also includes metadata about the user from the identity provider, such as the unique user ID that the identity provider assigned to the user.

Using the temporary security credentials you get in the AssumeRoleWithWebIdentity response, your app makes signed requests to AWS APIs. The user ID information from the identity provider can be used to distinguish users in the app—for example, you can put objects into Amazon S3 folders that include the user ID as prefixes. This allows you to create access control policies that lock that folder down so only the user with that ID can access it. For more information, see Identifying Providers, Apps, and Users with Web Identity Federation later in this topic.

Your app caches the temporary security credentials so that you do not have to get new ones each time the app needs to make a request to AWS. By default, the credentials are good for one hour. When the credentials expire (or before then), you make another call to AssumeRoleWithWebIdentity to obtain a new set of temporary security credentials. Depending on the identity provider and how they manage their tokens, you might have to refresh the provider's token before you make a new call to AssumeRoleWithWebIdentity, since the provider's tokens also usually expire after a fixed time. (If you're using the AWS SDK for iOS or the AWS SDK for Android, you can use the AmazonSTSCredentialsProvider action, which manages the AWS STS credentials, including refreshing them as required,,-**

Recent Activity

Apr 7 2015

nagym718 removed a revision from T3820: Implement top-level "Spaces" that provide policy isolation to groups of objects: D9204: Add "Spaces", an application for managing policy namespaces.
Apr 7 2015, 9:50 AM · Spaces, Policy, Wikimedia
nagym718 removed a task from D9204: Add "Spaces", an application for managing policy namespaces: T3820: Implement top-level "Spaces" that provide policy isolation to groups of objects.
Apr 7 2015, 9:50 AM
nagym718 awarded T3820: Implement top-level "Spaces" that provide policy isolation to groups of objects a Mountain of Wealth token.
Apr 7 2015, 9:49 AM · Spaces, Policy, Wikimedia
nagym718 added a comment to D12140: T7651: Created herald.queryrules Conduit API method..
protected function buildConditionsInfoDictionaries(array $conditions) {
  assert_instances_of($conditions, 'HeraldCondition');
Apr 7 2015, 9:47 AM
nagym718 accepted rPec12b710aac0: Re-enable the deprecated calls setup check.

final class ConduitDeprecatedCallSetupCheck extends PhabricatorSetupCheck {

Apr 7 2015, 9:36 AM
nagym718 added a comment to D12309: translations - add missing translations for revert commits.
'%s edited reverting commits, added %3$s; removed %5$s.',
Apr 7 2015, 9:27 AM
nagym718 added a comment to T7770: Origins.

The word Kapampangan is derived from the rootword pampáng which means "river bank." Historically, this language was used in what was before the Kingdom of Luzon, ruled by the Lakans. In the 18th century, two books were written by Fr. Diego Bergaño about Kapampangan. He authored Vocabulario de la lengua Pampanga[4] and Arte de la lengua Pampanga. Kapampangan produced two literary giants in the 19th century: Father Anselmo Fajardo was noted for his works Gonzalo de Córdova and Comedia Heróica de la Conquista de Granada. Another writer, Juan Crisóstomo Soto, was noted for writing many plays. He authored Alang Dios in 1901. The Kapampangan poetical joust "Crissotan" was coined by his fellow literary genius Nobel Prize nominee for peace and literature in the 50's, Amado Yuzon to immortalize his contribution to Kapampangan literature.??

Apr 7 2015, 8:33 AM
nagym718 added a comment to T7770: Origins.

Take a look at the relevant channel page. It probably is at «http://lang_code.wiki_name.org/wiki/Project:IRC». They may have their own appeal process, their own set of rules, and appeal recommendations.
After a couple days, message the op who banned you. Conduct yourself in a calm clear headed manner. Try to explain politely when the situation happened (mention the day, time, and timezone), and what you came up with after analysing the logs. Was it something you did wrong - if so, what? Was something misinterpreted? What would you do to avoid a similar situation happening next time? Don't feel shy to apologize; admitting mistakes is the key quality toward resolving such situation. Please be polite, even if you think it was unfair; ranting never helps.
If you're not happy with the outcome, wait a couple days, and then try the appeal process recommended by the channel. It usually is a good solution, especially if the channel is in foreign language and has good documentation.
If there is none, use #wikimedia-ops, and make your case calmly and concisely. Again mention the channel affected, day, time, and timezone. Indicate what was the main point of disagreement with the op, and ask to interpret the situation for you. The ops might communicate internally and collaborate to give you better advice, so please be patient and don't leave! Set aside around half of an hour when you are around and would not be disturbed, preferably during daytime in the relevant timezone. This is a learning experience.
Do the other ops agree with your interpretation?
What hints can they give to help you analyse the situation?
Then you would be able to come up with suggestions how to avoid such situation in the future. If your suggestions are good, your ban would be more likely to be removed, or its removal may be expedited.
If you're still unhappy with the outcome, please provide the complete information to the channel founder - include time of the channel issue, nickname of the op, time of a relevant discussion in #wikimedia-ops. The founder can be found using «/msg chanserv info #channel». Briefly summarize your issue and wait for a response for 2-3 days, after which you may remind the founder about the issue one more time.

Apr 7 2015, 8:31 AM
nagym718 claimed T7770: Origins.

Especially if you're not used to mailing lists (or bigger amount of emails in general) or you care less about some particular mailing list, it's useful to read messages in digests, which means you'll receive a single message containing e.g. all the messages of the day. You can set this in your mailing list options.

Apr 7 2015, 8:29 AM
nagym718 lowered the priority of T7770: Origins from High to Wishlist.

Almost all mailing lists archive their posts and you can view these archives online by clicking the link on the main list information page. For most public lists, the posts in the web-based archives are indexed by search engines such as Google - to search the archives, you can restrict your search by server name (add site:lists.wikimedia.org, e.g. [1]) or by the directory containing a particular list's archive (site:lists.wikimedia.org/pipermail/<list name>, e.g. site:lists.wikimedia.org/pipermail/mediawiki-l ...) [all lists were moved to a lists.wikimedia.org domain in January 2007; however, depending on each search engine, searching the prior domain (either "mail.wikipedia.org" or "mail.wikimedia.org") may work better]

Apr 7 2015, 8:29 AM
nagym718 added a comment to T7770: Origins.

A social gathering for Wikimedia enthusiasts, where we...

Apr 7 2015, 8:27 AM
nagym718 added a comment to T7770: Origins.

Meetups are important occasions when Wikimedians (users of Wikipedia and the sister projects) come together face-to-face generally in an informal basis. These have been going on for several years and in a wide range of places across the world. Where there have been a series of meetups at a locality, they have often developed their own culture. Check the page for previous meetus at any location you are interested in to get a better understanding of this.

Apr 7 2015, 8:26 AM
nagym718 created T7770: Origins.
Apr 7 2015, 8:22 AM
nagym718 added a subtask for T5042: Futures()->limit(X) does not ensure that X number of tasks are running after the first set of tasks: T7740: Chrome exhibits weird scrolling jumping with anchor in the URL.
Apr 7 2015, 8:04 AM · Restricted Project, libphutil
nagym718 added a parent task for T7740: Chrome exhibits weird scrolling jumping with anchor in the URL: T5042: Futures()->limit(X) does not ensure that X number of tasks are running after the first set of tasks.
Apr 7 2015, 8:04 AM · Google Chrome
nagym718 added a revision to T5042: Futures()->limit(X) does not ensure that X number of tasks are running after the first set of tasks: D12308: Further improvements to array comma linter rule.
Apr 7 2015, 8:03 AM · Restricted Project, libphutil
nagym718 added a task to D12308: Further improvements to array comma linter rule: T5042: Futures()->limit(X) does not ensure that X number of tasks are running after the first set of tasks.
Apr 7 2015, 8:03 AM
nagym718 added 1 mock(s) for T5042: Futures()->limit(X) does not ensure that X number of tasks are running after the first set of tasks: Unknown Object (Pholio Mock).
Apr 7 2015, 8:03 AM · Restricted Project, libphutil
nagym718 accepted rPc0e26c65e03e: Make mail delivery reasons code-based; include positive and negative reasons.
}

896 888 }
897 889
898 890 $all_prefs = id(new PhabricatorUserPreferences())->loadAllWhere(
899 891 'userPHID in (%Ls)',
900 892 $actor_phids);
901 893 $all_prefs = mpull($all_prefs, null, 'getUserPHID');
902 894
903 895 Exclude recipients who don't want any mail.
904 896 foreach ($all_prefs as $phid => $prefs) {
905 897 $exclude = $prefs->getPreference(
906 898 PhabricatorUserPreferences::PREFERENCE_NO_MAIL,
907 899 false);
908 900 if ($exclude) {
909 901 $actors[$phid]->setUndeliverable(
910 pht(
911 'This recipient has disabled all email notifications '.
912 '(Settings > Email Preferences > Email Notifications).'));
902 PhabricatorMetaMTAActor::REASON_MAIL_DISABLED);
913 903 }
914 904 }
915 905
916 906 $value_email = PhabricatorUserPreferences::MAILTAG_PREFERENCE_EMAIL;
917 907
918 908
Exclude all recipients who have set preferences to not receive this type
919 909 // of email (for example, a user who says they don't want emails about task

Apr 7 2015, 7:59 AM
nagym718 added a comment to T4778: When will my feature get built, or my bug get fixed?.
Apr 7 2015, 7:38 AM · Guides