Sorry, Nicolas it looks like I lost the BOINC dev e-mail group in the last reply. I've sent this here again to everyone.
Proposed changes have been added as a pull request here: https://github.com/ BOINC/boinc/pull/1943 On Sun, Jun 18, 2017 at 6:15 AM, Greg Agnew <[email protected]> wrote: > Proposed changes have been added as a pull request here: > https://github.com/BOINC/boinc/pull/1943 > > On Fri, Jun 16, 2017 at 5:34 PM, Greg Agnew <[email protected]> wrote: > >> I should say I simply want a way to call the API with an email address, >> and get their credits earned in return. >> >> Either e-mail -> userid, then userid -> credits earned, or directly >> e-mail -> credits earned. >> >> Currently the only way to do this is to go through join a team, and then >> query the team for users. I'd like my users to be able to signup >> independent of any team they wish to join, or are already a part of. >> >> On Fri, Jun 16, 2017 at 5:30 PM, Greg Agnew <[email protected]> wrote: >> >>> Is there anyway I can tie a CPID to an e-mail address without the users >>> authentication hash? >>> >>> I'm not sure what you mean by enumerating emails, but there seems to be >>> no way to scrape the API. >>> >>> If the API exposed the userID in the loopup_account call there is no >>> security problem, since it is E-mail -> userid match, and not the other way >>> around. >>> >>> On Thu, Jun 15, 2017 at 11:31 AM, Nicolás Alvarez < >>> [email protected]> wrote: >>> >>>> The CPID is explicitly designed to prevent enumerating email addresses >>>> (otherwise we could have just used md5(email)), so I guess the inability to >>>> look up an account by email address alone is also intentional. >>>> >>>> -- >>>> Nicolás >>>> >>>> > El 15 jun 2017, a las 09:18, Greg Agnew <[email protected]> >>>> escribió: >>>> > >>>> > Hi everyone, I have some problems with the WebRPC API. >>>> > >>>> > I am developing software that would pull users credit information >>>> from each >>>> > project. >>>> > >>>> > The problem I have is accessing that credit information using their >>>> e-mail >>>> > address. It has to be e-mail address so that I can confirm the owner >>>> of the >>>> > credit is the same owner as the e-mail. (Sending them an e-mail >>>> activation >>>> > link). >>>> > >>>> > Then use the user id to access the show_user call. The only other way >>>> to >>>> > get credit information is requiring the authentication string. >>>> > >>>> > Currently the only way to confirm email to userid is using the >>>> > authentication string with am_get_info. >>>> > Since the authentication string contains the users e-mail this is >>>> redundant. >>>> > >>>> > The authentication should not be required because it is an obvious >>>> security >>>> > flaw as it exposes their accounts entirely to me. >>>> > >>>> > I should be able to confirm the userid to email without requiring the >>>> > authentication string. Then use the userid to lookup credit >>>> information. >>>> > >>>> > EG: >>>> > >>>> > project/[email protected] >>>> > >>>> > Should return: >>>> > >>>> > <account_out> >>>> > <userid>123</userid> >>>> > <success/> >>>> > </account_out> >>>> > >>>> > >>>> > This would allow me to accept emailAddress and userID at a third party >>>> > website, and confirm that they are connected within your project. >>>> > >>>> > Thanks in advance, >>>> > >>>> > Greg >>>> > _______________________________________________ >>>> > boinc_dev mailing list >>>> > [email protected] >>>> > https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev >>>> > To unsubscribe, visit the above URL and >>>> > (near bottom of page) enter your email address. >>>> >>> >>> >> > _______________________________________________ boinc_dev mailing list [email protected] https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
