blender/blender-addons
19
43
Fork 96
Code Issues 627 Pull Requests 27 Projects 1 Releases Wiki Activity

Blender-ID add-on for inclusion as OFFICIAL #49008

New Issue
Closed
opened 2016-08-03 10:08:22 +02:00 by Francesco Siddi · 10 comments
Francesco Siddi commented 2016-08-03 10:08:22 +02:00
Member
Copy Link

This add-on allows you to authenticate your Blender with your Blender ID account. This authentication can then be used by other add-ons, such as the Blender Cloud add-on.

* The repo with the code is [hosted on developer.blender.org ](https://developer.blender.org/diffusion/BIA/) * There has already been a review with Campbell in infrastructure/blender-id#48024 * Wiki page https://wiki.blender.org/index.php/Extensions:2.6/Py/Scripts/System/BlenderID This add-on allows you to authenticate your Blender with your Blender ID account. This authentication can then be used by other add-ons, such as the Blender Cloud add-on.
Sergey Sharybin was assigned by Francesco Siddi 2016-08-03 10:08:22 +02:00
Francesco Siddi commented 2016-08-03 10:08:22 +02:00
Author
Member
Copy Link

Changed status to: 'Open'

Changed status to: 'Open'
Francesco Siddi commented 2016-08-03 10:08:22 +02:00
Author
Member
Copy Link

Added subscriber: @fsiddi

Added subscriber: @fsiddi
Francesco Siddi commented 2016-08-03 10:09:08 +02:00
Author
Member
Copy Link

Added subscribers: @dr.sybren, @mont29

Added subscribers: @dr.sybren, @mont29
Sergey Sharybin commented 2016-08-03 12:55:47 +02:00
Owner
Copy Link

Looked over the code. Generally seems fine to me, but couple of points:

Avoid using global scope imports, especially of heave and barely used things like json. Try making such imports local in functions.

I'm a bit corned about server replying whether its incorrect user or incorrect password. This is something what was discovered in SSH and assigned a score of 5 : CVE-2016-6210. Would think we should just tell that credentials are incorrect and don't go into details.

Looked over the code. Generally seems fine to me, but couple of points: Avoid using global scope imports, especially of heave and barely used things like json. Try making such imports local in functions. I'm a bit corned about server replying whether its incorrect user or incorrect password. This is something what was discovered in SSH and assigned a score of 5 : CVE-2016-6210. Would think we should just tell that credentials are incorrect and don't go into details.
Bastien Montagne commented 2016-08-03 16:34:25 +02:00
Owner
Copy Link

Did only very quick skimming, but lgtm too… POints raised by @Sergey are valid for sure, but those can also be addressed once in repo…

Did only very quick skimming, but lgtm too… POints raised by @Sergey are valid for sure, but those can also be addressed once in repo…
Sybren A. Stüvel commented 2016-08-04 12:45:52 +02:00
Member
Copy Link

In #49008#384662, @Sergey wrote:
Avoid using global scope imports, especially of heave and barely used things like json. Try making such imports local in functions.

Fixed in infrastructure/blender-id-addon@f02fefd8d0

I'm a bit corned about server replying whether its incorrect user or incorrect password. This is something what was discovered in SSH and assigned a score of 5 : CVE-2016-6210. Would think we should just tell that credentials are incorrect and don't go into details.

Fixed in the add-on in infrastructure/blender-id-addon@eccfb2efc4, and in BlenderID itself in infrastructure/blender-id@286aca1cb4. I also implemented blinding of the password check, so that an attacker can't determine whether the username exists based on the timing of the response.

> In #49008#384662, @Sergey wrote: > Avoid using global scope imports, especially of heave and barely used things like json. Try making such imports local in functions. Fixed in infrastructure/blender-id-addon@f02fefd8d0 > I'm a bit corned about server replying whether its incorrect user or incorrect password. This is something what was discovered in SSH and assigned a score of 5 : CVE-2016-6210. Would think we should just tell that credentials are incorrect and don't go into details. Fixed in the add-on in infrastructure/blender-id-addon@eccfb2efc4, and in BlenderID itself in infrastructure/blender-id@286aca1cb4. I also implemented blinding of the password check, so that an attacker can't determine whether the username exists based on the timing of the response.
Sergey Sharybin commented 2016-08-04 14:20:59 +02:00
Owner
Copy Link

One last thing: we should strip out your part of the code which does cacert.pem tricks. We only missed this file for msvc2015 builds which i've fixed now.

Stripping out that part of code gives 35% speedup of warm Blender startup.

One last thing: we should strip out your part of the code which does `cacert.pem` tricks. We only missed this file for msvc2015 builds which i've fixed now. Stripping out that part of code gives 35% speedup of warm Blender startup.
Sybren A. Stüvel commented 2016-08-04 15:21:17 +02:00
Member
Copy Link

Done in infrastructure/blender-id-addon@d26cba9d56.

The plan is as follows. B'ID add-on version

Done in infrastructure/blender-id-addon@d26cba9d56. The plan is as follows. B'ID add-on version - 1.1.x will be the last to target 2.77a (and the last to be bundled with the Blender Cloud addon). - 1.2.0 includes infrastructure/blender-id-addon@d26cba9d56, and will be the one to be bundled with 2.78.
blender-admin commented 2016-08-07 11:37:23 +02:00
Copy Link

This issue was referenced by 84a93440fd

This issue was referenced by 84a93440fd5c5ecbe80d7bb9743c1747d0bde3eb
Sybren A. Stüvel commented 2016-08-07 11:41:01 +02:00
Member
Copy Link

Changed status from 'Open' to: 'Resolved'

Changed status from 'Open' to: 'Resolved'
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
Interest
Animation & Rigging

  
Interest
Blender Cloud

  
Interest
Collada

  
Interest
Core

  
Interest
Documentation

  
Interest
Eevee & Viewport

  
Interest
Geometry Nodes

  
Interest
Grease Pencil

  
Interest
Import and Export

  
Interest
Modeling

  
Interest
Modifiers

  
Interest
Nodes & Physics

  
Interest
Pipeline, Assets & IO

  
Interest
Platforms, Builds, Tests & Devices

  
Interest
Python API

  
Interest
Rendering & Cycles

  
Interest
Sculpt, Paint & Texture

  
Interest
Translations

  
Interest
User Interface

  
Interest
UV Editing

  
Interest
VFX & Video

  
Meta
Good First Issue

  
Meta
Papercut

  
Module
Add-ons (BF-Blender)

  
Module
Add-ons (Community)

  
Platform
Linux

  
Platform
macOS

  
Platform
Windows

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Interest
Animation & Rigging
Interest
Blender Cloud
Interest
Collada
Interest
Core
Interest
Documentation
Interest
Eevee & Viewport
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
Import and Export
Interest
Modeling
Interest
Modifiers
Interest
Nodes & Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds, Tests & Devices
Interest
Python API
Interest
Rendering & Cycles
Interest
Sculpt, Paint & Texture
Interest
Translations
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Meta
Good First Issue
Meta
Papercut
Module
Add-ons (BF-Blender)
Module
Add-ons (Community)
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Sergey Sharybin
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender-addons#49008
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?