From ApiFusion
Jump to: navigation, search


Org scope

The import process runs in the scope of organization creating if necessary

  1. project within organization( defaults to current org )
  2. repository in Project/Sources

The creation of organization is a separate flow due to need for confirmed authentication and ownership. Auto-Creation could be added if owner authentication within org could be defined synchronously( during import process ).

VC repo authentication

Import process would not take any measurements towards security and version control ( VC ) access authentication. The only way of access to private repository protected with user credentials is to pass those in plain as part of URL.

Legal disclaimer

the VC URL is a visible to public record in Source:org/proj/Source/repo page. Do not use security sensitive information in URL including user name and password.

Way around:

  1. Use local Apache server URL with reverse proxy which use authenticated URL
  2. Run own instance of git-restful server and keep VC authentication in config or via authentication agent omitting the user credentials in URL.
  3. The git-restful server and platform could be installed locally in secure intranet. Import to the local AF instance first and synchronize *project/Source/repo* to public AF site. Still you should be OK with having URL exposed in Source:org/proj/Source/repo page locally and do not export this page to public site.

Discreet flow steps

Each step is a separated as logistically as visually.

  • The step could not be reversed hence the UX of passed step should be disabled
  • The steps have a straight dependency hence UX of non-current step should be disabled