jenkins-bot has submitted this change and it was merged.
Change subject: Really fail if OAuth request source IP is invalid.
......................................................................
Really fail if OAuth request source IP is invalid.
Change-Id: Ieabb95b33a5a9cc433136c70d380cfbde3f2f923
---
M backend/MWOAuthServer.php
M i18n/en.json
M i18n/qqq.json
3 files changed, 7 insertions(+), 5 deletions(-)
Approvals:
CSteipp: Looks good to me, approved
Siebrand: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/backend/MWOAuthServer.php b/backend/MWOAuthServer.php
index 4a36c25..384139b 100644
--- a/backend/MWOAuthServer.php
+++ b/backend/MWOAuthServer.php
@@ -82,27 +82,27 @@
/**
* Ensure the request comes from an approved IP address, if IP
restriction has been
- * setup by the Consumer.
+ * setup by the Consumer. It throws an exception if IP address is
invalid.
*
* @param MWOAuthConsumer $consumer
* @param MWOAuthRequest $request
- * @return bool
+ * @throws MWOAuthException
*/
private function checkSourceIP( $consumer, $request ) {
$restrictions = $consumer->get( 'restrictions' );
$requestIP = $request->getSourceIP();
if ( !isset( $restrictions['IPAddresses'] ) ) {
- return true; // sanity; should not happen
+ throw new MWOAuthException( 'bad-source-ip' ); //
sanity; should not happen
}
foreach ( $restrictions['IPAddresses'] as $range ) {
if ( \IP::isInRange( $requestIP, $range ) ) {
- return true;
+ return;
}
}
- return false;
+ throw new MWOAuthException( 'bad-source-ip' );
}
/**
diff --git a/i18n/en.json b/i18n/en.json
index 5d059be..538dabf 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -183,6 +183,7 @@
"mwoauthdatastore-access-token-not-found": "No approved grant was found
for that authorization token.",
"mwoauthdatastore-request-token-not-found": "Sorry, something went wrong
connecting this application.\nGo back and try to connect your account again, or
contact the application author.\n\n<span class=\"plainlinks
mw-mwoautherror-details\">OAuth token not found,
[https://www.mediawiki.org/wiki/Help:OAuth/Errors#E004 E004]</span>",
"mwoauthdatastore-bad-token": "No token was found matching your request.",
+ "mwoauthdatastore-bad-source-ip": "The request came from an invalid IP
address.",
"mwoauthdatastore-bad-verifier": "The verification code provided was not
valid.",
"mwoauthdatastore-invalid-token-type": "The requested token type is
invalid.",
"mwoauthgrants-general-error": "There was an error in your OAuth request.",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 9f4ec31..9914e98 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -188,6 +188,7 @@
"mwoauthdatastore-access-token-not-found": "Error message when an
invalid access token was submitted",
"mwoauthdatastore-request-token-not-found": "Error message when an
invalid request token was submitted",
"mwoauthdatastore-bad-token": "Error message when an invalid token was
submitted",
+ "mwoauthdatastore-bad-source-ip": "Error message when a request comes
from an IP address which is not among those whitelisted",
"mwoauthdatastore-bad-verifier": "Error message when an invalid
verification code was submitted",
"mwoauthdatastore-invalid-token-type": "Error message when an invalid
page was requested",
"mwoauthgrants-general-error": "Generic error, when something
unexpected happened while processing the OAuth request",
--
To view, visit https://gerrit.wikimedia.org/r/153028
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ieabb95b33a5a9cc433136c70d380cfbde3f2f923
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Mitar <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
