jenkins-bot has submitted this change and it was merged.
Change subject: Improving doc. on how OAuth is integrated in MW
......................................................................
Improving doc. on how OAuth is integrated in MW
Reworked version, with tabs instead of spaces.
* Following code format recommendations
* Making sure that cURL calls are SSL only if it is configured
* Added more notes on the process
Change-Id: I3732eb25525be800efcc633447dc188427e743ea
---
M examples/testClient.php
1 file changed, 170 insertions(+), 20 deletions(-)
Approvals:
CSteipp: Looks good to me, approved
jenkins-bot: Verified
diff --git a/examples/testClient.php b/examples/testClient.php
index f6847e0..b949257 100644
--- a/examples/testClient.php
+++ b/examples/testClient.php
@@ -4,8 +4,30 @@
die( "CLI-only test script\n" );
}
+
/**
- * A basic client for overall testing
+ * Testing integration with MediaWiki OAuth Extension
+ *
+ * The current extension follows OAuth 1.0a spec and while the
+ * extension works, you have to be aware of a few quirks.
+ *
+ * This sample is there to help you work your mind through the OAuth
+ * process. Its assuming your MediaWiki installation has this extension
+ * installed so you can become your own OAuth service provider. In other
+ * words, users in the wiki will be able to make various APIs calls
+ * to this wiki using OAuth tokens.
+ *
+ * PLEASE NOTE:
+ *
+ * Remember that OAuth 1.0 expects that the GET Request parameters
+ * are sorted in some order, then to have it hashed.
+ *
+ * In relation to MW; One known caveat is that the `$baseurl` has to
+ * be calling to your MediaWiki's `index.php` with
+ * `index.php?title=Special:OAuth` directly.
+ *
+ * Otherwise the extension will return an URL that way, and will break the
hash
+ * signature and you will get an error.
*/
function wfDebugLog( $method, $msg) {
@@ -15,71 +37,199 @@
require __DIR__ . '/../lib/OAuth.php';
+/**
+ * Local to this example
+ *
+ * Whether you want to also see
+ * the objects being sent to the wire.
+ */
+$moreVerbose = false;
+
+/**
+ * Consumer key
+ *
+ * This is the application key you would
+ * get from the application you want to connect
+ * with your MediaWiki installation.
+ */
$consumerKey = 'dpf43f3p2l4k3l03';
+
+/**
+ * Secret
+ *
+ * This is the generated secret key
+ * that you would get when you ask.
+ */
$consumerSecret = 'kd94hf93k423kf44';
-$baseurl = 'https://localhost/wiki/index.php?title=Special:OAuth';
-$endpoint = $baseurl . '/initiate&format=json&oauth_callback=oob';
-$endpoint_acc = $baseurl . '/token&format=json';
+/**
+ * Base URL
+ *
+ * Set to your MediaWiki address with "index.php?title=Special:OAuth".
+ *
+ * Remember that its a known limitation that you cannot use pretty URLs
+ * in this context.
+ *
+ * Ideally, you should have a SSL VirtualHost, but this test would not
+ * fail if you don't have one yet.
+ */
+$baseurl = 'https://localhost/w/index.php?title=Special:OAuth';
+/**
+ * Request token (a.k.a. the first step)
+ *
+ * The first step starts at "Special:OAuth/initiate" from the extension.
+ *
+ * Note that the `oauth_callback=oob` means "Out Of Band", and we currently
+ * cannot generate an URL based on headers, but from contents of the Response
+ * body (hence "out of band").
+ *
+ * This is due to the fact that the way the extension is made, it'll return
+ * something in the Response body that will need to create the link and
+ * make the user validate, and get the token.
+ */
+$request_token_url = $baseurl . '/initiate&format=json&oauth_callback=oob';
+
+/**
+ * Validate token (a.k.a. the 2nd step)
+ *
+ * This is the URL you use to send back to the application
+ * when that the connecting application gives you when the
+ * user accepted the request.
+ */
+$validate_token_url = $baseurl . '/token&format=json';
+
+
+
+/**
+ * You should not need to edit anything else beyond this point
+ */
+
+// This is to allow you to work without SSL locally
+$baseUrlIsSsl = (bool) preg_match( '/^https/i' , $baseurl );
+
+print <<<HELPTEXT
+
+ Testing OAuth integration with MediaWiki.
+
+HELPTEXT;
+
+/**
+ * First step
+ */
$c = new OAuthConsumer( $consumerKey, $consumerSecret );
-$parsed = parse_url( $endpoint );
+$parsed = parse_url( $request_token_url );
$params = array();
parse_str($parsed['query'], $params);
-$req_req = OAuthRequest::from_consumer_and_token($c, NULL, "GET", $endpoint,
$params);
+$req_req = OAuthRequest::from_consumer_and_token($c, NULL, "GET",
$request_token_url, $params);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$sig_method = $hmac_method;
$req_req->sign_request($sig_method, $c, NULL);
-echo "Calling: $req_req\n";
+print <<<HELPTEXT
+
+
+ First step, asking for an URL to send the user to.
+
+
+HELPTEXT;
+
+echo "Calling: $req_req".PHP_EOL;
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, (string) $req_req );
-curl_setopt( $ch, CURLOPT_PORT , 443 );
-curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+if( $baseUrlIsSsl === true ) {
+ curl_setopt( $ch, CURLOPT_PORT , 443 );
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+}
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
+if( $moreVerbose === true ) {
+ curl_setopt( $ch, CURLOPT_VERBOSE, 1 );
+}
$data = curl_exec( $ch );
if( !$data ) {
- echo 'Curl error: ' . curl_error( $ch );
+ die('cURL error: ' . curl_error( $ch ));
}
-
-echo "Returned: $data\n\n";
$token = json_decode( $data );
-print "Visit
$baseurl/authorize&oauth_token={$token->key}&oauth_consumer_key=$consumerKey\n";
+print <<<HELPTEXT
+
+ Response body should be a JSON object with three keys:
+ - key
+ - secret
+ - oauth_callback_confirmed
+
+ You got: {$data}
+
+
+ ************************
+
+ Step two!
+
+ So far, we made one request and we should have what we need to get
acknowledgement from the end user.
+
+ In order to continue, we have to ask the user for a permission. With
what we just did, it gave us a one-time URL to send our user to.
+
+ The process can continue only if the user accepted it. Once accepted,
MediaWiki's OAuth Extension creates an "oauth_verifier" string that you need to
give for the next step.
+
+ Now, WITH YOUR WEB BROWSER, follow this link and pass through the
validation.
+
+ Link:
{$baseurl}/authorize&oauth_token={$token->key}&oauth_consumer_key={$consumerKey}
+
+
+HELPTEXT;
// ACCESS TOKEN
-print "Enter the verification code:\n";
+print 'What was the "verification value" the MediaWiki installation
gave?'.PHP_EOL;
$fh = fopen( "php://stdin", "r" );
$line = fgets( $fh );
+
+/**
+ * Second step
+ */
$rc = new OAuthConsumer( $token->key, $token->secret );
-$parsed = parse_url( $endpoint_acc );
+$parsed = parse_url( $validate_token_url );
parse_str($parsed['query'], $params);
$params['oauth_verifier'] = trim($line);
-$acc_req = OAuthRequest::from_consumer_and_token($c, $rc, "GET",
$endpoint_acc, $params);
+$acc_req = OAuthRequest::from_consumer_and_token($c, $rc, "GET",
$validate_token_url, $params);
$acc_req->sign_request($sig_method, $c, $rc);
-echo "Calling: $acc_req\n";
+print <<<HELPTEXT
+
+ Going to validate token with another Request to the backend...
+
+HELPTEXT;
+
+echo "Calling: $acc_req".PHP_EOL;
unset( $ch );
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, (string) $acc_req );
-curl_setopt( $ch, CURLOPT_PORT , 443 );
-curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+if( $baseUrlIsSsl === true ) {
+ curl_setopt( $ch, CURLOPT_PORT , 443 );
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+}
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
+if( $moreVerbose === true ) {
+ curl_setopt( $ch, CURLOPT_VERBOSE, 1 );
+}
$data = curl_exec( $ch );
if( !$data ) {
echo 'Curl error: ' . curl_error( $ch );
}
-echo "Returned: $data\n\n";
+print <<<HELPTEXT
+ If all worked well, you should have a JSON object with two keys: key,
secret.
+ You got:
+HELPTEXT;
+var_dump( $data );
--
To view, visit https://gerrit.wikimedia.org/r/124134
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I3732eb25525be800efcc633447dc188427e743ea
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Renoirb <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Deskana <[email protected]>
Gerrit-Reviewer: Qgil <[email protected]>
Gerrit-Reviewer: Renoirb <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
