[MediaWiki-commits] [Gerrit] Ensure Consumer key and Access Token Consumer match - change (mediawiki...OAuth)

Fri, 16 Oct 2015 15:06:16 -0700 

Chad has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/247001

Change subject: Ensure Consumer key and Access Token Consumer match
......................................................................

Ensure Consumer key and Access Token Consumer match

Bug: T103023
Change-Id: If32d9652143264579ad1bf73be54e172e75d5088
---
M backend/MWOAuthDataStore.php
1 file changed, 5 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/01/247001/1

diff --git a/backend/MWOAuthDataStore.php b/backend/MWOAuthDataStore.php
index 7ab64b2..011a7b1 100644
--- a/backend/MWOAuthDataStore.php
+++ b/backend/MWOAuthDataStore.php
@@ -52,6 +52,11 @@
                        if ( !$cmra ) {
                                throw new MWOAuthException( 
'mwoauthdatastore-access-token-not-found' );
                        }
+                       // Ensure the cmra's consumer matches the expected 
consumer (T103023)
+                       $mwconsumer = $this->lookup_consumer( $consumer->key );
+                       if ( $mwconsumer->get( 'id') !== $cmra->get( 
'consumerId') ) {
+                               throw new MWOAuthException( 
'mwoauthdatastore-access-token-not-found' );
+                       }
                        $secret = MWOAuthUtils::hmacDBSecret( $cmra->get( 
'accessSecret' ) );
                        $returnToken = new MWOAuthToken( $cmra->get( 
'accessToken' ), $secret );
                } else {

-- 
To view, visit https://gerrit.wikimedia.org/r/247001
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If32d9652143264579ad1bf73be54e172e75d5088
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: REL1_23
Gerrit-Owner: Chad <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to