Chad has submitted this change and it was merged.
Change subject: Ensure Consumer key and Access Token Consumer match
......................................................................
Ensure Consumer key and Access Token Consumer match
Bug: T103023
Change-Id: If32d9652143264579ad1bf73be54e172e75d5088
---
M backend/MWOAuthDataStore.php
1 file changed, 5 insertions(+), 0 deletions(-)
Approvals:
Chad: Verified; Looks good to me, approved
diff --git a/backend/MWOAuthDataStore.php b/backend/MWOAuthDataStore.php
index d4443ff..c50fd2f 100644
--- a/backend/MWOAuthDataStore.php
+++ b/backend/MWOAuthDataStore.php
@@ -57,6 +57,11 @@
if ( !$cmra ) {
throw new MWOAuthException(
'mwoauthdatastore-access-token-not-found' );
}
+ // Ensure the cmra's consumer matches the expected
consumer (T103023)
+ $mwconsumer = $this->lookup_consumer( $consumer->key );
+ if ( $mwconsumer->get( 'id') !== $cmra->get(
'consumerId') ) {
+ throw new MWOAuthException(
'mwoauthdatastore-access-token-not-found' );
+ }
$secret = MWOAuthUtils::hmacDBSecret( $cmra->get(
'accessSecret' ) );
$returnToken = new MWOAuthToken( $cmra->get(
'accessToken' ), $secret );
} else {
--
To view, visit https://gerrit.wikimedia.org/r/247003
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If32d9652143264579ad1bf73be54e172e75d5088
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: REL1_25
Gerrit-Owner: Chad <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Chad <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
