Robert Vogel has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/343601 )

Change subject: Explicitly fetching 'csrf' token
......................................................................

Explicitly fetching 'csrf' token

This change got necessary since in some setups (LdapAuthentication 1.27+) the
'csrf' token sent in the main response is invalid.

See ERM5375#note-18

Change-Id: I1936b1dd4896a5ab3726f6a2ef5efc90e2bf982a
---
M resources/BS/action/APIUpload.js
M resources/ext.bluespice.multiUpload.js
M resources/ext.bluespice.upload.js
3 files changed, 12 insertions(+), 9 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceMultiUpload 
refs/changes/01/343601/1

diff --git a/resources/BS/action/APIUpload.js b/resources/BS/action/APIUpload.js
index cd2b191..3cd3fe4 100644
--- a/resources/BS/action/APIUpload.js
+++ b/resources/BS/action/APIUpload.js
@@ -36,10 +36,16 @@
        },
 
        execute: function() {
-               //If the process is not started yet, start it. Should only 
appear once
-               if( this.uploader.state === plupload.STOPPED ) {
-                       this.uploader.start();
-               }
+               var me = this;
+
+               var api = new mw.Api();
+               api.getToken( 'csrf' ).then( function ( token ) {
+                       me.uploadApiMeta.token = token;
+                       //If the process is not started yet, start it. Should 
only appear once
+                       if( me.uploader.state === plupload.STOPPED ) {
+                               me.uploader.start();
+                       }
+               });
 
                /*
                 * As the whole upload is handled by "this.uploader"
@@ -52,16 +58,14 @@
 
        onFileUploaded: function( upldr, file, xhr ) {
                if( file.id === this.file.id ) {
-                       var response = Ext.decode(xhr.response); //MW API 
response object
+                       var response = Ext.decode( xhr.response ); //MW API 
response object
                        if( response.error ) {
                                this.actionStatus = BS.action.Base.STATUS_ERROR;
                                this.dfd.reject( this, response.error );
-                               //console.log(response.error);
                        }
                        else {
                                this.actionStatus = BS.action.Base.STATUS_DONE;
                                this.dfd.resolve( this, response.upload.result 
);
-                               //console.log(response.upload.result);
                        }
                }
        },
diff --git a/resources/ext.bluespice.multiUpload.js 
b/resources/ext.bluespice.multiUpload.js
index 736d7f0..95a143d 100644
--- a/resources/ext.bluespice.multiUpload.js
+++ b/resources/ext.bluespice.multiUpload.js
@@ -30,7 +30,7 @@
        }
 
        //Add same behavior to links in BlueSpiceSkin/LeftNavigation
-       //that link to Special:Upload. Those links my be user provided
+       //that link to Special:Upload. Those links may be user provided
        //so unforntunately we need to analyze the actual URL instead
        //of using IDs or classes to identify the elements
        mw.loader.using( 'mediawiki.Title' ).done(function(){
diff --git a/resources/ext.bluespice.upload.js 
b/resources/ext.bluespice.upload.js
index 7f9df4a..30da07a 100644
--- a/resources/ext.bluespice.upload.js
+++ b/resources/ext.bluespice.upload.js
@@ -18,7 +18,6 @@
                                        //Gerneral API
                                        action: 'upload',
                                        format: 'json',
-                                       token: mw.user.tokens.get( 'editToken' 
),
 
                                        //Upload API
                                        comment: '',

-- 
To view, visit https://gerrit.wikimedia.org/r/343601
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1936b1dd4896a5ab3726f6a2ef5efc90e2bf982a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceMultiUpload
Gerrit-Branch: REL1_27
Gerrit-Owner: Robert Vogel <vo...@hallowelt.biz>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to