jenkins-bot has submitted this change and it was merged. Change subject: Spike 820: Reduce API errors related to anonymous tokens (hopefully) ......................................................................
Spike 820: Reduce API errors related to anonymous tokens (hopefully) When wgMFUseCentralAuthToken is enabled ask for centralauth tokens to avoid not logged in on foreign wiki issues Change-Id: Iada82266e0108189a727c39dad9e32c6cc1c120c --- M MobileFrontend.php M includes/skins/SkinMinerva.php M javascripts/common/mf-api.js M javascripts/common/uploads/PhotoApi.js 4 files changed, 41 insertions(+), 9 deletions(-) Approvals: JGonera: Verified; Looks good to me, approved jenkins-bot: Verified diff --git a/MobileFrontend.php b/MobileFrontend.php index 980d397..e3b96fe 100644 --- a/MobileFrontend.php +++ b/MobileFrontend.php @@ -147,6 +147,12 @@ */ $wgMFDefaultSkinClass = 'SkinMobile'; +/* + * Allow editing (uploading) to external CentralAuth-enabled wikis where + * the user might not be logged in. + */ +$wgMFUseCentralAuthToken = false; + /** * An api to which any photos should be uploaded * e.g. $wgMFPhotoUploadEndpoint = 'http://commons.wikimedia.org/w/api.php'; diff --git a/includes/skins/SkinMinerva.php b/includes/skins/SkinMinerva.php index 38fb19d..9403b7d 100644 --- a/includes/skins/SkinMinerva.php +++ b/includes/skins/SkinMinerva.php @@ -88,6 +88,7 @@ */ public function getSkinConfigVariables() { global $wgMFLeadPhotoUploadCssSelector, $wgMFEnableCssAnimations, + $wgMFUseCentralAuthToken, $wgMFAnonymousEditing, $wgMFEnablePhotoUploadCTA, $wgMFPhotoUploadEndpoint, $wgMFPhotoUploadAppendToDesc; @@ -96,6 +97,7 @@ $userCanCreatePage = !$title->exists() && $title->quickUserCan( 'create', $user ); $vars = array( + 'wgMFUseCentralAuthToken' => $wgMFUseCentralAuthToken, 'wgMFAnonymousEditing' => $wgMFAnonymousEditing, 'wgMFEnablePhotoUploadCTA' => $wgMFEnablePhotoUploadCTA, 'wgMFPhotoUploadAppendToDesc' => $wgMFPhotoUploadAppendToDesc, diff --git a/javascripts/common/mf-api.js b/javascripts/common/mf-api.js index 4e772e1..2c255c8 100644 --- a/javascripts/common/mf-api.js +++ b/javascripts/common/mf-api.js @@ -130,20 +130,24 @@ * * @param {String} tokenType: Name of the type of token needed e.g. edit, upload - defaults to edit * @param {String} endpoint: Optional alternative host to query via CORS + * @param {String} caToken: Optional additional CentralAuth token to be + * sent with the request. This is needed for requests to external wikis + * where the user is not logged in. caToken is for single use only. * @return {jQuery.Deferred} Object returned by $.ajax(), callback will be passed * the token string, false if the user is anon or undefined where not available or a warning is set */ - Api.prototype.getToken = function( tokenType, endpoint ) { - var data, d = $.Deferred(); + Api.prototype.getToken = function( tokenType, endpoint, caToken ) { + var data, d = $.Deferred(), isCacheable; tokenType = tokenType || 'edit'; + isCacheable = tokenType !== 'centralauth'; if ( !this.tokenCache[ endpoint ] ) { this.tokenCache[ endpoint ] = {}; } if ( !M.isLoggedIn() ) { return d.reject( 'Token requested when not logged in.' ); - } else if ( this.tokenCache[ endpoint ].hasOwnProperty( tokenType ) ) { + } else if ( isCacheable && this.tokenCache[ endpoint ].hasOwnProperty( tokenType ) ) { return this.tokenCache[ endpoint ][ tokenType ]; } else { data = { @@ -152,6 +156,9 @@ }; if ( endpoint ) { data.origin = M.getOrigin(); + if ( caToken ) { + data.centralauthtoken = caToken; + } } this.ajax( data, { url: endpoint || M.getApiUrl(), diff --git a/javascripts/common/uploads/PhotoApi.js b/javascripts/common/uploads/PhotoApi.js index 81e2ba5..f284952 100644 --- a/javascripts/common/uploads/PhotoApi.js +++ b/javascripts/common/uploads/PhotoApi.js @@ -76,6 +76,7 @@ } PhotoApi = Api.extend( { + useCentralAuthToken: mw.config.get( 'wgMFUseCentralAuthToken' ), updatePage: function( options, callback ) { var self = this; self.getToken().done( function( token ) { @@ -119,7 +120,7 @@ 'mobile-frontend-photo-article-edit-comment' : 'mobile-frontend-photo-article-donate-comment'; - function doUpload( token ) { + function doUpload( token, caToken ) { var formData = new FormData(), ext = options.file.name.slice( options.file.name.lastIndexOf( '.' ) + 1 ), request; @@ -131,6 +132,9 @@ // add origin only when doing CORS if ( endpoint ) { formData.append( 'origin', M.getOrigin() ); + if ( caToken ) { + formData.append( 'centralauthtoken', caToken ); + } } formData.append( 'filename', options.fileName ); formData.append( 'comment', mw.msg( options.editSummaryMessage ) ); @@ -200,11 +204,24 @@ } ); } - self.getToken( 'edit', endpoint ).done( function( token ) { - doUpload( token ); - } ).fail( function( err ) { - result.reject( err ); - } ); + function getToken() { + return self.getToken.apply( self, arguments ).fail( $.proxy( result, 'reject' ) ); + } + + if ( self.useCentralAuthToken && endpoint ) { + // get caToken for obtaining the edit token from external wiki (the one we want to upload to) + getToken( 'centralauth' ).done( function( caTokenForEditToken ) { + // request edit token using the caToken + getToken( 'edit', endpoint, caTokenForEditToken ).done( function( token ) { + // tokens are only valid for one go so let's get another one for the upload itself + getToken( 'centralauth' ).done( function( caTokenForUpload ) { + doUpload( token, caTokenForUpload ); + } ); + } ); + } ); + } else { + getToken( 'edit', endpoint ).done( doUpload ); + } return result; } -- To view, visit https://gerrit.wikimedia.org/r/67867 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iada82266e0108189a727c39dad9e32c6cc1c120c Gerrit-PatchSet: 6 Gerrit-Project: mediawiki/extensions/MobileFrontend Gerrit-Branch: master Gerrit-Owner: Jdlrobson <[email protected]> Gerrit-Reviewer: JGonera <[email protected]> Gerrit-Reviewer: Jdlrobson <[email protected]> Gerrit-Reviewer: awjrichards <[email protected]> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
