Aaron Schulz has uploaded a new change for review.
https://gerrit.wikimedia.org/r/77822
Change subject: Added logged-in check to some special pages and fixed others
......................................................................
Added logged-in check to some special pages and fixed others
bug: 52423
Change-Id: Id827814a462e1126ebd0b318362748f20203bb41
---
M frontend/language/MWOAuth.i18n.php
M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
M frontend/specialpages/SpecialMWOAuthManageConsumers.php
M frontend/specialpages/SpecialMWOAuthManageMyGrants.php
4 files changed, 27 insertions(+), 19 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth
refs/changes/22/77822/1
diff --git a/frontend/language/MWOAuth.i18n.php
b/frontend/language/MWOAuth.i18n.php
index 125cf71..0193d11 100644
--- a/frontend/language/MWOAuth.i18n.php
+++ b/frontend/language/MWOAuth.i18n.php
@@ -55,6 +55,7 @@
'mwoauth-consumer-stage-suppressed' => 'suppressed',
'mwoauthconsumerregistration' => 'OAuth consumer registration',
+ 'mwoauthconsumerregistration-notloggedin' => 'You have to be logged in
to access this page.',
'mwoauthconsumerregistration-navigation' => 'Navigation:',
'mwoauthconsumerregistration-propose' => 'Propose new consumer',
'mwoauthconsumerregistration-list' => 'My consumer list',
@@ -94,6 +95,7 @@
'mwoauthconsumerregistration-secretreset' => 'You have been assigned a
consumer secret token of \'\'\'$1\'\'\'. \'\'Please record this for future
reference.\'\'',
'mwoauthmanageconsumers' => 'Manage OAuth consumers',
+ 'mwoauthmanageconsumers-notloggedin' => 'You have to be logged in to
access this page.',
'mwoauthmanageconsumers-type' => 'Queues:',
'mwoauthmanageconsumers-showproposed' => 'Proposed requests',
'mwoauthmanageconsumers-showrejected' => 'Rejected requests',
@@ -137,6 +139,7 @@
'mwoauthmanageconsumers-success-reanable' => 'Consumer has been
re-enabled.',
'mwoauthmanagemygrants' => 'Manage account OAuth grants',
+ 'mwoauthmanagemygrants-notloggedin' => 'You have to be logged in to
access this page.',
'mwoauthmanagemygrants-navigation' => 'Navigation:',
'mwoauthmanagemygrants-showlist' => 'Accepted consumer list',
'mwoauthmanagemygrants-none' => 'No consumers have access on behalf of
your account.',
diff --git a/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
b/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
index 9107886..d893aa9 100644
--- a/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
+++ b/frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
@@ -37,6 +37,11 @@
public function execute( $par ) {
global $wgMWOAuthSecureTokenTransfer;
+ $user = $this->getUser();
+ $request = $this->getRequest();
+ $lang = $this->getLanguage();
+ $centralUserId = MWOAuthUtils::getCentralIdFromLocalUser( $user
);
+
// Redirect to HTTPs if attempting to access this page via HTTP.
// Proposals and updates to consumers can involve sending new
secrets.
if ( $wgMWOAuthSecureTokenTransfer &&
WebRequest::detectProtocol() !== 'https' ) {
@@ -45,20 +50,18 @@
return;
}
- $user = $this->getUser();
- $request = $this->getRequest();
- $lang = $this->getLanguage();
- $centralUserId = MWOAuthUtils::getCentralIdFromLocalUser( $user
);
+ $this->setHeaders();
+ $this->getOutput()->disallowUserJs();
$block = $user->getBlock();
if ( $block ) {
throw new UserBlockedError( $block );
} elseif ( wfReadOnly() ) {
throw new ReadOnlyError();
+ } elseif ( !$this->getUser()->isLoggedIn() ) {
+ $this->getOutput()->addWikiMsg(
'mwoauthconsumerregistration-notloggedin' );
+ return;
}
-
- $this->setHeaders();
- $this->getOutput()->disallowUserJs();
// Format is
Special:MWOAuthConsumerRegistration[/propose|/list|/update/<consumer key>]
$navigation = explode( '/', $par );
diff --git a/frontend/specialpages/SpecialMWOAuthManageConsumers.php
b/frontend/specialpages/SpecialMWOAuthManageConsumers.php
index 4269e8a..1bab15f 100644
--- a/frontend/specialpages/SpecialMWOAuthManageConsumers.php
+++ b/frontend/specialpages/SpecialMWOAuthManageConsumers.php
@@ -42,15 +42,16 @@
$user = $this->getUser();
$request = $this->getRequest();
- if ( !$user->isAllowed( 'mwoauthmanageconsumer' ) ) {
- throw new PermissionsError( 'mwoauthmanageconsumer' );
- } elseif ( !$user->getID() ) {
- throw new PermissionsError( 'user' );
- }
-
$this->setHeaders();
$this->getOutput()->disallowUserJs();
+ if ( !$user->isAllowed( 'mwoauthmanageconsumer' ) ) {
+ throw new PermissionsError( 'mwoauthmanageconsumer' );
+ } elseif ( !$this->getUser()->isLoggedIn() ) {
+ $this->getOutput()->addWikiMsg(
'mwoauthmanageconsumers-notloggedin' );
+ return;
+ }
+
// Format is Special:MWOAuthManageConsumers[/<stage>[/<consumer
key>]]
$navigation = explode( '/', $par );
$stageKey = isset( $navigation[0] ) ? $navigation[0] : null;
diff --git a/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
b/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
index 35ac272..56a7fab 100644
--- a/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
+++ b/frontend/specialpages/SpecialMWOAuthManageMyGrants.php
@@ -39,15 +39,16 @@
$user = $this->getUser();
$request = $this->getRequest();
- if ( !$user->isAllowed( 'mwoauthmanagemygrants' ) ) {
- throw new PermissionsError( 'mwoauthmanagemygrants' );
- } elseif ( !$user->getID() ) {
- throw new PermissionsError( 'user' );
- }
-
$this->setHeaders();
$this->getOutput()->disallowUserJs();
+ if ( !$user->isAllowed( 'mwoauthmanagemygrants' ) ) {
+ throw new PermissionsError( 'mwoauthmanagemygrants' );
+ } elseif ( !$this->getUser()->isLoggedIn() ) {
+ $this->getOutput()->addWikiMsg(
'mwoauthmanagemygrants-notloggedin' );
+ return;
+ }
+
// Format is
Special:MWOAuthManageMyGrants[/list|/manage/<accesstoken>]
$navigation = explode( '/', $par );
$typeKey = isset( $navigation[0] ) ? $navigation[0] : null;
--
To view, visit https://gerrit.wikimedia.org/r/77822
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id827814a462e1126ebd0b318362748f20203bb41
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits