Aaron Schulz has submitted this change and it was merged.
Change subject: Simplify Multi-wiki setups
......................................................................
Simplify Multi-wiki setups
* Only allow the OAuth handshake to occure on the central wiki. This
could be changed in the future, but simplifies the logic for now.
* Add check during handshake to ensure central wiki user is valid
* Fix error message display for /authorize phase
Change-Id: I8d482961d58251e931d5454533537b8e719e8357
---
M frontend/MWOAuthUI.setup.php
M frontend/language/MWOAuth.i18n.php
M frontend/specialpages/SpecialMWOAuth.php
3 files changed, 15 insertions(+), 1 deletion(-)
Approvals:
Aaron Schulz: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/frontend/MWOAuthUI.setup.php b/frontend/MWOAuthUI.setup.php
index e0e1969..cf29b6f 100644
--- a/frontend/MWOAuthUI.setup.php
+++ b/frontend/MWOAuthUI.setup.php
@@ -10,9 +10,9 @@
*/
public static function defineSpecialPages( array &$pages, array
&$groups ) {
// Pages available on all wikis
- $pages['MWOAuth'] = 'SpecialMWOAuth';
// Pages specific to the central OAuth management wiki
if ( MWOAuthUtils::isCentralWiki() ) {
+ $pages['MWOAuth'] = 'SpecialMWOAuth';
$pages['MWOAuthConsumerRegistration'] =
'SpecialMWOAuthConsumerRegistration';
$groups['MWOAuthConsumerRegistration'] = 'users';
$pages['MWOAuthManageConsumers'] =
'SpecialMWOAuthManageConsumers';
diff --git a/frontend/language/MWOAuth.i18n.php
b/frontend/language/MWOAuth.i18n.php
index f19b240..59372a2 100644
--- a/frontend/language/MWOAuth.i18n.php
+++ b/frontend/language/MWOAuth.i18n.php
@@ -207,6 +207,8 @@
'mwoauth-authorize-form-description' => 'Application description: $1',
'mwoauth-authorize-form-version' => 'Application version: $1',
'mwoauth-authorize-form-wiki' => 'Wiki: $1',
+ 'mwoauth-authorize-form-invalid-user' => 'This user account cannot use
OAuth, because the account on this wiki, and the account on the central OAuth
wiki are not linked.',
+ 'mwoauth-error' => 'OAuth Error',
'mwoauth-grants-heading' => 'Requested permissions: ',
'mwoauth-grants-nogrants' => 'The application has not requested any
permissions.',
@@ -478,6 +480,8 @@
'mwoauth-authorize-form-description' => '{{Identical|Application
description}}',
'mwoauth-authorize-form-version' => '{{Identical|Application version}}',
'mwoauth-authorize-form-wiki' => '{{Identical|Wiki}}',
+ 'mwoauth-authorize-form-invalid-user' => 'Text of the error page when
the user cannot use OAuth.',
+ 'mwoauth-error' => 'Heading on the page, whenever an OAuth error is
presented to a user.',
'mwoauth-grants-heading' => 'Used as label for the grants list.
See also:
diff --git a/frontend/specialpages/SpecialMWOAuth.php
b/frontend/specialpages/SpecialMWOAuth.php
index c539b3d..d5110fe 100644
--- a/frontend/specialpages/SpecialMWOAuth.php
+++ b/frontend/specialpages/SpecialMWOAuth.php
@@ -48,6 +48,16 @@
return;
}
+ // Check to make sure this user is the
same user
+ // on the central wiki
+ $centralId =
MWOAuthUtils::getCentralIdFromLocalUser( $mwUser );
+ if ( !$centralId ) {
+ // For now, just abort and give
them hints to fix in
+ // the error message. TODO: if
we can fix the issue with
+ // a few redirects, do that
here.
+ throw new MWOAuthException(
'mwoauth-authorize-form-invalid-user' );
+ }
+
if ( $request->getVal( 'doAuthorize',
false ) ) {
// Require POST
if ( !$request->wasPosted() ) {
--
To view, visit https://gerrit.wikimedia.org/r/77267
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I8d482961d58251e931d5454533537b8e719e8357
Gerrit-PatchSet: 5
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
