[MediaWiki-commits] [Gerrit] Add a hook to prevent centralauthtokens - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/79440


Change subject: Add a hook to prevent centralauthtokens
......................................................................

Add a hook to prevent centralauthtokens

Allow other extensions to prevent CentralAuth from handing out
centralauthtokens on a request. This prevents an OAuth consumer from
exceeding their authorization.

Change-Id: I929967b707dc8f6f817cf35ff980b3ab42186126
---
M CentralAuthHooks.php
1 file changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/40/79440/1

diff --git a/CentralAuthHooks.php b/CentralAuthHooks.php
index a8f9167..4d7b7a2 100644
--- a/CentralAuthHooks.php
+++ b/CentralAuthHooks.php
@@ -1203,6 +1203,13 @@
                        return true;
                }
 
+               // Allow other extensions (like OAuth) to temporarily prevent 
CentralAuth tokens.
+               // This is meant to be a temporary hack, until we establish a 
more unified Authz
+               // stack in core.
+               if ( !wfRunHooks( 'CentralAuthAbortCentralAuthToken' ) ) {
+                       return true;
+               }
+
                $types['centralauth'] = array( 'CentralAuthHooks', 
'getApiCentralAuthToken' );
                return true;
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/79440
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I929967b707dc8f6f817cf35ff980b3ab42186126
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <cste...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits