jenkins-bot has submitted this change and it was merged.
Change subject: Add a hook to prevent centralauthtokens
......................................................................
Add a hook to prevent centralauthtokens
Allow other extensions to prevent CentralAuth from handing out
centralauthtokens on a request. This prevents an OAuth consumer from
exceeding their authorization.
Change-Id: I929967b707dc8f6f817cf35ff980b3ab42186126
---
M CentralAuthHooks.php
1 file changed, 7 insertions(+), 0 deletions(-)
Approvals:
Aaron Schulz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/CentralAuthHooks.php b/CentralAuthHooks.php
index a8f9167..4d7b7a2 100644
--- a/CentralAuthHooks.php
+++ b/CentralAuthHooks.php
@@ -1203,6 +1203,13 @@
return true;
}
+ // Allow other extensions (like OAuth) to temporarily prevent
CentralAuth tokens.
+ // This is meant to be a temporary hack, until we establish a
more unified Authz
+ // stack in core.
+ if ( !wfRunHooks( 'CentralAuthAbortCentralAuthToken' ) ) {
+ return true;
+ }
+
$types['centralauth'] = array( 'CentralAuthHooks',
'getApiCentralAuthToken' );
return true;
}
--
To view, visit https://gerrit.wikimedia.org/r/79440
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I929967b707dc8f6f817cf35ff980b3ab42186126
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
