CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/79448
Change subject: Allow owner to authorize if it's their own consumer
......................................................................
Allow owner to authorize if it's their own consumer
Same as I0a3f624ea3a7b057eddfd4c2b8e63668462ab6aa
Change-Id: I10e7804d685f1d9f4fd8c2fe29adbfcf8dbd6cd0
---
M frontend/specialpages/SpecialMWOAuth.php
1 file changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth
refs/changes/48/79448/1
diff --git a/frontend/specialpages/SpecialMWOAuth.php
b/frontend/specialpages/SpecialMWOAuth.php
index 0289ec7..27f4271 100644
--- a/frontend/specialpages/SpecialMWOAuth.php
+++ b/frontend/specialpages/SpecialMWOAuth.php
@@ -87,6 +87,11 @@
if ( !$consumer ) {
throw new
MWOAuthException( 'mwoauth-bad-request' );
}
+ if ( $consumer->get( 'stage' )
!== MWOAuthConsumer::STAGE_APPROVED
+ &&
!$consumer->getDAO()->isPendingAndOwnedBy( $mwUser )
+ ) {
+ throw new
MWOAuthException( 'mwoauth-invalid-authorization-not-approved' );
+ }
// Check if this user has
authorized grants for this consumer previously
$existing =
$oauthServer->getCurrentAuthorization(
$mwUser,
--
To view, visit https://gerrit.wikimedia.org/r/79448
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I10e7804d685f1d9f4fd8c2fe29adbfcf8dbd6cd0
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
