[MediaWiki-commits] [Gerrit] Make sure the consumer is applicable to this wiki - change (mediawiki...OAuth)

Aaron Schulz (Code Review) Tue, 20 Aug 2013 16:36:38 -0700

Aaron Schulz has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/80163



Change subject: Make sure the consumer is applicable to this wiki
......................................................................

Make sure the consumer is applicable to this wiki

Change-Id: Ieb1bc1c44c578616d13be66ab8deca26e7c72469
---
M api/MWOAuthAPI.setup.php
1 file changed, 7 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/63/80163/1

diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php
index 0a24854..5faf6d2 100644
--- a/api/MWOAuthAPI.setup.php
+++ b/api/MWOAuthAPI.setup.php
@@ -88,17 +88,21 @@
                try {
                        $accesstoken = self::getOAuthAccessToken();
                        if ( $accesstoken !== null ) {
+                               $wiki = wfWikiID();
                                $dbr = MWOAuthUtils::getCentralDB( DB_SLAVE );
                                $access = 
MWOAuthConsumerAcceptance::newFromToken( $dbr, $accesstoken->key );
-                               if ( $access->get( 'wiki' ) !== '*' && 
$access->get( 'wiki' ) !== wfWikiID() ) {
-                                       throw self::makeException(
-                                               
'mwoauth-invalid-authorization-wrong-wiki', wfWikiID() );
+                               if ( $access->get( 'wiki' ) !== '*' && 
$access->get( 'wiki' ) !== $wiki ) {
+                                       throw self::makeException( 
'mwoauth-invalid-authorization-wrong-wiki', $wiki );
                                }
                                $consumer = MWOAuthConsumer::newFromId( $dbr, 
$access->get( 'consumerId' ) );
                                if ( $consumer->get( 'stage' ) !== 
MWOAuthConsumer::STAGE_APPROVED
                                        && !$consumer->isPendingAndOwnedBy( 
$user ) // let publisher test this
                                ) {
                                        throw self::makeException( 
'mwoauth-invalid-authorization-not-approved' );
+                               } elseif ( $consumer->get( 'wiki' ) !== '*'
+                                       && $consumer->get( 'wiki' ) !== $wiki
+                               ) {
+                                       throw self::makeException( 
'mwoauth-invalid-authorization-wrong-wiki', $wiki );
                                }
                                $localUser = 
MWOAuthUtils::getLocalUserFromCentralId( $access->get( 'userId' ) );
                                if ( !$localUser || !$localUser->isLoggedIn() ) 
{

-- 
To view, visit https://gerrit.wikimedia.org/r/80163
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ieb1bc1c44c578616d13be66ab8deca26e7c72469
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Make sure the consumer is applicable to this wiki - change (mediawiki...OAuth)

Reply via email to