[MediaWiki-commits] [Gerrit] Add owner-only consumers - change (mediawiki...OAuth)
jenkins-bot has submitted this change and it was merged. Change subject: Add owner-only consumers .. Add owner-only consumers An owner-only consumer is automatically approved, automatically accepted by the owner, cannot be used by anyone other than the owner, cannot use the usual authorization flow, and does not tag changes. Bug: T87395 Bug: T121113 Change-Id: I3c791b949e19eb476968e5f9dd1511d485e52810 --- M api/MWOAuthAPI.setup.php M backend/MWOAuthConsumer.php M backend/MWOAuthServer.php M backend/schema/MWOAuthUpdater.hooks.php M backend/schema/mysql/OAuth.sql A backend/schema/mysql/owner_only.sql M backend/schema/sqlite/OAuth.sql A backend/schema/sqlite/owner_only.sql M control/MWOAuthConsumerAcceptanceSubmitControl.php M control/MWOAuthConsumerSubmitControl.php M frontend/specialpages/SpecialMWOAuth.php M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php M frontend/specialpages/SpecialMWOAuthManageConsumers.php M i18n/en.json M i18n/qqq.json 15 files changed, 205 insertions(+), 50 deletions(-) Approvals: CSteipp: Looks good to me, but someone else must approve Gergő Tisza: Looks good to me, approved jenkins-bot: Verified diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php index b2d80e8..02c2b72 100755 --- a/api/MWOAuthAPI.setup.php +++ b/api/MWOAuthAPI.setup.php @@ -115,9 +115,7 @@ // The consumer is approved or owned by $localUser, and is for this wiki. $consumer = MWOAuthConsumer::newFromId( $dbr, $access->get( 'consumerId' ) ); - if ( $consumer->get( 'stage' ) !== MWOAuthConsumer::STAGE_APPROVED - && !$consumer->isPendingAndOwnedBy( $localUser ) // let publisher test this - ) { + if ( !$consumer->isUsableBy( $localUser ) ) { throw self::makeException( 'mwoauth-invalid-authorization-not-approved' ); } elseif ( $consumer->get( 'wiki' ) !== '*' && $consumer->get( 'wiki' ) !== $wiki @@ -301,12 +299,15 @@ $dbr = MWOAuthUtils::getCentralDB( DB_SLAVE ); $access = MWOAuthConsumerAcceptance::newFromToken( $dbr, $accesstoken->key ); $consumerId = $access->get( 'consumerId' ); - \ChangeTags::addTags( - "OAuth CID: $consumerId", - $rc->mAttribs['rc_id'], - $rc->mAttribs['rc_this_oldid'], - $rc->mAttribs['rc_logid'] - ); + $consumer = MWOAuthConsumer::newFromId( $dbr, $consumerId ); + if ( !$consumer->get( 'ownerOnly' ) ) { + \ChangeTags::addTags( + "OAuth CID: $consumerId", + $rc->mAttribs['rc_id'], + $rc->mAttribs['rc_this_oldid'], + $rc->mAttribs['rc_logid'] + ); + } } return true; } diff --git a/backend/MWOAuthConsumer.php b/backend/MWOAuthConsumer.php index 76631fb..3d14873 100644 --- a/backend/MWOAuthConsumer.php +++ b/backend/MWOAuthConsumer.php @@ -47,6 +47,8 @@ protected $emailAuthenticated; /** @var int User accepted the developer agreement */ protected $developerAgreement; + /** @var int Consumer is for use by the owner only */ + protected $ownerOnly; /** @var string Wiki ID the application can be used on (or "*" for all) */ protected $wiki; /** @var string TS_MW timestamp of proposal */ @@ -88,6 +90,7 @@ 'email' => 'oarc_email', 'emailAuthenticated' => 'oarc_email_authenticated', 'developerAgreement' => 'oarc_developer_agreement', + 'ownerOnly' => 'oarc_owner_only', 'wiki' => 'oarc_wiki', 'grants' => 'oarc_grants', 'registration' => 'oarc_registration', @@ -215,13 +218,20 @@ } /** -* Check if the consumer is still pending approval and is owned by $user +* Check if the consumer is usable by $user +* +* "Usable by $user" includes: +* - Approved for multi-user use +* - Approved for owner-only use and is owned by $user +* - Still pending approval and is owned by $user * * @param \User $user * @return boolean
[MediaWiki-commits] [Gerrit] Add owner-only consumers - change (mediawiki...OAuth)
Anomie has uploaded a new change for review. https://gerrit.wikimedia.org/r/255488 Change subject: Add owner-only consumers .. Add owner-only consumers An owner-only consumer is automatically approved, automatically accepted by the owner, cannot be used by anyone other than the owner, cannot use the usual authorization flow, and does not tag changes. Bug: T87395 Change-Id: I3c791b949e19eb476968e5f9dd1511d485e52810 --- M api/MWOAuthAPI.setup.php M backend/MWOAuthConsumer.php M backend/MWOAuthServer.php M backend/schema/MWOAuthUpdater.hooks.php M backend/schema/mysql/OAuth.sql A backend/schema/mysql/owner_only.sql M backend/schema/sqlite/OAuth.sql A backend/schema/sqlite/owner_only.sql M control/MWOAuthConsumerAcceptanceSubmitControl.php M control/MWOAuthConsumerSubmitControl.php M frontend/specialpages/SpecialMWOAuth.php M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php M frontend/specialpages/SpecialMWOAuthManageConsumers.php M i18n/en.json M i18n/qqq.json 15 files changed, 199 insertions(+), 49 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth refs/changes/88/255488/1 diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php index b2d80e8..02c2b72 100755 --- a/api/MWOAuthAPI.setup.php +++ b/api/MWOAuthAPI.setup.php @@ -115,9 +115,7 @@ // The consumer is approved or owned by $localUser, and is for this wiki. $consumer = MWOAuthConsumer::newFromId( $dbr, $access->get( 'consumerId' ) ); - if ( $consumer->get( 'stage' ) !== MWOAuthConsumer::STAGE_APPROVED - && !$consumer->isPendingAndOwnedBy( $localUser ) // let publisher test this - ) { + if ( !$consumer->isUsableBy( $localUser ) ) { throw self::makeException( 'mwoauth-invalid-authorization-not-approved' ); } elseif ( $consumer->get( 'wiki' ) !== '*' && $consumer->get( 'wiki' ) !== $wiki @@ -301,12 +299,15 @@ $dbr = MWOAuthUtils::getCentralDB( DB_SLAVE ); $access = MWOAuthConsumerAcceptance::newFromToken( $dbr, $accesstoken->key ); $consumerId = $access->get( 'consumerId' ); - \ChangeTags::addTags( - "OAuth CID: $consumerId", - $rc->mAttribs['rc_id'], - $rc->mAttribs['rc_this_oldid'], - $rc->mAttribs['rc_logid'] - ); + $consumer = MWOAuthConsumer::newFromId( $dbr, $consumerId ); + if ( !$consumer->get( 'ownerOnly' ) ) { + \ChangeTags::addTags( + "OAuth CID: $consumerId", + $rc->mAttribs['rc_id'], + $rc->mAttribs['rc_this_oldid'], + $rc->mAttribs['rc_logid'] + ); + } } return true; } diff --git a/backend/MWOAuthConsumer.php b/backend/MWOAuthConsumer.php index 76631fb..20b5460 100644 --- a/backend/MWOAuthConsumer.php +++ b/backend/MWOAuthConsumer.php @@ -47,6 +47,8 @@ protected $emailAuthenticated; /** @var int User accepted the developer agreement */ protected $developerAgreement; + /** @var int Consumer is for use by the owner only */ + protected $ownerOnly; /** @var string Wiki ID the application can be used on (or "*" for all) */ protected $wiki; /** @var string TS_MW timestamp of proposal */ @@ -88,6 +90,7 @@ 'email' => 'oarc_email', 'emailAuthenticated' => 'oarc_email_authenticated', 'developerAgreement' => 'oarc_developer_agreement', + 'ownerOnly' => 'oarc_owner_only', 'wiki' => 'oarc_wiki', 'grants' => 'oarc_grants', 'registration' => 'oarc_registration', @@ -220,8 +223,10 @@ * @param \User $user * @return boolean */ - public function isPendingAndOwnedBy( \User $user ) { - if ( $this->stage === self::STAGE_PROPOSED ) { + public function isUsableBy( \User $user ) { + if ( $this->stage === self::STAGE_APPROVED && !$this->get( 'ownerOnly' ) ) { + return true; + } elseif ( $this->stage === self::STAGE_PROPOSED || $this->stage ===