[MediaWiki-commits] [Gerrit] Add owner-only consumers - change (mediawiki...OAuth)

2015-12-12 Thread jenkins-bot (Code Review) 
jenkins-bot has submitted this change and it was merged.

Change subject: Add owner-only consumers
..


Add owner-only consumers

An owner-only consumer is automatically approved, automatically
accepted by the owner, cannot be used by anyone other than the owner,
cannot use the usual authorization flow, and does not tag changes.

Bug: T87395
Bug: T121113
Change-Id: I3c791b949e19eb476968e5f9dd1511d485e52810
---
M api/MWOAuthAPI.setup.php
M backend/MWOAuthConsumer.php
M backend/MWOAuthServer.php
M backend/schema/MWOAuthUpdater.hooks.php
M backend/schema/mysql/OAuth.sql
A backend/schema/mysql/owner_only.sql
M backend/schema/sqlite/OAuth.sql
A backend/schema/sqlite/owner_only.sql
M control/MWOAuthConsumerAcceptanceSubmitControl.php
M control/MWOAuthConsumerSubmitControl.php
M frontend/specialpages/SpecialMWOAuth.php
M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
M frontend/specialpages/SpecialMWOAuthManageConsumers.php
M i18n/en.json
M i18n/qqq.json
15 files changed, 205 insertions(+), 50 deletions(-)

Approvals:
  CSteipp: Looks good to me, but someone else must approve
  Gergő Tisza: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php
index b2d80e8..02c2b72 100755
--- a/api/MWOAuthAPI.setup.php
+++ b/api/MWOAuthAPI.setup.php
@@ -115,9 +115,7 @@
 
// The consumer is approved or owned by 
$localUser, and is for this wiki.
$consumer = MWOAuthConsumer::newFromId( $dbr, 
$access->get( 'consumerId' ) );
-   if ( $consumer->get( 'stage' ) !== 
MWOAuthConsumer::STAGE_APPROVED
-   && !$consumer->isPendingAndOwnedBy( 
$localUser ) // let publisher test this
-   ) {
+   if ( !$consumer->isUsableBy( $localUser ) ) {
throw self::makeException( 
'mwoauth-invalid-authorization-not-approved' );
} elseif ( $consumer->get( 'wiki' ) !== '*'
&& $consumer->get( 'wiki' ) !== $wiki
@@ -301,12 +299,15 @@
$dbr = MWOAuthUtils::getCentralDB( DB_SLAVE );
$access = MWOAuthConsumerAcceptance::newFromToken( 
$dbr, $accesstoken->key );
$consumerId = $access->get( 'consumerId' );
-   \ChangeTags::addTags(
-   "OAuth CID: $consumerId",
-   $rc->mAttribs['rc_id'],
-   $rc->mAttribs['rc_this_oldid'],
-   $rc->mAttribs['rc_logid']
-   );
+   $consumer = MWOAuthConsumer::newFromId( $dbr, 
$consumerId );
+   if ( !$consumer->get( 'ownerOnly' ) ) {
+   \ChangeTags::addTags(
+   "OAuth CID: $consumerId",
+   $rc->mAttribs['rc_id'],
+   $rc->mAttribs['rc_this_oldid'],
+   $rc->mAttribs['rc_logid']
+   );
+   }
}
return true;
}
diff --git a/backend/MWOAuthConsumer.php b/backend/MWOAuthConsumer.php
index 76631fb..3d14873 100644
--- a/backend/MWOAuthConsumer.php
+++ b/backend/MWOAuthConsumer.php
@@ -47,6 +47,8 @@
protected $emailAuthenticated;
/** @var int User accepted the developer agreement */
protected $developerAgreement;
+   /** @var int Consumer is for use by the owner only */
+   protected $ownerOnly;
/** @var string Wiki ID the application can be used on (or "*" for all) 
*/
protected $wiki;
/** @var string TS_MW timestamp of proposal */
@@ -88,6 +90,7 @@
'email'  => 'oarc_email',
'emailAuthenticated' => 
'oarc_email_authenticated',
'developerAgreement' => 
'oarc_developer_agreement',
+   'ownerOnly'  => 'oarc_owner_only',
'wiki'   => 'oarc_wiki',
'grants' => 'oarc_grants',
'registration'   => 'oarc_registration',
@@ -215,13 +218,20 @@
}
 
/**
-* Check if the consumer is still pending approval and is owned by $user
+* Check if the consumer is usable by $user
+*
+* "Usable by $user" includes:
+* - Approved for multi-user use
+* - Approved for owner-only use and is owned by $user
+* - Still pending approval and is owned by $user
 *
 * @param \User $user
 * @return boolean

[MediaWiki-commits] [Gerrit] Add owner-only consumers - change (mediawiki...OAuth)

2015-11-25 Thread Anomie (Code Review) 
Anomie has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/255488

Change subject: Add owner-only consumers
..

Add owner-only consumers

An owner-only consumer is automatically approved, automatically
accepted by the owner, cannot be used by anyone other than the owner,
cannot use the usual authorization flow, and does not tag changes.

Bug: T87395
Change-Id: I3c791b949e19eb476968e5f9dd1511d485e52810
---
M api/MWOAuthAPI.setup.php
M backend/MWOAuthConsumer.php
M backend/MWOAuthServer.php
M backend/schema/MWOAuthUpdater.hooks.php
M backend/schema/mysql/OAuth.sql
A backend/schema/mysql/owner_only.sql
M backend/schema/sqlite/OAuth.sql
A backend/schema/sqlite/owner_only.sql
M control/MWOAuthConsumerAcceptanceSubmitControl.php
M control/MWOAuthConsumerSubmitControl.php
M frontend/specialpages/SpecialMWOAuth.php
M frontend/specialpages/SpecialMWOAuthConsumerRegistration.php
M frontend/specialpages/SpecialMWOAuthManageConsumers.php
M i18n/en.json
M i18n/qqq.json
15 files changed, 199 insertions(+), 49 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/88/255488/1

diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php
index b2d80e8..02c2b72 100755
--- a/api/MWOAuthAPI.setup.php
+++ b/api/MWOAuthAPI.setup.php
@@ -115,9 +115,7 @@
 
// The consumer is approved or owned by 
$localUser, and is for this wiki.
$consumer = MWOAuthConsumer::newFromId( $dbr, 
$access->get( 'consumerId' ) );
-   if ( $consumer->get( 'stage' ) !== 
MWOAuthConsumer::STAGE_APPROVED
-   && !$consumer->isPendingAndOwnedBy( 
$localUser ) // let publisher test this
-   ) {
+   if ( !$consumer->isUsableBy( $localUser ) ) {
throw self::makeException( 
'mwoauth-invalid-authorization-not-approved' );
} elseif ( $consumer->get( 'wiki' ) !== '*'
&& $consumer->get( 'wiki' ) !== $wiki
@@ -301,12 +299,15 @@
$dbr = MWOAuthUtils::getCentralDB( DB_SLAVE );
$access = MWOAuthConsumerAcceptance::newFromToken( 
$dbr, $accesstoken->key );
$consumerId = $access->get( 'consumerId' );
-   \ChangeTags::addTags(
-   "OAuth CID: $consumerId",
-   $rc->mAttribs['rc_id'],
-   $rc->mAttribs['rc_this_oldid'],
-   $rc->mAttribs['rc_logid']
-   );
+   $consumer = MWOAuthConsumer::newFromId( $dbr, 
$consumerId );
+   if ( !$consumer->get( 'ownerOnly' ) ) {
+   \ChangeTags::addTags(
+   "OAuth CID: $consumerId",
+   $rc->mAttribs['rc_id'],
+   $rc->mAttribs['rc_this_oldid'],
+   $rc->mAttribs['rc_logid']
+   );
+   }
}
return true;
}
diff --git a/backend/MWOAuthConsumer.php b/backend/MWOAuthConsumer.php
index 76631fb..20b5460 100644
--- a/backend/MWOAuthConsumer.php
+++ b/backend/MWOAuthConsumer.php
@@ -47,6 +47,8 @@
protected $emailAuthenticated;
/** @var int User accepted the developer agreement */
protected $developerAgreement;
+   /** @var int Consumer is for use by the owner only */
+   protected $ownerOnly;
/** @var string Wiki ID the application can be used on (or "*" for all) 
*/
protected $wiki;
/** @var string TS_MW timestamp of proposal */
@@ -88,6 +90,7 @@
'email'  => 'oarc_email',
'emailAuthenticated' => 
'oarc_email_authenticated',
'developerAgreement' => 
'oarc_developer_agreement',
+   'ownerOnly'  => 'oarc_owner_only',
'wiki'   => 'oarc_wiki',
'grants' => 'oarc_grants',
'registration'   => 'oarc_registration',
@@ -220,8 +223,10 @@
 * @param \User $user
 * @return boolean
 */
-   public function isPendingAndOwnedBy( \User $user ) {
-   if ( $this->stage === self::STAGE_PROPOSED ) {
+   public function isUsableBy( \User $user ) {
+   if ( $this->stage === self::STAGE_APPROVED && !$this->get( 
'ownerOnly' ) ) {
+   return true;
+   } elseif ( $this->stage === self::STAGE_PROPOSED || 
$this->stage ===