[MediaWiki-commits] [Gerrit] Tweak OAuth lib to respect x-forwarded-proto - change (wikimedia...crm)

2014-10-23 Thread Ejegg (Code Review) 
Ejegg has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/168303

Change subject: Tweak OAuth lib to respect x-forwarded-proto
..

Tweak OAuth lib to respect x-forwarded-proto

Dash's OAuth token requests are signed with an https url, but when
Drupal get them it tries to verify the signature with an http url
because nginx is doing the SSL termination.  This patch makes
Drupal verify with an https url if x-forwarded-proto is https.

Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897
---
M sites/all/modules/contrib/oauth/lib/OAuth.php
1 file changed, 4 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm 
refs/changes/03/168303/1

diff --git a/sites/all/modules/contrib/oauth/lib/OAuth.php 
b/sites/all/modules/contrib/oauth/lib/OAuth.php
index 00ea0d5..2341ed7 100644
--- a/sites/all/modules/contrib/oauth/lib/OAuth.php
+++ b/sites/all/modules/contrib/oauth/lib/OAuth.php
@@ -265,9 +265,10 @@
* attempt to build up a request from what was passed to the server
*/
   public static function from_request($http_method=NULL, $http_url=NULL, 
$parameters=NULL) {
-$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != on)
-  ? 'http'
-  : 'https';
+$local_https = isset($_SERVER['HTTPS'])  $_SERVER['HTTPS'] == 'on';
+$forwarded_https = isset($_SERVER['HTTP_X_FORWARDED_PROTO'])  
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+$scheme = ($local_https || $forwarded_https) ? 'https' : 'http';
+
 $http_url = ($http_url) ? $http_url : $scheme .
   '://' . $_SERVER['SERVER_NAME'] .
   ':' .

-- 
To view, visit https://gerrit.wikimedia.org/r/168303
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm
Gerrit-Branch: master
Gerrit-Owner: Ejegg eeggles...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Tweak OAuth lib to respect x-forwarded-proto - change (wikimedia...crm)

2014-10-23 Thread Katie Horn (Code Review) 
Katie Horn has submitted this change and it was merged.

Change subject: Tweak OAuth lib to respect x-forwarded-proto
..


Tweak OAuth lib to respect x-forwarded-proto

Dash's OAuth token requests are signed with an https url, but when
Drupal get them it tries to verify the signature with an http url
because nginx is doing the SSL termination.  This patch makes
Drupal verify with an https url if x-forwarded-proto is https.

Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897
---
M sites/all/modules/contrib/oauth/lib/OAuth.php
1 file changed, 4 insertions(+), 3 deletions(-)

Approvals:
  Katie Horn: Looks good to me, approved



diff --git a/sites/all/modules/contrib/oauth/lib/OAuth.php 
b/sites/all/modules/contrib/oauth/lib/OAuth.php
index 00ea0d5..2341ed7 100644
--- a/sites/all/modules/contrib/oauth/lib/OAuth.php
+++ b/sites/all/modules/contrib/oauth/lib/OAuth.php
@@ -265,9 +265,10 @@
* attempt to build up a request from what was passed to the server
*/
   public static function from_request($http_method=NULL, $http_url=NULL, 
$parameters=NULL) {
-$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != on)
-  ? 'http'
-  : 'https';
+$local_https = isset($_SERVER['HTTPS'])  $_SERVER['HTTPS'] == 'on';
+$forwarded_https = isset($_SERVER['HTTP_X_FORWARDED_PROTO'])  
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+$scheme = ($local_https || $forwarded_https) ? 'https' : 'http';
+
 $http_url = ($http_url) ? $http_url : $scheme .
   '://' . $_SERVER['SERVER_NAME'] .
   ':' .

-- 
To view, visit https://gerrit.wikimedia.org/r/168303
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm
Gerrit-Branch: master
Gerrit-Owner: Ejegg eeggles...@wikimedia.org
Gerrit-Reviewer: Awight awi...@wikimedia.org
Gerrit-Reviewer: Katie Horn kh...@wikimedia.org
Gerrit-Reviewer: jenkins-bot 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits