[Bug 62826] New: OAuth API upload fails for some (not all!) users

Wed, 19 Mar 2014 04:54:20 -0700 

https://bugzilla.wikimedia.org/show_bug.cgi?id=62826

            Bug ID: 62826
           Summary: OAuth API upload fails for some (not all!) users
           Product: MediaWiki
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: Unprioritized
         Component: API
          Assignee: wikibugs-l@lists.wikimedia.org
          Reporter: magnusman...@gmail.com
                CC: bjor...@wikimedia.org, bryan.tongm...@gmail.com,
                    roan.katt...@gmail.com, s...@reedyboy.net
       Web browser: ---
   Mobile Platform: ---

I have an OAuth consumer named "OAuth Uploader":
https://www.mediawiki.org/wiki/Special:OAuthListConsumers/view/74a4d433d0ab9f9fad720e1c4eb8159a

It checks the login, gets an edit token, and the uploads a file from a remote
URL via API.

As [[User:Magnus Manske]], it works fine. However, other people have reported
that it doesn't work for them. I created a new Commons user
[[User:Testuser-MM]]:
https://commons.wikimedia.org/wiki/User:Testuser-MM

It can upload files to Commons:
https://commons.wikimedia.org/wiki/File:Screen_Shot_2014-03-19_at_11.32.41.png

I registered the consumer for this user (clean Chrome browser), and sure
enough, upload fails with "permission denied".

POST data follows (oauth token/signature replaced with "..."):

Header:
Authorization: OAuth oauth_consumer_key="74a4d433d0ab9f9fad720e1c4eb8159a",
oauth_token="...", oauth_version="1.0",
oauth_nonce="a70af0f0a7e11192a6803fdc0b31c2d2", oauth_timestamp="1395229010",
oauth_signature_method="HMAC-SHA1", oauth_signature="..."

Payload:
Array
(
    [format] => json
    [action] => upload
    [filename] => House_in_Lüneburg_(4838105025).jpg
    [comment] => Transferred from Flickr
    [text] => Dummy_description
    [token] => 46b3fd6cdb67e05407c442b03eeb3230+\
    [url] => https://farm5.staticflickr.com/4085/4838105025_b46921d90c_o.jpg
)

Result:
{"servedby":"mw1193","error":{"code":"permissiondenied","info":"Permission
denied"}}



So, some questions:
* Is the permission denied for the user, or for the OAuth consumer? 
* Why is the permission denied?
* Why does it work for some users, but not others?

So far, I know it does seem to be related to browser plugins, or for how long
the Commons user exists.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to