Skip to content

Commit

Permalink
feat: allow oauth consumers to be created with consumer acceptance (#447
Browse files Browse the repository at this point in the history 
)

* feat: allow oauth consumers to be created with consumer acceptance

* fix: ownerOnly flag determines whether consumer is auto accepted

* fix: ensure ownerOnly is also considered on subsequent lookup

* refactor: expect matching ownerOnly param to be given on lookup

* fix: access secret is expected to be used in hmac format

* docs: add CHANGELOG
  • Loading branch information
@m90
m90 authored Jul 22, 2024
1 parent dbaebda commit d57d055
Show file tree
Hide file tree
Showing 5 changed files with 77 additions and 24 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

Tags have the format: `<MediaWiki core version>-<PHP Version>-<date>-<build number>`

## 1.39-7.4-20240722-0
- Add `ownerOnly` parameter to OAuth setup (#447)

## 1.39-7.4-20240624-0
- Enable InstantCommons (#444)

Expand Down
18 changes: 12 additions & 6 deletions dist-persist/wbstack/src/Internal/ApiWbStackOauthGet.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
* This API is used by tools that need OAuth consumers.
* Calling this API will either give you details for the spec that you ask if they already exist.
* OR it will create such a consume, and give you the details.
*
*
* Most of the logic for OAuth stuff currently lives within WbStackPlatformReservedUser
*/

Expand All @@ -26,28 +26,31 @@ public function execute() {
// Try and get the required consumer
$consumerData = WbStackPlatformReservedUser::getOAuthConsumer(
$this->getParameter('consumerName'),
$this->getParameter('consumerVersion')
$this->getParameter('consumerVersion'),
$this->getParameter('ownerOnly'),
);

// If it doesnt exist, make sure the user and consumer do
if(!$consumerData) {
if (!$consumerData) {
$callbackUrl = $this->getScheme() . $GLOBALS[WBSTACK_INFO_GLOBAL]->requestDomain . $this->getParameter('callbackUrlTail');

WbStackPlatformReservedUser::createIfNotExists();
WbStackPlatformReservedUser::createOauthConsumer(
$this->getParameter('consumerName'),
$this->getParameter('consumerVersion'),
$this->getParameter('grants'),
$callbackUrl
$callbackUrl,
$this->getParameter('ownerOnly'),
);
$consumerData = WbStackPlatformReservedUser::getOAuthConsumer(
$this->getParameter('consumerName'),
$this->getParameter('consumerVersion')
$this->getParameter('consumerVersion'),
$this->getParameter('ownerOnly'),
);
}

// Return appropriate result
if(!$consumerData) {
if (!$consumerData) {
$res = ['success' => 0];
} else {
$res = [
Expand Down Expand Up @@ -77,6 +80,9 @@ public function getAllowedParams() {
ParamValidator::PARAM_TYPE => 'string',
ParamValidator::PARAM_REQUIRED => true
],
'ownerOnly' => [
ParamValidator::PARAM_TYPE => 'boolean',
],
];
}
}
31 changes: 25 additions & 6 deletions dist-persist/wbstack/src/Internal/WbStackPlatformReservedUser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public static function createIfNotExists() {
return true;
}

public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl) {
public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl, $ownerOnly = false) {
// ### Setup oauth consumer...
// LOGIC mainly from https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/maintenance/createOAuthConsumer.php ?
// EXECUTION of script from https://github.com/wmde/wikibase-docker/blob/master/wikibase/1.33/bundle/extra-install.sh#L7 ?
Expand All @@ -65,7 +65,7 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca
'callbackIsPrefix' => true,
'grants' => '["' . implode( '","', $grants) . '"]',
'granttype' => 'normal',
'ownerOnly' => false,
'ownerOnly' => $ownerOnly,
'email' => WbStackPlatformReservedUser::PLATFORM_RESERVED_EMAIL,
'wiki' => '*',
'rsaKey' => '',
Expand Down Expand Up @@ -99,15 +99,14 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca
$control = new \MediaWiki\Extension\OAuth\Control\ConsumerSubmitControl( $context, $data, $dbw );
$approveStatus = $control->submit();

if ( !$approveStatus->isGood() ) {
// TODO return more info...
if ( !$approveStatus->isOK() ) {
return false;
}

return true;
}

public static function getOAuthConsumer($consumerName, $version) {
public static function getOAuthConsumer($consumerName, $version, $ownerOnly = false) {
$user = self::getUser();
// TODO create the oauth consumer on the fly if it doesn't exist (needs grants and callbackurl)

Expand All @@ -131,10 +130,30 @@ public static function getOAuthConsumer($consumerName, $version) {
return false;
}

return [
if ($c->getOwnerOnly() !== $ownerOnly) {
return false;
}

$data = [
'agent' => $c->getName(),
'consumerKey' => $c->getConsumerKey(),
'consumerSecret' => \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $c->getSecretKey() ),
];

$a = \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::newFromUserConsumerWiki(
$db,
$user->getId(),
$c,
$c->getWiki(),
\MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::READ_NORMAL,
$c->getOAuthVersion(),
);

if ( $a !== false ) {
$data['accessKey'] = $a->getAccessToken();
$data['accessSecret'] = \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $a->getAccessSecret() );
}

return $data;
}
}
18 changes: 12 additions & 6 deletions dist/wbstack/src/Internal/ApiWbStackOauthGet.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
* This API is used by tools that need OAuth consumers.
* Calling this API will either give you details for the spec that you ask if they already exist.
* OR it will create such a consume, and give you the details.
*
*
* Most of the logic for OAuth stuff currently lives within WbStackPlatformReservedUser
*/

Expand All @@ -26,28 +26,31 @@ public function execute() {
// Try and get the required consumer
$consumerData = WbStackPlatformReservedUser::getOAuthConsumer(
$this->getParameter('consumerName'),
$this->getParameter('consumerVersion')
$this->getParameter('consumerVersion'),
$this->getParameter('ownerOnly'),
);

// If it doesnt exist, make sure the user and consumer do
if(!$consumerData) {
if (!$consumerData) {
$callbackUrl = $this->getScheme() . $GLOBALS[WBSTACK_INFO_GLOBAL]->requestDomain . $this->getParameter('callbackUrlTail');

WbStackPlatformReservedUser::createIfNotExists();
WbStackPlatformReservedUser::createOauthConsumer(
$this->getParameter('consumerName'),
$this->getParameter('consumerVersion'),
$this->getParameter('grants'),
$callbackUrl
$callbackUrl,
$this->getParameter('ownerOnly'),
);
$consumerData = WbStackPlatformReservedUser::getOAuthConsumer(
$this->getParameter('consumerName'),
$this->getParameter('consumerVersion')
$this->getParameter('consumerVersion'),
$this->getParameter('ownerOnly'),
);
}

// Return appropriate result
if(!$consumerData) {
if (!$consumerData) {
$res = ['success' => 0];
} else {
$res = [
Expand Down Expand Up @@ -77,6 +80,9 @@ public function getAllowedParams() {
ParamValidator::PARAM_TYPE => 'string',
ParamValidator::PARAM_REQUIRED => true
],
'ownerOnly' => [
ParamValidator::PARAM_TYPE => 'boolean',
],
];
}
}
31 changes: 25 additions & 6 deletions dist/wbstack/src/Internal/WbStackPlatformReservedUser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public static function createIfNotExists() {
return true;
}

public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl) {
public static function createOauthConsumer($consumerName, $version, $grants, $callbackUrl, $ownerOnly = false) {
// ### Setup oauth consumer...
// LOGIC mainly from https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/maintenance/createOAuthConsumer.php ?
// EXECUTION of script from https://github.com/wmde/wikibase-docker/blob/master/wikibase/1.33/bundle/extra-install.sh#L7 ?
Expand All @@ -65,7 +65,7 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca
'callbackIsPrefix' => true,
'grants' => '["' . implode( '","', $grants) . '"]',
'granttype' => 'normal',
'ownerOnly' => false,
'ownerOnly' => $ownerOnly,
'email' => WbStackPlatformReservedUser::PLATFORM_RESERVED_EMAIL,
'wiki' => '*',
'rsaKey' => '',
Expand Down Expand Up @@ -99,15 +99,14 @@ public static function createOauthConsumer($consumerName, $version, $grants, $ca
$control = new \MediaWiki\Extension\OAuth\Control\ConsumerSubmitControl( $context, $data, $dbw );
$approveStatus = $control->submit();

if ( !$approveStatus->isGood() ) {
// TODO return more info...
if ( !$approveStatus->isOK() ) {
return false;
}

return true;
}

public static function getOAuthConsumer($consumerName, $version) {
public static function getOAuthConsumer($consumerName, $version, $ownerOnly = false) {
$user = self::getUser();
// TODO create the oauth consumer on the fly if it doesn't exist (needs grants and callbackurl)

Expand All @@ -131,10 +130,30 @@ public static function getOAuthConsumer($consumerName, $version) {
return false;
}

return [
if ($c->getOwnerOnly() !== $ownerOnly) {
return false;
}

$data = [
'agent' => $c->getName(),
'consumerKey' => $c->getConsumerKey(),
'consumerSecret' => \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $c->getSecretKey() ),
];

$a = \MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::newFromUserConsumerWiki(
$db,
$user->getId(),
$c,
$c->getWiki(),
\MediaWiki\Extension\OAuth\Backend\ConsumerAcceptance::READ_NORMAL,
$c->getOAuthVersion(),
);

if ( $a !== false ) {
$data['accessKey'] = $a->getAccessToken();
$data['accessSecret'] = \MediaWiki\Extension\OAuth\Backend\Utils::hmacDBSecret( $a->getAccessSecret() );
}

return $data;
}
}

0 comments on commit d57d055

Please sign in to comment.