Gitiles
Code Review Sign In
gerrit.wikimedia.org / mediawiki / extensions / OAuth / refs/heads/REL1_26
commitc0cdf812b4fe9d3727c2b9fceff02b938a75334f[log] [tgz]
authorBrad Jorsch <bjorsch@wikimedia.org>Wed Oct 26 10:21:49 2016 -0400
committerGergő Tisza <gtisza@wikimedia.org>Thu Oct 27 23:14:33 2016 +0000
tree96b8b4c490984c9590dd8c34aeabab727e4aecce
parent515835a08c48291b95ac2adddc036b42614c2c65 [diff]
Use correct user for isUsableBy check in Special:OAuth/identify

The special page's $this->getUser() comes from the normal
CookieSessionProvider cookies (or other non-OAuth mechanism), not the
OAuth headers that are being validated here for use by the /identify
endpoint.

We need to use the user associated with the MWOAuthConsumerAcceptance
instead for proper operation.

Bug: T149194
Change-Id: I0a9f78c4fe7e592a3dbbf084858ba9942a8fac38
(cherry picked from commit 5ec60f469f1cb0520db2710ee25604811d11057b)
1 file changed
tree: 96b8b4c490984c9590dd8c34aeabab727e4aecce
  1. api/
  2. backend/
  3. control/
  4. examples/
  5. frontend/
  6. i18n/
  7. lib/
  8. maintenance/
  9. tests/
  10. .gitignore
  11. .gitreview
  12. .jshintrc
  13. COPYING
  14. Gruntfile.js
  15. OAuth.config.php
  16. OAuth.php
  17. OAuth.setup.php
  18. package.json