Last modified: 2013-10-21 17:06:29 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T57580, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 55580 - Redirecting client to Special:MWOAuth/authorize more than once results in database error
Redirecting client to Special:MWOAuth/authorize more than once results in dat...
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
OAuth (Other open bugs)
master
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-10 18:40 UTC by Merlijn van Deen (test)
Modified: 2013-10-21 17:06 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Merlijn van Deen (test) 2013-10-10 18:40:33 UTC 
If a user is sent to https://www.mediawiki.org/wiki/Special:MWOAuth/authorize?oauth_token=...&oauth_consumer_key=... while there still is an active authorization, the user is presented with

Hi Valhallasw,
Gerrit Patch Uploader would like to have basic access on your behalf on media.wikipedia.org.
[Cancel] [Allow]


Clicking Allow results in

Database error
A database query error has occurred. This may indicate a bug in the software.
Function: MWOAuthDAO::save
Error: 1062 Duplicate entry '5005-4-mediawiki' for key 'oaac_user_consumer_wiki' (10.64.16.8)


Expected behavior would be a redirect back to the application, as the application is still authorized.
Comment 1 Merlijn van Deen (test) 2013-10-10 18:41:21 UTC 
Oh, workaround: remove the application from https://www.mediawiki.org/wiki/Special:MWOAuthManageMyGrants
Comment 2 Brad Jorsch 2013-10-10 19:15:55 UTC 
I see two problems going on here.

First, WikiMap::getWikiName( 'mediawiki' ) will happily return a reference to "media.wikipedia.org" rather than returning null because that wiki doesn't actually exist. Fun. Your client is created for that non-existent wiki rather than for mediawikiwiki. I suppose in our validation for the input we could try wfGetDB() instead, does that seem sane?

Second, Special:MWOAuth needs to either reject if someone tries to hit it for a client where $cmr->get( 'wiki' ) !== '*' and !== wfWikiId() or the call to $oauthServer->getCurrentAuthorization() needs to return the authorization for $cmr->get( 'wiki' ) rather than wfWikiId(). I'm not sure what the intended design is. Chris or Aaron?
Comment 3 Gerrit Notification Bot 2013-10-10 19:41:12 UTC 
Change 89101 had a related patch set uploaded by Aaron Schulz:
Improve wiki ID field validation due to SiteConfiguration oddness

https://gerrit.wikimedia.org/r/89101
Comment 4 Gerrit Notification Bot 2013-10-10 19:52:21 UTC 
Change 89101 merged by jenkins-bot:
Improve wiki ID field validation due to SiteConfiguration oddness

https://gerrit.wikimedia.org/r/89101
Comment 5 Brad Jorsch 2013-10-10 19:53:32 UTC 
First problem solved, marking as new because the second problem remains.
Comment 6 Gerrit Notification Bot 2013-10-10 20:46:27 UTC 
Change 89107 had a related patch set uploaded by Aaron Schulz:
Avoid duplicate key error on /authorize page

https://gerrit.wikimedia.org/r/89107
Comment 7 Gerrit Notification Bot 2013-10-18 22:49:15 UTC 
Change 89107 merged by jenkins-bot:
Avoid duplicate key error on /authorize page

https://gerrit.wikimedia.org/r/89107
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links