Last modified: 2013-10-21 17:06:29 UTC
If a user is sent to https://www.mediawiki.org/wiki/Special:MWOAuth/authorize?oauth_token=...&oauth_consumer_key=... while there still is an active authorization, the user is presented with Hi Valhallasw, Gerrit Patch Uploader would like to have basic access on your behalf on media.wikipedia.org. [Cancel] [Allow] Clicking Allow results in Database error A database query error has occurred. This may indicate a bug in the software. Function: MWOAuthDAO::save Error: 1062 Duplicate entry '5005-4-mediawiki' for key 'oaac_user_consumer_wiki' (10.64.16.8) Expected behavior would be a redirect back to the application, as the application is still authorized.
Oh, workaround: remove the application from https://www.mediawiki.org/wiki/Special:MWOAuthManageMyGrants
I see two problems going on here. First, WikiMap::getWikiName( 'mediawiki' ) will happily return a reference to "media.wikipedia.org" rather than returning null because that wiki doesn't actually exist. Fun. Your client is created for that non-existent wiki rather than for mediawikiwiki. I suppose in our validation for the input we could try wfGetDB() instead, does that seem sane? Second, Special:MWOAuth needs to either reject if someone tries to hit it for a client where $cmr->get( 'wiki' ) !== '*' and !== wfWikiId() or the call to $oauthServer->getCurrentAuthorization() needs to return the authorization for $cmr->get( 'wiki' ) rather than wfWikiId(). I'm not sure what the intended design is. Chris or Aaron?
Change 89101 had a related patch set uploaded by Aaron Schulz: Improve wiki ID field validation due to SiteConfiguration oddness https://gerrit.wikimedia.org/r/89101
Change 89101 merged by jenkins-bot: Improve wiki ID field validation due to SiteConfiguration oddness https://gerrit.wikimedia.org/r/89101
First problem solved, marking as new because the second problem remains.
Change 89107 had a related patch set uploaded by Aaron Schulz: Avoid duplicate key error on /authorize page https://gerrit.wikimedia.org/r/89107
Change 89107 merged by jenkins-bot: Avoid duplicate key error on /authorize page https://gerrit.wikimedia.org/r/89107