Last modified: 2014-03-13 01:14:13 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64312, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62312 - Issue with OAuth on Commons
Issue with OAuth on Commons
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
API (Other open bugs)
1.23.0
All All
: High major (vote)
: ---
Assigned To: Brad Jorsch
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-06 10:31 UTC by Magnus Manske
Modified: 2014-03-13 01:14 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Magnus Manske 2014-03-06 10:31:27 UTC 
One of my Labs OAuth Consumers ("OAuth Uploader") uses PHP/CURL to talk to the Commons API.

In the browser, this API query works fine:
https://commons.wikimedia.org/w/api.php?action=query&meta=userinfo&format=json

But when I use a POST request with 
Array
(
    [format] => json
    [action] => query
    [meta] => userinfo
)

and OAuth header, I get:

<!doctype html><html><head><title>Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>Set $wgShowExceptionDetails = true; in LocalSettings.php to show detailed debugging information.<br />
</p></body></html>

Maybe my Consumer is doing something wrong, but whatever it is, I should get a more helpful error message. Unless I know what's wrong, I can't fix the Consumer, and the tool remains broken.
Comment 1 Brad Jorsch 2014-03-06 14:05:40 UTC 
An exception shouldn't be making it to the user is the problem.

What seems to be going on here is that Cirrus is causing User to be loaded from the ApiBeforeMain hook. Since that's the sort of thing this hook was created for, what needs to happen is that the caller of that hook needs to be prepared to handle the exception.


FYI, I believe the error you're getting should be a response along the lines of this:

{"error":{"code":"mwoauth-invalid-authorization","info":"The authorization headers in your request are not valid: No approved grant was found for that authorization token."}}
Comment 2 Magnus Manske 2014-03-06 14:44:18 UTC 
Thanks. Any hint as to what is not valid in the header?
Comment 3 Gerrit Notification Bot 2014-03-06 14:50:19 UTC 
Change 117189 had a related patch set uploaded by Anomie:
API: Handle exceptions from ApiBeforeMain hook in a user-friendly manner

https://gerrit.wikimedia.org/r/117189
Comment 4 Brad Jorsch 2014-03-06 14:53:10 UTC 
(In reply to Magnus Manske from comment #2)
> Thanks. Any hint as to what is not valid in the header?

Is your consumer approved, or are you trying to use it from the same user account you used to register it?

If that's not it, are you correctly calculating the signature for your POST request? Remember that only application/x-www-form-urlencoded posts include the post data in the signature, multipart/form-data doesn't.
Comment 5 Magnus Manske 2014-03-06 16:51:00 UTC 
Actually, I got it to work now ;-) That bug should still be fixed though!
Comment 6 Gerrit Notification Bot 2014-03-12 19:33:03 UTC 
Change 117189 merged by jenkins-bot:
API: Handle exceptions from ApiBeforeMain hook in a user-friendly manner

https://gerrit.wikimedia.org/r/117189
Comment 7 Brad Jorsch 2014-03-13 01:10:52 UTC 
This should be deployed to WMF wikis with 1.23wmf18, see https://www.mediawiki.org/wiki/MediaWiki_1.23/Roadmap for the schedule.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links