Last modified: 2014-10-29 22:10:06 UTC
Several OAuth admins report not being able to approve either of my latest proposed consumers: https://www.mediawiki.org/wiki/Special:OAuthListConsumers?name=&publisher=Ragesoss&stage=0 The error message they get is: "Someone changed the attributes of this consumer as you viewed it. Please try again. You may want to check the change log."
Uhg, fatality of the updates to user tokens. MWOAuthDAO::getChangeToken() relies on recalculating a hash that uses User::getEditToken(). The csrf token should be checked already, so for collision detection, we probably should just use the user id instead of their edit token.
Change 169593 had a related patch set uploaded by CSteipp: Remove edit token from conflict detection https://gerrit.wikimedia.org/r/169593
Change 169593 merged by jenkins-bot: Remove edit token from conflict detection https://gerrit.wikimedia.org/r/169593
Now that the fix is merged and deployed, can someone approve my apps to see if it worked? :)