Skip to content

Commit

Permalink
Domain usage: OAuth handlers
Browse files Browse the repository at this point in the history
Fixes #837
  • Loading branch information
stwalkerster committed Sep 4, 2023
1 parent 585c81d commit 3b42922
Show file tree
Hide file tree
Showing 14 changed files with 98 additions and 54 deletions.
3 changes: 0 additions & 3 deletions config.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,6 @@
// Formerly-used OAuth tokens to permit reading identities from
$oauthLegacyTokens = [];

$oauthMediaWikiCanonicalServer = "https://en.wikipedia.org";

$useOauthSignup = true;
$enforceOAuth = false;

Expand Down Expand Up @@ -254,7 +252,6 @@ function wfDebugLog($section, $message)
->setOAuthConsumerToken($oauthConsumerToken)
->setOAuthLegacyConsumerTokens($oauthLegacyTokens)
->setOAuthConsumerSecret($oauthSecretToken)
->setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
->setDataClearInterval($dataclear_interval)
->setXffTrustedHostsFile($xff_trusted_hosts_file)
->setIrcNotificationsEnabled($ircBotNotificationsEnabled == 1)
Expand Down
9 changes: 8 additions & 1 deletion includes/Background/CreationTaskBase.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
namespace Waca\Background;

use Exception;
use Waca\DataObjects\Domain;
use Waca\DataObjects\Request;
use Waca\DataObjects\User;
use Waca\ExceptionHandler;
Expand Down Expand Up @@ -111,8 +112,14 @@ protected abstract function getMediaWikiClient();

protected function getMediaWikiHelper()
{
/** @var Domain $domain */
$domain = Domain::getById($this->getJob()->getDomain(), $this->getDatabase());

if ($this->mwHelper === null) {
$this->mwHelper = new MediaWikiHelper($this->getMediaWikiClient(), $this->getSiteConfiguration());
$this->mwHelper = new MediaWikiHelper(
$this->getMediaWikiClient(),
$this->getSiteConfiguration(),
$domain->getWikiApiPath());
}

return $this->mwHelper;
Expand Down
7 changes: 6 additions & 1 deletion includes/Background/Task/WelcomeUserTask.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
namespace Waca\Background\Task;

use Waca\Background\BackgroundTaskBase;
use Waca\DataObjects\Domain;
use Waca\DataObjects\Request;
use Waca\DataObjects\User;
use Waca\DataObjects\WelcomeTemplate;
Expand All @@ -27,6 +28,10 @@ public function execute()
$database = $this->getDatabase();
$this->request = $this->getRequest();
$user = $this->getTriggerUser();

/** @var Domain $domain */
$domain = Domain::getById($this->getJob()->getDomain(), $database);

$userPrefs = new PreferenceManager($database, $user->getId(), $this->request->getDomain());

$welcomeTemplate = $userPrefs->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
Expand All @@ -48,7 +53,7 @@ public function execute()

$oauth = new OAuthUserHelper($user, $database, $this->getOauthProtocolHelper(),
$this->getSiteConfiguration());
$mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration());
$mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration(), $domain->getWikiApiPath());

if ($this->request->getStatus() !== RequestStatus::CLOSED) {
$this->markFailed('Request is currently open');
Expand Down
21 changes: 21 additions & 0 deletions includes/DataObjects/Domain.php
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,27 @@ public static function getByShortName(string $shortName, PdoDatabase $database)
return $result;
}

public static function getByApiPath(string $apiPath, PdoDatabase $database)
{
$statement = $database->prepare(<<<SQL
SELECT * FROM domain WHERE wikiapipath = :api;
SQL
);

$statement->execute([
':api' => $apiPath,
]);

/** @var RequestForm|false $result */
$result = $statement->fetchObject(get_called_class());

if ($result !== false) {
$result->setDatabase($database);
}

return $result;
}

public static function getAll(PdoDatabase $database) {
$statement = $database->prepare("SELECT * FROM domain;");
$statement->execute();
Expand Down
5 changes: 3 additions & 2 deletions includes/Helpers/BotMediaWikiClient.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ public function __construct(SiteConfiguration $siteConfiguration, Domain $domain
);
}

public function doApiCall($apiParams, $method = 'GET')
public function doApiCall($apiParams, string $method, string $apiPath)
{
$this->ensureLoggedIn();
$apiParams['assert'] = 'user';
Expand Down Expand Up @@ -85,12 +85,13 @@ private function ensureLoggedIn()
/**
* @param $apiParams
* @param $method
* @param $apiPath
*
* @return mixed
* @throws ApplicationLogicException
* @throws CurlException
*/
private function callApi($apiParams, $method)
private function callApi($apiParams, $method, $apiPath)
{
$apiParams['format'] = 'json';

Expand Down
2 changes: 1 addition & 1 deletion includes/Helpers/Interfaces/IMediaWikiClient.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@

interface IMediaWikiClient
{
function doApiCall($params, $method);
function doApiCall($params, string $method, string $apiPath);
}
2 changes: 1 addition & 1 deletion includes/Helpers/Interfaces/IOAuthProtocolHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,5 +63,5 @@ public function getIdentityTicket($oauthAccessToken, $oauthAccessSecret);
* @throws CurlException
* @throws Exception
*/
public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET');
public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET', string $apiPath);
}
19 changes: 11 additions & 8 deletions includes/Helpers/MediaWikiHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,20 @@ class MediaWikiHelper
* @var SiteConfiguration
*/
private $siteConfiguration;
private string $apiPath;

/**
* MediaWikiHelper constructor.
*
* @param IMediaWikiClient $mediaWikiClient
* @param SiteConfiguration $siteConfiguration
* @param string $apiPath
*/
public function __construct(IMediaWikiClient $mediaWikiClient, SiteConfiguration $siteConfiguration)
public function __construct(IMediaWikiClient $mediaWikiClient, SiteConfiguration $siteConfiguration, string $apiPath)
{
$this->mediaWikiClient = $mediaWikiClient;
$this->siteConfiguration = $siteConfiguration;
$this->apiPath = $apiPath;
}

/**
Expand All @@ -55,7 +58,7 @@ public function createAccount($username, $emailAddress, $reason)
'type' => 'createaccount',
);

$response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
$response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST', $this->apiPath);

if (isset($response->error)) {
throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
Expand Down Expand Up @@ -83,7 +86,7 @@ public function createAccount($username, $emailAddress, $reason)
$createParams['email'] = $emailAddress;
$createParams['reason'] = $reason;

$createResponse = $this->mediaWikiClient->doApiCall($createParams, 'POST');
$createResponse = $this->mediaWikiClient->doApiCall($createParams, 'POST', $this->apiPath);

if (isset($createResponse->error)) {
throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
Expand Down Expand Up @@ -123,7 +126,7 @@ public function addTalkPageMessage($username, $title, $summary, $message, $creat
'type' => 'csrf',
);

$response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST');
$response = $this->mediaWikiClient->doApiCall($tokenParams, 'POST', $this->apiPath);

if (isset($response->error)) {
throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
Expand All @@ -149,7 +152,7 @@ public function addTalkPageMessage($username, $title, $summary, $message, $creat
$editParameters['createonly'] = true;
}

$response = $this->mediaWikiClient->doApiCall($editParameters, 'POST');
$response = $this->mediaWikiClient->doApiCall($editParameters, 'POST', $this->apiPath);

if (!isset($response->edit)) {
if (isset($response->error)) {
Expand All @@ -176,7 +179,7 @@ public function getCreationFieldData(&$requiredFields, &$checkboxFields)
'amirequestsfor' => 'create',
);

$response = $this->mediaWikiClient->doApiCall($params, 'GET');
$response = $this->mediaWikiClient->doApiCall($params, 'GET', $this->apiPath);

if (isset($response->error)) {
throw new MediaWikiApiException($response->error->code . ': ' . $response->error->info);
Expand Down Expand Up @@ -250,7 +253,7 @@ public function checkAccountExists($username)
'ususers' => $username,
);

$apiResult = $this->mediaWikiClient->doApiCall($parameters, 'GET');
$apiResult = $this->mediaWikiClient->doApiCall($parameters, 'GET', $this->apiPath);

$entry = $apiResult->query->users[0];
$exists = !isset($entry->missing);
Expand All @@ -277,7 +280,7 @@ public function getHtmlForWikiText($wikiText)
'text' => $wikiText,
);

$apiResult = $this->mediaWikiClient->doApiCall($parameters, 'GET');
$apiResult = $this->mediaWikiClient->doApiCall($parameters, 'GET', $this->apiPath);

return $apiResult->parse->text->{'*'};
}
Expand Down
16 changes: 6 additions & 10 deletions includes/Helpers/OAuthProtocolHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,8 @@ public function getRequestToken()
{
/** @var Token $requestToken */

// FIXME: domains!
/** @var Domain $domain */
$domain = Domain::getById(1, $this->database);
$domain = Domain::getCurrent($this->database);

list($authUrl, $requestToken) = $this->getClient($domain)->initiate();
$this->authUrl = $authUrl;
Expand All @@ -87,9 +86,8 @@ public function callbackCompleted($oauthRequestToken, $oauthRequestSecret, $oaut
{
$requestToken = new Token($oauthRequestToken, $oauthRequestSecret);

// FIXME: domains!
/** @var Domain $domain */
$domain = Domain::getById(1, $this->database);
$domain = Domain::getCurrent($this->database);

return $this->getClient($domain)->complete($requestToken, $oauthVerifier);
}
Expand All @@ -99,17 +97,16 @@ public function callbackCompleted($oauthRequestToken, $oauthRequestSecret, $oaut
*/
public function getIdentityTicket($oauthAccessToken, $oauthAccessSecret)
{
// FIXME: domains!
/** @var Domain $domain */
$domain = Domain::getById(1, $this->database);
$domain = Domain::getCurrent($this->database);

return $this->getClient($domain)->identify(new Token($oauthAccessToken, $oauthAccessSecret));
}

/**
* @inheritDoc
*/
public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET')
public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET', string $apiPath)
{
$userToken = new Token($accessToken, $accessSecret);

Expand All @@ -119,11 +116,10 @@ public function apiCall($apiParams, $accessToken, $accessSecret, $method = 'GET'
throw new CurlException("Invalid API call");
}

// FIXME: domains!
/** @var Domain $domain */
$domain = Domain::getById(1, $this->database);
$domain = Domain::getByApiPath($apiPath, $this->database);

$url = $domain->getWikiApiPath();
$url = $apiPath;
$isPost = ($method === 'POST');

if ($method === 'GET') {
Expand Down
26 changes: 22 additions & 4 deletions includes/Helpers/OAuthUserHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use DateTimeImmutable;
use MediaWiki\OAuthClient\Exception;
use PDOStatement;
use Waca\DataObjects\Domain;
use Waca\DataObjects\OAuthIdentity;
use Waca\DataObjects\OAuthToken;
use Waca\DataObjects\User;
Expand Down Expand Up @@ -67,6 +68,8 @@ class OAuthUserHelper implements IMediaWikiClient

private $legacyTokens;

private array $issuers;

#region Static methods

public static function findUserByRequestToken($requestToken, PdoDatabase $database)
Expand Down Expand Up @@ -355,13 +358,13 @@ public function getIdentity($expiredOk = false)
return $this->identity;
}

public function doApiCall($params, $method)
public function doApiCall($params, string $method, string $apiPath)
{
// Ensure we're logged in
$params['assert'] = 'user';

$token = $this->loadAccessToken();
return $this->oauthProtocolHelper->apiCall($params, $token->getToken(), $token->getSecret(), $method);
return $this->oauthProtocolHelper->apiCall($params, $token->getToken(), $token->getSecret(), $method, $apiPath);
}

/**
Expand All @@ -372,6 +375,7 @@ public function doApiCall($params, $method)
private function identityIsValid($expiredOk = false)
{
$this->loadIdentity();
$this->loadTokenIssuers();

if ($this->identity === null) {
return false;
Expand Down Expand Up @@ -408,8 +412,17 @@ private function identityIsValid($expiredOk = false)
}
}

if ($this->identity->getIssuer() !== $this->siteConfiguration->getOauthMediaWikiCanonicalServer()) {
// token not issued by the right person
$issuerFound = false;
$ticketIssuer = $this->identity->getIssuer();
foreach ($this->issuers as $issuer) {
if (substr($issuer, 0, strlen($ticketIssuer)) === $ticketIssuer) {
$issuerFound = true;
break;
}
}

if (!$issuerFound) {
// Issuer not found in domains
return false;
}

Expand Down Expand Up @@ -481,4 +494,9 @@ private function loadAccessToken()

return $this->accessToken;
}

private function loadTokenIssuers()
{
$this->issuers = array_map( fn(Domain $d): string => $d->getWikiApiPath(), Domain::getAll($this->database));
}
}
2 changes: 1 addition & 1 deletion includes/Pages/PageWelcomeTemplateManagement.php
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ protected function view()

$oauth = new OAuthUserHelper($currentUser, $database, $this->getOauthProtocolHelper(),
$this->getSiteConfiguration());
$mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration());
$mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration(), $domain->getWikiApiPath());

$templateHtml = $mediaWikiHelper->getHtmlForWikiText($wikiText);

Expand Down
Loading

0 comments on commit 3b42922

Please sign in to comment.