Page MenuHomePhabricator
Create Task
Maniphest T192025

Define Grants for CentralAuth
Closed, ResolvedPublic
Actions

Description

I'm now using API with OAuth clients for some tasks for semi automated.
However, currently can not global block or remove that via API with OAuth Clients due to not defined related GrantPermissions for CentralAuth.
Of course, I can use APIs if I set a main session to bot. but I don't want share my main sessions with bot for insecure.

For this, I propose to define a related GrantPermissions (centralauth-lock, centralauth-oversight).

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

It means we can be improve our security for user not sharing password with bots or similar .

Details

SubjectRepoBranchLines +/-
Add GrantPermissions with centralauth-lock, centralauth-oversightmediawiki/extensions/CentralAuthmaster+13 -2
Customize query in gerrit

Related Objects

Event Timeline

Rxy created this task.Apr 11 2018, 8:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 11 2018, 8:26 PM
MarcoAurelio subscribed.Apr 11 2018, 8:33 PM

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

Just in case someone starts to wonder. We have never ever shared accounts, passwords or sessions to perform stewardry job.

gerritbot subscribed.Apr 11 2018, 8:40 PM

Change 425660 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/extensions/CentralAuth@master] Add GrantPermissions with centralauth-lock, centralauth-oversight

https://gerrit.wikimedia.org/r/425660

gerritbot added a project: Patch-For-Review.Apr 11 2018, 8:40 PM
Rxy added a comment.Apr 11 2018, 8:46 PM
In T192025#4124911, @MarcoAurelio wrote:

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

Just in case someone starts to wonder. We have never ever shared accounts, passwords or sessions to perform stewardry job.

same as T192024#4124948

MarcoAurelio mentioned this in T185349: No possibility to run lock via botpasswords.Apr 16 2018, 3:50 PM
gerritbot added a comment.Apr 18 2018, 8:48 PM

Change 425660 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Add GrantPermissions with centralauth-lock, centralauth-oversight

https://gerrit.wikimedia.org/r/425660

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-04-24 (1.32.0-wmf.1)).Apr 18 2018, 9:00 PM
MarcoAurelio closed this task as Resolved.Apr 19 2018, 8:54 AM
MarcoAurelio removed a project: Patch-For-Review.
Rxy merged a task: T185349: No possibility to run lock via botpasswords.May 9 2018, 3:53 AM
Rxy added subscribers: Luke081515, JJMC89.
Rxy mentioned this in T203129: Define Suppress grants.Aug 29 2018, 11:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL