Page MenuHomePhabricator
Create Task
Maniphest T196102

Korean OAuth redirects when using identify and won't accept signatures using the URL being redirected to
Closed, ResolvedPublic
Actions

Description

On the Korean Wikipedia, when attempting to run /identify using the URL https://ko.wikipedia.org/w/index.php?title=Special:OAuth/identify and a signature with said URL encoded, OAuth will redirect to https://ko.wikipedia.org/wiki/%ED%8A%B9%EC%88%98:MWO%EC%9D%B8%EC%A6%9D/identify and reject the signature.

When attempting to run /identify with the URL https://ko.wikipedia.org/wiki/%ED%8A%B9%EC%88%98:MWO%EC%9D%B8%EC%A6%9D/identify encoded into the signature, OAuth will still reject it, thus making OAuth unusable on kowiki.

Details

SubjectRepoBranchLines +/-
Avoid SpecialPageFactory redirect of Special:OAuthmediawiki/extensions/OAuthmaster+9 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Cyberpower678 created this task.May 31 2018, 7:52 PM
Restricted Application added subscribers: revi, Aklapper. · View Herald TranscriptMay 31 2018, 7:52 PM
Anomie added a comment.May 31 2018, 7:53 PM

The redirect is happening from SpecialPageFactory::executePath(). We could avoid it by either making "OAuth" the canonical local name for the special page in the alias file, or just override SpecialPage::getLocalName() in SpecialMWOAuth to return 'OAuth' when OAuth headers are present.

gerritbot subscribed.May 31 2018, 7:54 PM

Change 436621 had a related patch set uploaded (by Anomie; owner: Anomie):
[mediawiki/extensions/OAuth@master] Avoid SpecialPageFactory redirect of Special:OAuth

https://gerrit.wikimedia.org/r/436621

gerritbot added a project: Patch-For-Review.May 31 2018, 7:54 PM
Cyberpower678 added a parent task: T187047: Deploy InternetArchiveBot on the Korean Wikipedia (kowiki).May 31 2018, 7:55 PM
Tgr added a comment.May 31 2018, 8:07 PM

Affected wikis are ar, arz, ko, lrc, ur (and maybe languages which have these in the fallback chain). We should probably send some notification.

gerritbot added a comment.May 31 2018, 8:14 PM

Change 436621 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Avoid SpecialPageFactory redirect of Special:OAuth

https://gerrit.wikimedia.org/r/436621

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-06-05 (1.32.0-wmf.7)).May 31 2018, 9:00 PM
Anomie moved this task from Unsorted to Non-core-API stuff on the MediaWiki-Action-API board.Jun 1 2018, 1:47 PM
Tgr closed this task as Resolved.Jun 3 2018, 1:45 PM
In T196102#4247154, @Tgr wrote:

Affected wikis are ar, arz, ko, lrc, ur (and maybe languages which have these in the fallback chain). We should probably send some notification.

I mass-messaged the affected Wikipedias with

== Change in OAuth behavior in your language ==
Hi,

the behavior of the [[mw:Extension:OAuth|OAuth extension]] in the ar, arz, ko, lrc, ur languages will change next week. OAuth is an extension used by external tools to get permission from editors to act in their name. Currently the page [[Special:OAuth]] will redirect to the translated version of the special page name;
 starting next week, when used by an external tool (that is, when the request has an Authorization: header), that won't happen anymore.

This makes the behavior of the extension more consistent and intuitive, but migh
t break current tools (which need to update the URL they use). If your language
community has Wikimedia tool developers, please notify them.

See [[phab:T196102]] for more information. Thanks! --[[m:User:Tgr (WMF)|Tgr (WMF)]] ([[m:User talk:Tgr (WMF)|talk]] ~~~~~

and sent an email to wikitech-l and cloud-announce. That should be enough communication.

alaa subscribed.Jun 3 2018, 2:05 PM
Vvjjkkii renamed this task from Korean OAuth redirects when using identify and won't accept signatures using the URL being redirected to to 1vbaaaaaaa.Jul 1 2018, 1:06 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii removed Anomie as the assignee of this task.
Vvjjkkii triaged this task as High priority.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii edited subscribers, added: Anomie; removed: gerritbot, Aklapper.
Cyberpower678 renamed this task from 1vbaaaaaaa to Korean OAuth redirects when using identify and won't accept signatures using the URL being redirected to.Jul 1 2018, 2:14 PM
Cyberpower678 closed this task as Resolved.
Cyberpower678 assigned this task to Anomie.
Cyberpower678 raised the priority of this task from High to Needs Triage.
Cyberpower678 removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
Cyberpower678 updated the task description. (Show Details)
Cyberpower678 edited subscribers, added: Aklapper, GerritBot; removed: Anomie.
Aklapper edited subscribers, added: gerritbot; removed: GerritBot.May 16 2023, 10:18 AM
Maintenance_bot removed a project: Patch-For-Review.May 16 2023, 10:32 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL