Page MenuHomePhabricator
Create Task
Maniphest T198439

Does not require people permission for logging in
Closed, ResolvedPublic
Actions

Description

Originally reported at: https://www.mediawiki.org/wiki/Topic:U5yoiz7dhxmn9eyw

Currently, GoogleLogin requests two scopes when logging in or registering a new account: email and profile. The profile scope is used to get the displayName of the corresponding Google+ profile when creating an account with GoogleLogin. However, as the e-mail address is retrieved from the Google+ response, too, this requires the user to actually have a Google+ account. We could, however, get the email address from the email scope only, too, which reduces the profile permission to the displayName only. I'm not really sure, if that is enough to require the users of this extension to have a Google+ profile, or whatever is needed to get back some data with the profile scope.

The question is: What is the default MediaWiki username when we do not try to get this displayName from Google+?

Details

SubjectRepoBranchLines +/-
Remove profile permission scope from requested account permissionsmediawiki/extensions/GoogleLoginREL1_31+74 -56
Remove profile permission scope from requested account permissionsmediawiki/extensions/GoogleLoginmaster+74 -56
Customize query in gerrit

Event Timeline

Florian created this task.Jun 29 2018, 12:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 29 2018, 12:11 AM
Florian claimed this task.Jun 29 2018, 12:44 AM

Actually I seem to be incorrect. The extension does not require the people permission at all, as the displayName, where I thought it is used, comes from another set of data (where a server API key is used, instead of an actual permission of the user to access his data). So, let's reduce the scope of permissions here :D

gerritbot subscribed.Jun 29 2018, 1:02 AM

Change 443014 had a related patch set uploaded (by Florianschmidtwelzow; owner: Florianschmidtwelzow):
[mediawiki/extensions/GoogleLogin@master] Remove profile permission scope from requested account permissions

https://gerrit.wikimedia.org/r/443014

gerritbot added a project: Patch-For-Review.Jun 29 2018, 1:02 AM
Florian added a comment.Jul 19 2018, 11:55 AM

Scope profile removed, *yay* :)

Florian closed this task as Resolved.Jul 19 2018, 11:55 AM
gerritbot added a comment.Jul 19 2018, 12:01 PM

Change 443014 merged by jenkins-bot:
[mediawiki/extensions/GoogleLogin@master] Remove profile permission scope from requested account permissions

https://gerrit.wikimedia.org/r/443014

gerritbot added a comment.Jan 29 2019, 7:44 PM

Change 487078 had a related patch set uploaded (by Florianschmidtwelzow; owner: Florianschmidtwelzow):
[mediawiki/extensions/GoogleLogin@REL1_31] Remove profile permission scope from requested account permissions

https://gerrit.wikimedia.org/r/487078

gerritbot added a comment.Jan 29 2019, 7:50 PM

Change 487078 merged by Florianschmidtwelzow:
[mediawiki/extensions/GoogleLogin@REL1_31] Remove profile permission scope from requested account permissions

https://gerrit.wikimedia.org/r/487078

Markdoliner subscribed.Feb 12 2019, 4:36 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL