Page MenuHomePhabricator
Create Task
Maniphest T204784

SpecialMWOAuth::execute emits Warning "No approved grant was found for that authorization token"
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

Error

Request ID: W6F5TArAIDMAAGqieccAAACQ

message
MediaWiki\Extensions\OAuth\SpecialMWOAuth::execute: Exception

No approved grant was found for that authorization token.
stacktrace
#0 /srv/mediawiki/php-1.32.0-wmf.22/extensions/OAuth/lib/OAuth.php(686): MediaWiki\Extensions\OAuth\MWOAuthDataStore->lookup_token(MediaWiki\Extensions\OAuth\MWOAuthConsumer, string, string)
#1 /srv/mediawiki/php-1.32.0-wmf.22/extensions/OAuth/lib/OAuth.php(610): MediaWiki\Extensions\OAuth\OAuthServer->get_token(MediaWiki\Extensions\OAuth\MWOAuthRequest, MediaWiki\Extensions\OAuth\MWOAuthConsumer, string)
#2 /srv/mediawiki/php-1.32.0-wmf.22/extensions/OAuth/backend/MWOAuthServer.php(266): MediaWiki\Extensions\OAuth\OAuthServer->verify_request(MediaWiki\Extensions\OAuth\MWOAuthRequest)
#3 /srv/mediawiki/php-1.32.0-wmf.22/extensions/OAuth/frontend/specialpages/SpecialMWOAuth.php(171): MediaWiki\Extensions\OAuth\MWOAuthServer->verify_request(MediaWiki\Extensions\OAuth\MWOAuthRequest)
#4 /srv/mediawiki/php-1.32.0-wmf.22/includes/specialpage/SpecialPage.php(569): MediaWiki\Extensions\OAuth\SpecialMWOAuth->execute(string)
#5 /srv/mediawiki/php-1.32.0-wmf.22/includes/specialpage/SpecialPageFactory.php(581): SpecialPage->run(string)
#6 /srv/mediawiki/php-1.32.0-wmf.22/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#7 /srv/mediawiki/php-1.32.0-wmf.22/includes/MediaWiki.php(868): MediaWiki->performRequest()
#8 /srv/mediawiki/php-1.32.0-wmf.22/includes/MediaWiki.php(525): MediaWiki->main()
#9 /srv/mediawiki/php-1.32.0-wmf.22/index.php(42): MediaWiki->run()
#10 /srv/mediawiki/w/index.php(3): include(string)

Notes

Logged by https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OAuth/+/b70b0944c5942a582a7dd6b89e8117ea88d3d22d/frontend/specialpages/SpecialMWOAuth.php#244.

Details

SubjectRepoBranchLines +/-
Log catched exception as debug on SpecialMWOAuthmediawiki/extensions/OAuthmaster+2 -2
Customize query in gerrit

Related Objects

Event Timeline

Krinkle created this task.Sep 18 2018, 10:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 18 2018, 10:37 PM
Krinkle moved this task from Untriaged to Apr 2019 / 1.33.wmf.25+ on the Wikimedia-production-error board.Sep 18 2018, 10:39 PM

I'm not familiar with the code, but I suspect it might be client error, not an application error. If that is the case, this may be better suited for INFO rather than WARNING.

Krinkle moved this task from Apr 2019 / 1.33.wmf.25+ to Older on the Wikimedia-production-error board.Sep 19 2018, 1:23 AM
mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:08 PM
gerritbot added a comment.Jan 27 2023, 8:22 PM

Change 884374 had a related patch set uploaded (by Umherirrender; author: Umherirrender):

[mediawiki/extensions/OAuth@master] Log catched exception as debug on SpecialMWOAuth

https://gerrit.wikimedia.org/r/884374

gerritbot added a project: Patch-For-Review.Jan 27 2023, 8:22 PM
Umherirrender claimed this task.Jan 27 2023, 8:22 PM
Tgr subscribed.Jan 28 2023, 2:05 AM

Logged by https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OAuth/+/b70b0944c5942a582a7dd6b89e8117ea88d3d22d/frontend/specialpages/SpecialMWOAuth.php#244.

If it is really logged by that line, it should end up on the OAuth channel, not the production error log.

What probably actually happens is that the exception does not get caught because of a namespace mismatch.

I'm not familiar with the code, but I suspect it might be client error, not an application error.

I think it is an application error (the token is in the token store but there is no matching DB record). In general though, the extension doesn't really differentiate between internal errors and user/client errors - MWOAuthException can stand for either. Not great, but per above, shouldn't really matter.

Umherirrender added a comment.Jan 28 2023, 2:44 AM
In T204784#8566321, @Tgr wrote:

I'm not familiar with the code, but I suspect it might be client error, not an application error.

I think it is an application error (the token is in the token store but there is no matching DB record). In general though, the extension doesn't really differentiate between internal errors and user/client errors - MWOAuthException can stand for either. Not great, but per above, shouldn't really matter.

I would not say that the error from https://www.mediawiki.org/wiki/Special:OAuth/identify?oauth_consumer_key=invalid is an application error, it is a tool developer error, but the error message should be given from the user to the tool developer, not that the user says he has problems and the tool developer asked wmf staff to take a look into logstash to find the exception with further information.

Tgr added a comment.Jan 28 2023, 3:27 AM
In T204784#8566340, @Umherirrender wrote:

I would not say that the error from https://www.mediawiki.org/wiki/Special:OAuth/identify?oauth_consumer_key=invalid is an application error, it is a tool developer error

That would produce mwoauthserver-bad-consumer-key not mwoauthdatastore-access-token-not-found, I think. Having an access token means you already passed a grant check at some point.

the error message should be given from the user to the tool developer, not that the user says he has problems and the tool developer asked wmf staff to take a look into logstash to find the exception with further information.

I suppose, but it happens nevertheless.

Anyway, logs are for logging. Trying to log less is a solution in search of a problem.

Tgr added a comment.Jan 28 2023, 5:35 AM

(Log search. These logs indeed go to the OAuth channel. Either this task was reported by mistake, or there was some bug with handling the exception that got fixed since then.)

gerritbot added a comment.Jan 28 2023, 10:56 AM

Change 884374 abandoned by Umherirrender:

[mediawiki/extensions/OAuth@master] Log catched exception as debug on SpecialMWOAuth

Reason:

The warning log level is needed after discussion on the bug

https://gerrit.wikimedia.org/r/884374

Umherirrender added a comment.Jan 28 2023, 11:00 AM

Okay, would say after T244185 / https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/572737 this can be marked as fixed. The log message as shown here should not be longer resulting in alerts/errors.

Umherirrender removed Umherirrender as the assignee of this task.Jan 28 2023, 11:01 AM
Umherirrender removed a project: Patch-For-Review.
Umherirrender subscribed.
Tgr closed this task as Resolved.Jan 29 2023, 8:37 PM
In T204784#8566487, @Umherirrender wrote:

Okay, would say after T244185 / https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/572737 this can be marked as fixed. The log message as shown here should not be longer resulting in alerts/errors.

I don't think that's really related. The logs are sent to the OAuth log channel which doesn't really interfere with production error monitoring (wouldn't even if these events were logged at ERROR level) - Wikimedia-production-error is about the exception and error channels, which is where unhandled errors go. T244185 is about the volume of logging causing problems - that's probably a problem for stuff that gets logged on every OAuth-authenticated requests, but the log events related to this task are relatively infrequent.

I'll close this on the assumption that @Krinkle's report was about these logs ending up in the production error channels, and that doesn't seem to be happening anymore. (I'd guess class renames caused the catch block to not catch these exceptions at some point in the past.)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL