Page MenuHomePhabricator

OAuth error not rendered properly
Closed, ResolvedPublicBUG REPORT

Description

Rendered unparsed.

OAuth token already used, <a class="external" href="https://www.mediawiki.org/wiki/Help:OAuth/Errors#E009">E009</a>

Steps to reproduce
  1. Open https://discourse-mediawiki.wmflabs.org/ (Wikimedia Developer Support Forum)
  2. Click on "Log in" button. ( If you've never visited there, click "Sign up" button instead)
  3. Click "allow" button on the dialog that appears
  4. If the authorization succeed you'll be taken back to https://discourse-mediawiki.wmflabs.org/ as a logged-in user.
  5. Now click "back" button on your browser.
    • This will return us back to the OAuth authorization dialog.
    • And also attempt to reuse the request token we have already utilized (by logging in step 3).
  6. Click "allow" button on the dialog we return to.
  7. Observe the malformed error message as shown above.
  8. Write code and fix it.... to render properly??

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 14 2019, 11:19 PM
Ammarpad changed the subtype of this task from "Task" to "Bug Report".
Ammarpad updated the task description. (Show Details)Jan 4 2020, 10:35 AM
Ammarpad renamed this task from OAuth errors not rendered properly to OAuth error not rendered properly.Jan 4 2020, 10:38 AM
Ammarpad updated the task description. (Show Details)
Ammarpad moved this task from Proposed tasks to Imported in GCI Site on the Google-Code-in-2019 board.

Hello! I've claimed your task on GCI, but I got a problem with registering a new OAuth consumer for testing in meta.wikimedia.org. I just don't have required permissions (my account is not confirmed).
I've read that Bureaucrats can manually confirm a user account. Can you do this for me, please?

Majavah added a subscriber: Majavah.

Hi @Crutishnyk, Ammarpad is not a bureaucrat, but you can add an request to https://meta.wikimedia.org/wiki/Meta:Requests_for_help_from_a_sysop_or_bureaucrat. You will also get automatically confirmed status when you have 5 edits on meta.

Thanks Urbanecm and Majavah for your quick feedback!

Tgr added a comment.Jan 6 2020, 7:40 PM

Maybe we should give mwoauthproposeconsumer to new users on beta metawiki?

I'm autoconfirmed now and published an approval request for my OAuth app at https://meta.wikimedia.org/wiki/Steward_requests/Miscellaneous#OAuth_approval_request_for_Test_OAuth_app_for_GCI_task . Can someone approve it?

Tgr added a comment.Jan 7 2020, 4:31 PM

You can use the app without approval, as long as you are using it with the same user that made the request. We don't usually approve test apps for that reason.

Ok @Tgr. But I'm getting an error when trying to log in:

[126d6183699af53627223395] 2020-01-07 16:33:37: Fatal exception of type "MediaWiki\OAuthClient\Exception"

Maybe this is a bug, what do you think?

I installed these extensions:

  • OAuth
  • OAuthAuthentication
  • ImportUsers
  • MediaWikiAuth

Hi @Crutishnyk, did you follow the instructions at https://www.mediawiki.org/wiki/Extension:OAuth#Installation? (especially the composer install --no-dev part)

Hi @Crutishnyk, did you follow the instructions at https://www.mediawiki.org/wiki/Extension:OAuth#Installation? (especially the composer install --no-dev part)

Yeah...

Tgr added a comment.Jan 7 2020, 5:00 PM

Hard to tell without seeing that exception. If you have installed MediaWiki manually, you might want to set up something like Manual:MonologSpi.php#Minimal_example.

Great, just making sure as most of the extensions require that. Could you try with $wgShowExceptionDetails = true; in LocalSettings if you get a more specific error?

Oh yes, here are more detailed information:

[26e2baf2659989fa590ccd45] /index.php/Special:OAuthLogin/finish?oauth_verifier=21971f87123579a7dc862a1865265926&oauth_token=d2266cf5cdf906afb2509e54de4cd65e MediaWiki\OAuthClient\Exception from line 206 of C:\xampp\htdocs\mediawiki.loc\extensions\OAuth\vendor\mediawiki\oauthclient\src\Client.php: JWT didn't validate

Backtrace:

#0 C:\xampp\htdocs\mediawiki.loc\extensions\OAuthAuthentication\handlers\OAuth1Handler.php(47): MediaWiki\OAuthClient\Client->identify(MediaWiki\OAuthClient\Token)
#1 C:\xampp\htdocs\mediawiki.loc\extensions\OAuthAuthentication\specials\SpecialOAuthLogin.php(67): MediaWiki\Extensions\OAuthAuthentication\OAuth1Handler->identify(MediaWiki\OAuthClient\Token, MediaWiki\OAuthClient\Client)
#2 C:\xampp\htdocs\mediawiki.loc\includes\specialpage\SpecialPage.php(575): MediaWiki\Extensions\OAuthAuthentication\SpecialOAuthLogin->execute(string)
#3 C:\xampp\htdocs\mediawiki.loc\includes\specialpage\SpecialPageFactory.php(611): SpecialPage->run(string)
#4 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#5 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(900): MediaWiki->performRequest()
#6 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(527): MediaWiki->main()
#7 C:\xampp\htdocs\mediawiki.loc\index.php(44): MediaWiki->run()
#8 {main}

Tgr added a comment.Jan 7 2020, 5:19 PM

JWT errors usually mean you computer's clock is off.

JWT errors usually mean you computer's clock is off.

What do you mean? My computer's time is correct: 7:22 PM, 7 January, 2020 (I'm living in GMT+2)

Tgr added a comment.Jan 7 2020, 5:23 PM

Alternatively, an upstream error (which are sometimes grossly mishandled in OAuthClient, see T179030: OAuthClient should check for error before validating JWT).

I thought we had a task about making OAuthClient more user-friendly about handling JWT error, but I can't find it right now.

Thank you for your feedback! Finally, I managed to run OAuth. It wasn't necessary to create a new OAuth consumer on meta.wikimedia.org, I just created another local MediaWiki site and configured everything. I'm not really sure about my solution, but it's working ¯\_(ツ)_/¯
Uploading my fix to Gerrit...

Change 562861 had a related patch set uploaded (by Crutishnyk; owner: Crutishnyk):
[mediawiki/extensions/OAuth@master] extensions/OAuth: Fix the render of E009 error link

https://gerrit.wikimedia.org/r/562861

Change 571072 had a related patch set uploaded (by Florianschmidtwelzow; owner: Florianschmidtwelzow):
[mediawiki/core@master] HTMLForm: Allow status object to have raw parameters

https://gerrit.wikimedia.org/r/571072

Change 562861 abandoned by Anomie:
extensions/OAuth: Fix the render of E009 and E004 error links

Reason:
In favor of I152ec51f317799572bf6791e110cd72c42da82a0

https://gerrit.wikimedia.org/r/562861

Change 571072 merged by jenkins-bot:
[mediawiki/core@master] HTMLForm: Allow status object to have raw parameters

https://gerrit.wikimedia.org/r/571072

Florian closed this task as Resolved.Feb 10 2020, 9:28 PM