OAuth error not rendered properly
Closed, ResolvedPublicBUG REPORT
Actions

Assigned To

Authored By

	Ammarpad
	Dec 14 2019, 11:19 PM

Description

Rendered unparsed.

OAuth token already used, <a class="external" href="https://www.mediawiki.org/wiki/Help:OAuth/Errors#E009">E009</a>

Screen Shot 2019-12-15 at 12.05.21 AM.png (588×882 px, 118 KB)

Steps to reproduce

Open https://discourse-mediawiki.wmflabs.org/ (Wikimedia Developer Support Forum)
Click on "Log in" button. ( If you've never visited there, click "Sign up" button instead)
- Anything you do in step two will take you to https://meta.wikimedia.org/ for authorization.
Click "allow" button on the dialog that appears
If the authorization succeed you'll be taken back to https://discourse-mediawiki.wmflabs.org/ as a logged-in user.
Now click "back" button on your browser.
- This will return us back to the OAuth authorization dialog.
- And also attempt to reuse the request token we have already utilized (by logging in step 3).
Click "allow" button on the dialog we return to.
Observe the malformed error message as shown above.
Write code and fix it.... to render properly??

Details

	Subject	Repo	Branch	Lines +/-
	HTMLForm: Allow status object to have raw parameters	mediawiki/core	master	+21 -4
	extensions/OAuth: Fix the render of E009 and E004 error links	mediawiki/extensions/OAuth	master	+2 -10

Customize query in gerrit

Related Objects

Mentioned Here: T179030: OAuthClient should check for error before validating JWT

Event Timeline

Ammarpad created this task.Dec 14 2019, 11:19 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 14 2019, 11:19 PM

Ammarpad added a project: MediaWiki-extensions-OAuth.Dec 14 2019, 11:20 PM

Ammarpad changed the subtype of this task from "Task" to "Bug Report".

Ammarpad added a project: Google-Code-in-2019.Jan 4 2020, 9:29 AM

Ammarpad updated the task description. (Show Details)Jan 4 2020, 10:35 AM

https://codein.withgoogle.com/dashboard/tasks/6490743586160640/

Ammarpad merged a task: T225971: Mwoauthdatastore-request-token-already-used shows html tags instead .Jan 4 2020, 2:00 PM

Ammarpad added subscribers: Kizule, Tgr.

Hello! I've claimed your task on GCI, but I got a problem with registering a new OAuth consumer for testing in meta.wikimedia.org. I just don't have required permissions (my account is not confirmed).
I've read that Bureaucrats can manually confirm a user account. Can you do this for me, please?

Hi @Crutishnyk, Ammarpad is not a bureaucrat, but you can add an request to https://meta.wikimedia.org/wiki/Meta:Requests_for_help_from_a_sysop_or_bureaucrat. You will also get automatically confirmed status when you have 5 edits on meta.

Added a request for you: https://meta.wikimedia.org/w/index.php?title=Meta:Requests_for_help_from_a_sysop_or_bureaucrat&diff=19684503&oldid=19684294.

Thanks Urbanecm and Majavah for your quick feedback!

Maybe we should give mwoauthproposeconsumer to new users on beta metawiki?

I'm autoconfirmed now and published an approval request for my OAuth app at https://meta.wikimedia.org/wiki/Steward_requests/Miscellaneous#OAuth_approval_request_for_Test_OAuth_app_for_GCI_task . Can someone approve it?

You can use the app without approval, as long as you are using it with the same user that made the request. We don't usually approve test apps for that reason.

Ok @Tgr. But I'm getting an error when trying to log in:

[126d6183699af53627223395] 2020-01-07 16:33:37: Fatal exception of type "MediaWiki\OAuthClient\Exception"

Maybe this is a bug, what do you think?

I installed these extensions:

OAuth
OAuthAuthentication
ImportUsers
MediaWikiAuth

Hi @Crutishnyk, did you follow the instructions at https://www.mediawiki.org/wiki/Extension:OAuth#Installation? (especially the composer install --no-dev part)

In T240774#5782646, @Majavah wrote:

Hi @Crutishnyk, did you follow the instructions at https://www.mediawiki.org/wiki/Extension:OAuth#Installation? (especially the composer install --no-dev part)

Yeah...

Hard to tell without seeing that exception. If you have installed MediaWiki manually, you might want to set up something like Manual:MonologSpi.php#Minimal_example.

Great, just making sure as most of the extensions require that. Could you try with $wgShowExceptionDetails = true; in LocalSettings if you get a more specific error?

Oh yes, here are more detailed information:

[26e2baf2659989fa590ccd45] /index.php/Special:OAuthLogin/finish?oauth_verifier=21971f87123579a7dc862a1865265926&oauth_token=d2266cf5cdf906afb2509e54de4cd65e MediaWiki\OAuthClient\Exception from line 206 of C:\xampp\htdocs\mediawiki.loc\extensions\OAuth\vendor\mediawiki\oauthclient\src\Client.php: JWT didn't validate

Backtrace:

#0 C:\xampp\htdocs\mediawiki.loc\extensions\OAuthAuthentication\handlers\OAuth1Handler.php(47): MediaWiki\OAuthClient\Client->identify(MediaWiki\OAuthClient\Token)
#1 C:\xampp\htdocs\mediawiki.loc\extensions\OAuthAuthentication\specials\SpecialOAuthLogin.php(67): MediaWiki\Extensions\OAuthAuthentication\OAuth1Handler->identify(MediaWiki\OAuthClient\Token, MediaWiki\OAuthClient\Client)
#2 C:\xampp\htdocs\mediawiki.loc\includes\specialpage\SpecialPage.php(575): MediaWiki\Extensions\OAuthAuthentication\SpecialOAuthLogin->execute(string)
#3 C:\xampp\htdocs\mediawiki.loc\includes\specialpage\SpecialPageFactory.php(611): SpecialPage->run(string)
#4 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#5 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(900): MediaWiki->performRequest()
#6 C:\xampp\htdocs\mediawiki.loc\includes\MediaWiki.php(527): MediaWiki->main()
#7 C:\xampp\htdocs\mediawiki.loc\index.php(44): MediaWiki->run()
#8 {main}

JWT errors usually mean you computer's clock is off.

In T240774#5782734, @Tgr wrote:

JWT errors usually mean you computer's clock is off.

What do you mean? My computer's time is correct: 7:22 PM, 7 January, 2020 (I'm living in GMT+2)

Alternatively, an upstream error (which are sometimes grossly mishandled in OAuthClient, see T179030: OAuthClient should check for error before validating JWT).

I thought we had a task about making OAuthClient more user-friendly about handling JWT error, but I can't find it right now.

Thank you for your feedback! Finally, I managed to run OAuth. It wasn't necessary to create a new OAuth consumer on meta.wikimedia.org, I just created another local MediaWiki site and configured everything. I'm not really sure about my solution, but it's working ¯\_(ツ)_/¯
Uploading my fix to Gerrit...

Change 562861 had a related patch set uploaded (by Crutishnyk; owner: Crutishnyk):
[mediawiki/extensions/OAuth@master] extensions/OAuth: Fix the render of E009 error link

https://gerrit.wikimedia.org/r/562861

gerritbot added a project: Patch-For-Review.Jan 8 2020, 4:05 PM

Change 571072 had a related patch set uploaded (by Florianschmidtwelzow; owner: Florianschmidtwelzow):
[mediawiki/core@master] HTMLForm: Allow status object to have raw parameters

https://gerrit.wikimedia.org/r/571072

Change 562861 abandoned by Anomie:
extensions/OAuth: Fix the render of E009 and E004 error links

Reason:
In favor of I152ec51f317799572bf6791e110cd72c42da82a0

https://gerrit.wikimedia.org/r/562861

Change 571072 merged by jenkins-bot:
[mediawiki/core@master] HTMLForm: Allow status object to have raw parameters

https://gerrit.wikimedia.org/r/571072

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.19; 2020-02-11).Feb 10 2020, 4:01 PM

Maintenance_bot removed a project: Patch-For-Review.Feb 10 2020, 4:10 PM

Florian closed this task as Resolved.Feb 10 2020, 9:28 PM