Page MenuHomePhabricator
Create Task
Maniphest T346055

FRUP: Add Applepay verification code to donate wiki
Closed, ResolvedPublicSecurity
Actions

Description

For the FRUP integration, we need to add this file to https://donate.wikipedia.org/.well-known/apple-developer-merchantid-domain-association

apple-developer-merchantid-domain-association8 KBDownload

Details

Risk Rating
Low
Author Affiliation
WMF Advancement
SubjectRepoBranchLines +/-
donate: Move into dedicated docrootoperations/puppetproduction+1 -1
Add /.well-known/apple-developer-merchantid-domain-associationoperations/mediawiki-configmaster+6 -0
Customize query in gerrit

Event Timeline

Damilare created this task.Sep 11 2023, 3:44 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 11 2023, 3:44 PM
RhinosF1 edited projects, added serviceops; removed Fundraising-Backlog.Sep 11 2023, 3:47 PM
RhinosF1 subscribed.

Per #-sre, serviceops own the config to power this

Damilare added a project: acl*WMF-FR.Sep 11 2023, 3:47 PM
RhinosF1 set Security to Software security bug.Sep 11 2023, 3:48 PM
RhinosF1 added projects: Security, Security-Team.
RhinosF1 changed the visibility from "Public (No Login Required)" to "Custom Policy".
RhinosF1 changed the subtype of this task from "Task" to "Security Issue".

Per the few failed attempts

RhinosF1 removed a project: acl*WMF-FR.Sep 11 2023, 3:48 PM
RhinosF1 removed a subscriber: acl*WMF-FR.
RhinosF1 removed a subscriber: fundraising-tech-ops.Sep 11 2023, 3:50 PM
RhinosF1 added a subscriber: sbassett.Sep 11 2023, 3:55 PM

@sbassett: can you make public?

I've discussed with @Damilare on IRC and there was no reason for this ever to be private. I've also explained how weirdly phab handles permissions.

Damilare added a comment.Sep 11 2023, 4:03 PM

Thanks @RhinosF1 and apologies for the escalation everyone. Like I mentioned in our chat, I wanted to keep the file private till I had confirmation about what the right visibility should be. A case of erring on the side of caution I guess.

Aklapper added a comment.Sep 11 2023, 4:17 PM

Damilare added a project: acl*WMF-FR.

Please see https://www.mediawiki.org/wiki/Phabricator/Help#Restricting_access_to_tasks - thanks!

sbassett triaged this task as Low priority.Sep 11 2023, 4:18 PM
sbassett changed Author Affiliation from N/A to WMF Advancement.
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed Risk Rating from N/A to Low.
sbassett edited projects, added SecTeam-Processed; removed Security-Team, Security.
sbassett added a comment.Sep 11 2023, 4:23 PM
In T346055#9157172, @Damilare wrote:

A case of erring on the side of caution I guess.

The Security-Team is always fine with this approach :)

AKanji-WMF added a project: Fundraising-Backlog.Sep 11 2023, 8:35 PM
greg raised the priority of this task from Low to Needs Triage.Sep 13 2023, 4:43 PM
greg subscribed.

(resetting prio, looks like a mistake given security is done with this right now)

sbassett added a comment.Sep 13 2023, 4:48 PM
In T346055#9164475, @greg wrote:

(resetting prio, looks like a mistake given security is done with this right now)

Whoops, yes, sorry!

gerritbot added a comment.Sep 14 2023, 2:48 PM

Change 957744 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/mediawiki-config@master] Add /.well-known/apple-developer-merchantid-domain-association

https://gerrit.wikimedia.org/r/957744

gerritbot added a project: Patch-For-Review.Sep 14 2023, 2:48 PM
gerritbot added a comment.Sep 14 2023, 3:06 PM

Change 957750 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/puppet@production] donate: Move into dedicated docroot

https://gerrit.wikimedia.org/r/957750

greg added a subscriber: akosiaris.Sep 14 2023, 4:08 PM

Thanks @akosiaris !

Damilare added a comment.Sep 14 2023, 5:44 PM

Thanks @akosiaris, please let me know if there's anything I can do to help with this also.

gerritbot added a comment.Sep 15 2023, 12:50 PM

Change 957744 merged by jenkins-bot:

[operations/mediawiki-config@master] Add /.well-known/apple-developer-merchantid-domain-association

https://gerrit.wikimedia.org/r/957744

gerritbot added a comment.Sep 15 2023, 1:11 PM

Change 957750 merged by Alexandros Kosiaris:

[operations/puppet@production] donate: Move into dedicated docroot

https://gerrit.wikimedia.org/r/957750

akosiaris closed this task as Resolved.Sep 15 2023, 1:21 PM
akosiaris claimed this task.

https://donate.wikipedia.org/.well-known/apple-developer-merchantid-domain-association now, in my checks, returns the contents of the file in this task. It might take a bit more (up to 30 minutes) to propagate everywhere. I am resolving this task, feel free to reopen to report issues.

Maintenance_bot removed a project: Patch-For-Review.Sep 15 2023, 1:30 PM
Damilare added a comment.Sep 15 2023, 2:47 PM

Thanks @akosiaris, I can also confirm that the content of the file is now being displayed in that directory.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL