Page MenuHomePhabricator

Issue with OAuth on Commons
Closed, ResolvedPublic

Description

One of my Labs OAuth Consumers ("OAuth Uploader") uses PHP/CURL to talk to the Commons API.

In the browser, this API query works fine:
https://commons.wikimedia.org/w/api.php?action=query&meta=userinfo&format=json

But when I use a POST request with
Array
(

[format] => json
[action] => query
[meta] => userinfo

)

and OAuth header, I get:

<!doctype html><html><head><title>Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>Set $wgShowExceptionDetails = true; in LocalSettings.php to show detailed debugging information.<br />
</p></body></html>

Maybe my Consumer is doing something wrong, but whatever it is, I should get a more helpful error message. Unless I know what's wrong, I can't fix the Consumer, and the tool remains broken.


Version: 1.23.0
Severity: major

Details

Reference
bz62312

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 3:04 AM
bzimport added a project: MediaWiki-API.
bzimport set Reference to bz62312.
Magnus created this task.Mar 6 2014, 10:31 AM
Anomie added a comment.Mar 6 2014, 2:05 PM

An exception shouldn't be making it to the user is the problem.

What seems to be going on here is that Cirrus is causing User to be loaded from the ApiBeforeMain hook. Since that's the sort of thing this hook was created for, what needs to happen is that the caller of that hook needs to be prepared to handle the exception.

FYI, I believe the error you're getting should be a response along the lines of this:

{"error":{"code":"mwoauth-invalid-authorization","info":"The authorization headers in your request are not valid: No approved grant was found for that authorization token."}}

Magnus added a comment.Mar 6 2014, 2:44 PM

Thanks. Any hint as to what is not valid in the header?

Change 117189 had a related patch set uploaded by Anomie:
API: Handle exceptions from ApiBeforeMain hook in a user-friendly manner

https://gerrit.wikimedia.org/r/117189

Anomie added a comment.Mar 6 2014, 2:53 PM

(In reply to Magnus Manske from comment #2)

Thanks. Any hint as to what is not valid in the header?

Is your consumer approved, or are you trying to use it from the same user account you used to register it?

If that's not it, are you correctly calculating the signature for your POST request? Remember that only application/x-www-form-urlencoded posts include the post data in the signature, multipart/form-data doesn't.

Magnus added a comment.Mar 6 2014, 4:51 PM

Actually, I got it to work now ;-) That bug should still be fixed though!

Change 117189 merged by jenkins-bot:
API: Handle exceptions from ApiBeforeMain hook in a user-friendly manner

https://gerrit.wikimedia.org/r/117189

This should be deployed to WMF wikis with 1.23wmf18, see https://www.mediawiki.org/wiki/MediaWiki_1.23/Roadmap for the schedule.