Page MenuHomePhabricator

Attempting to approve some OAuth consumers results in error
Closed, ResolvedPublic


Several OAuth admins report not being able to approve either of my latest proposed consumers:

The error message they get is:
"Someone changed the attributes of this consumer as you viewed it. Please try again. You may want to check the change log."

Version: unspecified
Severity: critical



Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 3:58 AM
bzimport set Reference to bz72634.
Ragesoss created this task.Oct 28 2014, 5:44 PM

Uhg, fatality of the updates to user tokens.

MWOAuthDAO::getChangeToken() relies on recalculating a hash that uses User::getEditToken().

The csrf token should be checked already, so for collision detection, we probably should just use the user id instead of their edit token.

gerritadmin wrote:

Change 169593 had a related patch set uploaded by CSteipp:
Remove edit token from conflict detection

gerritadmin wrote:

Change 169593 merged by jenkins-bot:
Remove edit token from conflict detection

Now that the fix is merged and deployed, can someone approve my apps to see if it worked? :)