Renoirb has uploaded a new change for review.
https://gerrit.wikimedia.org/r/124134
Change subject: Improving doc. on how OAuth is integrated in MW
......................................................................
Improving doc. on how OAuth is integrated in MW
* Making sure that cURL calls are SSL only if it is configured
* Added more notes on the process
Change-Id: I3732eb25525be800efcc633447dc188427e743ea
---
M examples/testClient.php
1 file changed, 182 insertions(+), 27 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth
refs/changes/34/124134/1
diff --git a/examples/testClient.php b/examples/testClient.php
index 1a66e26..bc944f6 100644
--- a/examples/testClient.php
+++ b/examples/testClient.php
@@ -1,85 +1,240 @@
<?php
+/**
+ * Testing integration with MediaWiki OAuth Extension
+ *
+ * The current extension follows OAuth 1.0a spec and while the
+ * extension works, you have to be aware of a few quirks.
+ *
+ * PLEASE NOTE:
+ *
+ * Remember that OAuth 1.0 expects that you sort GET Request parameter in
+ * some order, then hash it.
+ *
+ * One known caveat is that the `$baseurl` has to be calling to your
+ * MediaWiki's `index.php` with `index.php?title=Special:OAuth` directly.
+ * Otherwise the extension will return an URL that way, and will break the
hash
+ * signature and you will get an error.
+ */
if ( PHP_SAPI !== 'cli' ) {
- die( "CLI-only test script\n" );
+ die( "CLI-only test script\n" );
}
/**
- * A basic client for overall testing
+ * Local to this example
+ *
+ * Whether you want to also see
+ * the objects being sent to the wire.
+ */
+$moreVerbose = true;
+
+/**
+ * Consumer key
+ *
+ * This is the application key you would
+ * get from the application you want to connect
+ * with your MediaWiki installation.
+ */
+$consumerKey = 'YOUR_CONSUMER_KEY_GOES_HERE';
+
+
+/**
+ * Secret
+ *
+ * This is the generated secret key
+ * that you would get when you ask.
+ */
+$consumerSecret = 'YOUR_CONSUMER_KEY_SECRET_GOES_HERE';
+
+/**
+ * Base URL
+ *
+ * Set to your MediaWiki address with "index.php?title=Special:OAuth".
+ *
+ * Ideally, you should have a SSL VirtualHost, but this test would not
+ * fail if you don't have one yet.
+ */
+$baseurl = 'http://localhost/w/index.php?title=Special:OAuth';
+
+/**
+ * Request token (a.k.a. the first step)
+ *
+ * The first step starts at "Special:OAuth/initiate" from the extension.
+ *
+ * Note that the `oauth_callback=oob` means "Out Of Band", and we currently
+ * cannot generate an URL based on headers, but from contents of the Response
+ * body (hence "out of band").
+ *
+ * This is due to the fact that the way the extension is made, it'll return
+ * something in the Response body that will need to create the link and
+ * make the user validate, and get the token.
+ */
+$request_token_url = $baseurl . '/initiate&format=json&oauth_callback=oob';
+
+/**
+ * Validate token (a.k.a. the 2nd step)
+ *
+ * This is the URL you use to send back to the application
+ * when that the connecting application gives you when the
+ * user accepted the request.
+ */
+$validate_token_url = $baseurl . '/token&format=json';
+
+
+
+/**
+ * You should not need to edit anything else beyond this point
*/
function wfDebugLog( $method, $msg) {
- //echo "[$method] $msg\n";
-}
+ global $moreVerbose;
+ if(isset($moreVerbose) && $moreVerbose === true) {
+
+ echo <<<HELPTEXT
+
+*** Debug log ***
+
+{$method}:
+ $msg
+
+***
+
+HELPTEXT;
+
+ }
+
+}
require __DIR__ . '/../lib/OAuth.php';
-$consumerKey = 'dpf43f3p2l4k3l03';
-$consumerSecret = 'kd94hf93k423kf44';
-$baseurl = 'https://localhost/wiki/index.php?title=Special:OAuth';
-$endpoint = $baseurl . '/initiate&format=json&oauth_callback=oob';
+$baseUrlIsSsl = (bool) preg_match('/^https/i', $baseurl);
-$endpoint_acc = $baseurl . '/token&format=json';
+print <<<HELPTEXT
+ Testing OAuth integration with MediaWiki.
+
+HELPTEXT;
+
+/**
+ * First step
+ */
$c = new OAuthConsumer( $consumerKey, $consumerSecret );
-$parsed = parse_url( $endpoint );
+$parsed = parse_url( $request_token_url );
$params = array();
parse_str($parsed['query'], $params);
-$req_req = OAuthRequest::from_consumer_and_token($c, NULL, "GET", $endpoint,
$params);
+$req_req = OAuthRequest::from_consumer_and_token($c, NULL, "GET",
$request_token_url, $params);
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$sig_method = $hmac_method;
$req_req->sign_request($sig_method, $c, NULL);
-echo "Calling: $req_req\n";
+
+print <<<HELPTEXT
+
+
+ First step, asking for an URL to send the user to.
+
+
+HELPTEXT;
+
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, (string) $req_req );
-curl_setopt( $ch, CURLOPT_PORT , 443 );
-curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+if($baseUrlIsSsl) {
+ curl_setopt( $ch, CURLOPT_PORT , 443 );
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+ //curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 2);
+}
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
+curl_setopt( $ch, CURLOPT_VERBOSE, 1 );
$data = curl_exec( $ch );
if( !$data ) {
- 'Curl error: ' . curl_error( $ch );
+ die('cURL error: ' . curl_error( $ch ));
}
-echo "Returned: $data\n\n";
+$token = json_decode( $data, 1 );
+$key = $token['key'];
-$token = json_decode( $data );
-print "Visit
$baseurl/authorize&oauth_token={$token->key}&oauth_consumer_key=$consumerKey\n";
+print <<<HELPTEXT
+
+ Response body should be a JSON object with three keys:
+ - key
+ - secret
+ - oauth_callback_confirmed
+
+ You got: {$data}
+
+
+
+ ************************
+
+ Step two!
+
+ So far, we made one request and we should have what we need to get
+ acknowledgement from the end user.
+
+ In order to continue, we have to ask the user for a permission. With what
+ we just did, it gave us a one-time URL to send our user to.
+
+ The process can continue only if the user accepted it. Once accepted,
+ MediaWiki's OAuth Extension creates an "oauth_verifier" string that
+ you need to give for the next step.
+
+ Now, WITH YOUR WEB BROWSER, follow this link and pass through the validation.
+
+ Link:
{$baseurl}/authorize&oauth_token={$key}&oauth_consumer_key={$consumerKey}
+
+
+HELPTEXT;
// ACCESS TOKEN
-print "Enter the verification code:\n";
+print 'What was the "verification value" your MediaWiki installation
gave?'.PHP_EOL;
$fh = fopen( "php://stdin", "r" );
$line = fgets( $fh );
+
+/**
+ * Second step
+ */
$rc = new OAuthConsumer( $token->key, $token->secret );
-$parsed = parse_url( $endpoint_acc );
+$parsed = parse_url( $validate_token_url );
parse_str($parsed['query'], $params);
$params['oauth_verifier'] = trim($line);
-$acc_req = OAuthRequest::from_consumer_and_token($c, $rc, "GET",
$endpoint_acc, $params);
+$acc_req = OAuthRequest::from_consumer_and_token($c, $rc, "GET",
$validate_token_url, $params);
$acc_req->sign_request($sig_method, $c, $rc);
-echo "Calling: $acc_req\n";
+
+print <<<HELPTEXT
+
+ Going to validate token with another Request to the backend...
+
+HELPTEXT;
+
unset( $ch );
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, (string) $acc_req );
-curl_setopt( $ch, CURLOPT_PORT , 443 );
-curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+if($baseUrlIsSsl) {
+ curl_setopt( $ch, CURLOPT_PORT , 443 );
+ curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
+}
curl_setopt( $ch, CURLOPT_HEADER, 0 );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
+curl_setopt( $ch, CURLOPT_VERBOSE, 1 );
$data = curl_exec( $ch );
if( !$data ) {
- 'Curl error: ' . curl_error( $ch );
+ 'Curl error: ' . curl_error( $ch );
}
-echo "Returned: $data\n\n";
+print <<<HELPTEXT
+ If all worked well, you should have a JSON object with two keys: key,
secret.
+ You got:
-
+HELPTEXT;
+var_dump($data);
\ No newline at end of file
--
To view, visit https://gerrit.wikimedia.org/r/124134
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3732eb25525be800efcc633447dc188427e743ea
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Renoirb <ren...@w3.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
