[MediaWiki-commits] [Gerrit] Keep session data accross requests (even client ignores cook... - change (mediawiki...OAuth)

Aaron Schulz (Code Review) Fri, 16 Aug 2013 11:05:31 -0700

Aaron Schulz has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/79351



Change subject: Keep session data accross requests (even client ignores cookies)
......................................................................

Keep session data accross requests (even client ignores cookies)

Change-Id: Ie861487ad6768c7f702d107a9f325a2f6635edab
---
M api/MWOAuthAPI.setup.php
1 file changed, 13 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/51/79351/1

diff --git a/api/MWOAuthAPI.setup.php b/api/MWOAuthAPI.setup.php
index 1e57e9a..e661eb8 100644
--- a/api/MWOAuthAPI.setup.php
+++ b/api/MWOAuthAPI.setup.php
@@ -81,6 +81,8 @@
         * @return boolean
         */
        public static function onUserLoadFromSession( User $user, &$result ) {
+               global $wgMemc;
+
                $user->oAuthSessionData = array();
                try {
                        $accesstoken = self::getOAuthAccessToken();
@@ -107,8 +109,17 @@
                                        'accesstoken' => $accesstoken,
                                        'rights' => 
MWOAuthUtils::getGrantRights( $access->get( 'grants' ) ),
                                );
-                               // Setup a session for this OAuth user, so edit 
tokens work
-                               wfSetupSession();
+                               // Setup a session for this OAuth user, so edit 
tokens work.
+                               // Preserve the session ID used so clients can 
ignore cookies.
+                               $key = wfMemcKey( 'oauthsessionid', 
$access->get( 'id' ) );
+                               $sessionId = $wgMemc->get( $key ) ?: 
MWCryptRand::generateHex( 32, true );
+                               $wgMemc->set( $key, $sessionId, 3600 ); // 
create/renew
+                               wfSetupSession( $sessionId ); // create/reuse 
this "anonymous" session
+                               Hooks::register( 'AfterFinalPageOutput', 
function( $out ) {
+                                       // Just in case, make sure this is not 
a valid login session for sanity
+                                       
RequestContext::getMain()->getRequest()->setSessionData( 'wsUserName', null );
+                               } );
+
                                $result = true;
                        }
                } catch( ErrorPageError $ex ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/79351
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie861487ad6768c7f702d107a9f325a2f6635edab
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <asch...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Keep session data accross requests (even client ignores cook... - change (mediawiki...OAuth)

Reply via email to