[MediaWiki-commits] [Gerrit] ForeignApi: Allow posting for anonymous users - change (mediawiki...MobileFrontend)
jenkins-bot has submitted this change and it was merged.
Change subject: ForeignApi: Allow posting for anonymous users
..
ForeignApi: Allow posting for anonymous users
When a user is logged out, get a CSRF token from the remote wiki and
make a POST request using it.
Bug: T95960
Change-Id: Ic5afa3a78c91fd374278aa28296e5560db29f85a
---
M resources/mobile.foreignApi/ForeignApi.js
A tests/qunit/modules/test_ForeignApi.js
2 files changed, 76 insertions(+), 10 deletions(-)
Approvals:
Phuedx: Looks good to me, approved
jenkins-bot: Verified
diff --git a/resources/mobile.foreignApi/ForeignApi.js
b/resources/mobile.foreignApi/ForeignApi.js
index 62a7680..2e762b3 100644
--- a/resources/mobile.foreignApi/ForeignApi.js
+++ b/resources/mobile.foreignApi/ForeignApi.js
@@ -46,6 +46,7 @@
},
/**
* Post to API with support for central auth tokens
+* If the user is anonymous, then post using the csrftoken
received from the remote wiki.
* @param {String} tokenType Ignored. `'csrf'` is always used
* @param {Object} data Data to be preprocessed and added to
options
* @param {Object} options Parameters passed to $.ajax()
@@ -56,27 +57,51 @@
d = $.Deferred();
options = options || {};
+ options.xhrFields = {
+ withCredentials: true
+ };
+ // In case it is a file upload we need to append origin
to query string.
+ options.url = self.apiUrl + '?origin=' +
self.getOrigin();
+
+ data.origin = self.getOrigin();
+
// first let's sort out the token
self.getCentralAuthToken().done( function (
centralAuthTokenOne ) {
self.getToken( tokenType, centralAuthTokenOne
).done( function ( token ) {
self.getCentralAuthToken().done(
function ( centralAuthTokenTwo ) {
- data.format = 'json';
data.centralauthtoken =
centralAuthTokenTwo;
data.token = token;
- data.origin = self.getOrigin();
-
- options.xhrFields = {
- withCredentials: true
- };
- // In case it is a file upload
we need to append origin to query string.
- options.url = self.apiUrl +
'?origin=' + self.getOrigin();
-
Api.prototype.post.call( self,
data, options ).done( function ( resp ) {
d.resolve( resp );
} ).fail( $.proxy( d, 'reject'
) );
} ).fail( $.proxy( d, 'reject' ) );
} ).fail( $.proxy( d, 'reject' ) );
- } ).fail( $.proxy( d, 'reject' ) );
+ } ).fail( function ( code ) {
+ if ( code !== 'notloggedin' ) {
+ d.reject();
+ return;
+ }
+ // So the user is not logged in locally.
+ // Get the remote CSRF token
+ Api.prototype.ajax.call(
+ self, {
+ action: 'query',
+ meta: 'tokens',
+ type: 'csrf'
+ }, {
+ url: options.url
+ }
+ ).done( function ( resp ) {
+ if ( resp.query && resp.query.tokens &&
resp.query.tokens.csrftoken ) {
+ data.token =
resp.query.tokens.csrftoken;
+ Api.prototype.post.call( self,
data, options ).done( function ( resp ) {
+ d.resolve( resp );
+ } ).fail( $.proxy( d, 'reject'
) );
+ } else {
+ d.reject();
+ }
+ } ).fail( $.proxy( d, 'reject' )
[MediaWiki-commits] [Gerrit] ForeignApi: Allow posting for anonymous users - change (mediawiki...MobileFrontend)
Bmansurov has uploaded a new change for review.
https://gerrit.wikimedia.org/r/211884
Change subject: ForeignApi: Allow posting for anonymous users
..
ForeignApi: Allow posting for anonymous users
When a user is logged out use the anonymous token (+\) to make
a CORS POST request.
Bug: T95960
Change-Id: Ic5afa3a78c91fd374278aa28296e5560db29f85a
---
M javascripts/modules/ForeignApi.js
1 file changed, 24 insertions(+), 16 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend
refs/changes/84/211884/1
diff --git a/javascripts/modules/ForeignApi.js
b/javascripts/modules/ForeignApi.js
index 62a7680..969cea8 100644
--- a/javascripts/modules/ForeignApi.js
+++ b/javascripts/modules/ForeignApi.js
@@ -46,6 +46,7 @@
},
/**
* Post to API with support for central auth tokens
+* If the user is anonymous, then post using the anon token.
* @param {String} tokenType Ignored. `'csrf'` is always used
* @param {Object} data Data to be preprocessed and added to
options
* @param {Object} options Parameters passed to $.ajax()
@@ -56,27 +57,34 @@
d = $.Deferred();
options = options || {};
- // first let's sort out the token
- self.getCentralAuthToken().done( function (
centralAuthTokenOne ) {
- self.getToken( tokenType, centralAuthTokenOne
).done( function ( token ) {
- self.getCentralAuthToken().done(
function ( centralAuthTokenTwo ) {
- data.format = 'json';
- data.centralauthtoken =
centralAuthTokenTwo;
- data.token = token;
- data.origin = self.getOrigin();
+ options.xhrFields = {
+ withCredentials: true
+ };
+ // In case it is a file upload we need to append origin
to query string.
+ options.url = self.apiUrl + '?origin=' +
self.getOrigin();
- options.xhrFields = {
- withCredentials: true
- };
- // In case it is a file upload
we need to append origin to query string.
- options.url = self.apiUrl +
'?origin=' + self.getOrigin();
+ data.format = 'json';
+ data.origin = self.getOrigin();
- Api.prototype.post.call( self,
data, options ).done( function ( resp ) {
- d.resolve( resp );
+ if ( mw.user.isAnon() ) {
+ data.token = mw.user.tokens.values.editToken;
+ Api.prototype.post.call( self, data, options
).done( function ( resp ) {
+ d.resolve( resp );
+ } ).fail( $.proxy( d, 'reject' ) );
+ } else {
+ // first let's sort out the token
+ self.getCentralAuthToken().done( function (
centralAuthTokenOne ) {
+ self.getToken( tokenType,
centralAuthTokenOne ).done( function ( token ) {
+
self.getCentralAuthToken().done( function ( centralAuthTokenTwo ) {
+ data.centralauthtoken =
centralAuthTokenTwo;
+ data.token = token;
+
Api.prototype.post.call( self, data, options ).done( function ( resp ) {
+ d.resolve( resp
);
+ } ).fail( $.proxy( d,
'reject' ) );
} ).fail( $.proxy( d, 'reject'
) );
} ).fail( $.proxy( d, 'reject' ) );
} ).fail( $.proxy( d, 'reject' ) );
- } ).fail( $.proxy( d, 'reject' ) );
+ }
return d;
},
/** @inheritdoc */
--
To view, visit https://gerrit.wikimedia.org/r/211884
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic5afa3a78c91fd374278aa28296e5560db29f85a
Gerrit-Patc
