[MediaWiki-commits] [Gerrit] ForeignApi: Allow posting for anonymous users - change (mediawiki...MobileFrontend)
jenkins-bot has submitted this change and it was merged. Change subject: ForeignApi: Allow posting for anonymous users .. ForeignApi: Allow posting for anonymous users When a user is logged out, get a CSRF token from the remote wiki and make a POST request using it. Bug: T95960 Change-Id: Ic5afa3a78c91fd374278aa28296e5560db29f85a --- M resources/mobile.foreignApi/ForeignApi.js A tests/qunit/modules/test_ForeignApi.js 2 files changed, 76 insertions(+), 10 deletions(-) Approvals: Phuedx: Looks good to me, approved jenkins-bot: Verified diff --git a/resources/mobile.foreignApi/ForeignApi.js b/resources/mobile.foreignApi/ForeignApi.js index 62a7680..2e762b3 100644 --- a/resources/mobile.foreignApi/ForeignApi.js +++ b/resources/mobile.foreignApi/ForeignApi.js @@ -46,6 +46,7 @@ }, /** * Post to API with support for central auth tokens +* If the user is anonymous, then post using the csrftoken received from the remote wiki. * @param {String} tokenType Ignored. `'csrf'` is always used * @param {Object} data Data to be preprocessed and added to options * @param {Object} options Parameters passed to $.ajax() @@ -56,27 +57,51 @@ d = $.Deferred(); options = options || {}; + options.xhrFields = { + withCredentials: true + }; + // In case it is a file upload we need to append origin to query string. + options.url = self.apiUrl + '?origin=' + self.getOrigin(); + + data.origin = self.getOrigin(); + // first let's sort out the token self.getCentralAuthToken().done( function ( centralAuthTokenOne ) { self.getToken( tokenType, centralAuthTokenOne ).done( function ( token ) { self.getCentralAuthToken().done( function ( centralAuthTokenTwo ) { - data.format = 'json'; data.centralauthtoken = centralAuthTokenTwo; data.token = token; - data.origin = self.getOrigin(); - - options.xhrFields = { - withCredentials: true - }; - // In case it is a file upload we need to append origin to query string. - options.url = self.apiUrl + '?origin=' + self.getOrigin(); - Api.prototype.post.call( self, data, options ).done( function ( resp ) { d.resolve( resp ); } ).fail( $.proxy( d, 'reject' ) ); } ).fail( $.proxy( d, 'reject' ) ); } ).fail( $.proxy( d, 'reject' ) ); - } ).fail( $.proxy( d, 'reject' ) ); + } ).fail( function ( code ) { + if ( code !== 'notloggedin' ) { + d.reject(); + return; + } + // So the user is not logged in locally. + // Get the remote CSRF token + Api.prototype.ajax.call( + self, { + action: 'query', + meta: 'tokens', + type: 'csrf' + }, { + url: options.url + } + ).done( function ( resp ) { + if ( resp.query && resp.query.tokens && resp.query.tokens.csrftoken ) { + data.token = resp.query.tokens.csrftoken; + Api.prototype.post.call( self, data, options ).done( function ( resp ) { + d.resolve( resp ); + } ).fail( $.proxy( d, 'reject' ) ); + } else { + d.reject(); + } + } ).fail( $.proxy( d, 'reject' )
[MediaWiki-commits] [Gerrit] ForeignApi: Allow posting for anonymous users - change (mediawiki...MobileFrontend)
Bmansurov has uploaded a new change for review. https://gerrit.wikimedia.org/r/211884 Change subject: ForeignApi: Allow posting for anonymous users .. ForeignApi: Allow posting for anonymous users When a user is logged out use the anonymous token (+\) to make a CORS POST request. Bug: T95960 Change-Id: Ic5afa3a78c91fd374278aa28296e5560db29f85a --- M javascripts/modules/ForeignApi.js 1 file changed, 24 insertions(+), 16 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend refs/changes/84/211884/1 diff --git a/javascripts/modules/ForeignApi.js b/javascripts/modules/ForeignApi.js index 62a7680..969cea8 100644 --- a/javascripts/modules/ForeignApi.js +++ b/javascripts/modules/ForeignApi.js @@ -46,6 +46,7 @@ }, /** * Post to API with support for central auth tokens +* If the user is anonymous, then post using the anon token. * @param {String} tokenType Ignored. `'csrf'` is always used * @param {Object} data Data to be preprocessed and added to options * @param {Object} options Parameters passed to $.ajax() @@ -56,27 +57,34 @@ d = $.Deferred(); options = options || {}; - // first let's sort out the token - self.getCentralAuthToken().done( function ( centralAuthTokenOne ) { - self.getToken( tokenType, centralAuthTokenOne ).done( function ( token ) { - self.getCentralAuthToken().done( function ( centralAuthTokenTwo ) { - data.format = 'json'; - data.centralauthtoken = centralAuthTokenTwo; - data.token = token; - data.origin = self.getOrigin(); + options.xhrFields = { + withCredentials: true + }; + // In case it is a file upload we need to append origin to query string. + options.url = self.apiUrl + '?origin=' + self.getOrigin(); - options.xhrFields = { - withCredentials: true - }; - // In case it is a file upload we need to append origin to query string. - options.url = self.apiUrl + '?origin=' + self.getOrigin(); + data.format = 'json'; + data.origin = self.getOrigin(); - Api.prototype.post.call( self, data, options ).done( function ( resp ) { - d.resolve( resp ); + if ( mw.user.isAnon() ) { + data.token = mw.user.tokens.values.editToken; + Api.prototype.post.call( self, data, options ).done( function ( resp ) { + d.resolve( resp ); + } ).fail( $.proxy( d, 'reject' ) ); + } else { + // first let's sort out the token + self.getCentralAuthToken().done( function ( centralAuthTokenOne ) { + self.getToken( tokenType, centralAuthTokenOne ).done( function ( token ) { + self.getCentralAuthToken().done( function ( centralAuthTokenTwo ) { + data.centralauthtoken = centralAuthTokenTwo; + data.token = token; + Api.prototype.post.call( self, data, options ).done( function ( resp ) { + d.resolve( resp ); + } ).fail( $.proxy( d, 'reject' ) ); } ).fail( $.proxy( d, 'reject' ) ); } ).fail( $.proxy( d, 'reject' ) ); } ).fail( $.proxy( d, 'reject' ) ); - } ).fail( $.proxy( d, 'reject' ) ); + } return d; }, /** @inheritdoc */ -- To view, visit https://gerrit.wikimedia.org/r/211884 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic5afa3a78c91fd374278aa28296e5560db29f85a Gerrit-Patc