I have an OAuth consumer named "OAuth Uploader":
https://www.mediawiki.org/wiki/Special:OAuthListConsumers/view/74a4d433d0ab9f9fad720e1c4eb8159a
It checks the login, gets an edit token, and the uploads a file from a remote URL via API.
As [[User:Magnus Manske]], it works fine. However, other people have reported that it doesn't work for them. I created a new Commons user [[User:Testuser-MM]]:
https://commons.wikimedia.org/wiki/User:Testuser-MM
It can upload files to Commons:
https://commons.wikimedia.org/wiki/File:Screen_Shot_2014-03-19_at_11.32.41.png
I registered the consumer for this user (clean Chrome browser), and sure enough, upload fails with "permission denied".
POST data follows (oauth token/signature replaced with "..."):
Header:
Authorization: OAuth oauth_consumer_key="74a4d433d0ab9f9fad720e1c4eb8159a", oauth_token="...", oauth_version="1.0", oauth_nonce="a70af0f0a7e11192a6803fdc0b31c2d2", oauth_timestamp="1395229010", oauth_signature_method="HMAC-SHA1", oauth_signature="..."
Payload:
Array
(
[format] => json [action] => upload [filename] => House_in_Lüneburg_(4838105025).jpg [comment] => Transferred from Flickr [text] => Dummy_description [token] => 46b3fd6cdb67e05407c442b03eeb3230+\ [url] => https://farm5.staticflickr.com/4085/4838105025_b46921d90c_o.jpg
)
Result:
{"servedby":"mw1193","error":{"code":"permissiondenied","info":"Permission denied"}}
So, some questions:
- Is the permission denied for the user, or for the OAuth consumer?
- Why is the permission denied?
- Why does it work for some users, but not others?
So far, I know it does seem to be related to browser plugins, or for how long the Commons user exists.
Version: unspecified
Severity: major