jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/508072 ) Change subject: [bugfix] add CSRF token in sitelogout() api call ...................................................................... [bugfix] add CSRF token in sitelogout() api call - Add missing CSRF token since {T25227: Use token when logging out} is closed upstream, and tests that correspond to. - site._relogin() was calling site.login() with self._loginstatus, but this last one is an integer and login() excepts a bool. When login fails (_relogin() usage), _loginstatus equals to -1 that is interpreted as True, resulting in the usage of systop account even when it's not wanted. - Using site.getuserinfo(force=True) at the end of logout() results of an automatic re-login, since it is detected that the user has logged out during that API call. So removing _userinfo attribute cleans the previous login state. Bug: T222508 Change-Id: Ia94254b0bfe95c4c13ca71211128f7a0b0fe78d6 --- M pywikibot/site.py M tests/site_tests.py 2 files changed, 31 insertions(+), 4 deletions(-) Approvals: Xqt: Looks good to me, approved jenkins-bot: Verified diff --git a/pywikibot/site.py b/pywikibot/site.py index 6729954..9ea655c 100644 --- a/pywikibot/site.py +++ b/pywikibot/site.py @@ -2118,9 +2118,8 @@ from the site. """ del self._userinfo - old_status = self._loginstatus self._loginstatus = LoginStatus.NOT_LOGGED_IN - self.login(old_status) + self.login() def logout(self): """ @@ -2133,10 +2132,11 @@ """ if self.is_oauth_token_available(): pywikibot.warning('Using OAuth suppresses logout function') - uirequest = self._simple_request(action='logout') + uirequest = self._simple_request(action='logout', + token=self.tokens['csrf']) uirequest.submit() self._loginstatus = LoginStatus.NOT_LOGGED_IN - self.getuserinfo(force=True) + del self._userinfo def getuserinfo(self, force=False): """Retrieve userinfo from site and store in _userinfo attribute. diff --git a/tests/site_tests.py b/tests/site_tests.py index 705d194..d157f48 100644 --- a/tests/site_tests.py +++ b/tests/site_tests.py @@ -3703,6 +3703,33 @@ self.assertIsNone(page) +class TestLoginLogout(DefaultSiteTestCase): + + """Test for login and logout methods.""" + + def test_login_logout(self): + """Validate login and logout methods by toggling the state.""" + site = self.get_site() + loginstatus = pywikibot.site.LoginStatus + + self.assertFalse(site.logged_in()) + + site.login() + self.assertTrue(site.logged_in()) + self.assertGreaterEqual(site._loginstatus, loginstatus.AS_USER) + self.assertIn('_userinfo', site.__dict__.keys()) + + self.assertIsNone(site.login()) + + site.logout() + self.assertFalse(site.logged_in()) + self.assertEqual(site._loginstatus, loginstatus.NOT_LOGGED_IN) + self.assertNotIn('_userinfo', site.__dict__.keys()) + + self.assertRaisesRegexp(AssertionError, + 'User must login in this site', site.logout) + + if __name__ == '__main__': # pragma: no cover try: unittest.main() -- To view, visit https://gerrit.wikimedia.org/r/508072 To unsubscribe, or for help writing mail filters, visit https://gerrit.wikimedia.org/r/settings Gerrit-Project: pywikibot/core Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ia94254b0bfe95c4c13ca71211128f7a0b0fe78d6 Gerrit-Change-Number: 508072 Gerrit-PatchSet: 8 Gerrit-Owner: Framawiki <framawiki(a)tools.wmflabs.org> Gerrit-Reviewer: Dvorapa <dvorapa(a)seznam.cz> Gerrit-Reviewer: John Vandenberg <jayvdb(a)gmail.com> Gerrit-Reviewer: Xqt <info(a)gno.de> Gerrit-Reviewer: jenkins-bot (75)