jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/508072 )
Change subject: [bugfix] add CSRF token in sitelogout() api call
......................................................................
[bugfix] add CSRF token in sitelogout() api call
- Add missing CSRF token since {T25227: Use token when logging out}
is closed upstream, and tests that correspond to.
- site._relogin() was calling site.login() with self._loginstatus, but
this last one is an integer and login() excepts a bool. When login fails
(_relogin() usage), _loginstatus equals to -1 that is interpreted as
True, resulting in the usage of systop account even when it's not wanted.
- Using site.getuserinfo(force=True) at the end of logout() results of an
automatic re-login, since it is detected that the user has logged out
during that API call. So removing _userinfo attribute cleans the previous
login state.
Bug: T222508
Change-Id: Ia94254b0bfe95c4c13ca71211128f7a0b0fe78d6
---
M pywikibot/site.py
M tests/site_tests.py
2 files changed, 31 insertions(+), 4 deletions(-)
Approvals:
Xqt: Looks good to me, approved
jenkins-bot: Verified
diff --git a/pywikibot/site.py b/pywikibot/site.py
index 6729954..9ea655c 100644
--- a/pywikibot/site.py
+++ b/pywikibot/site.py
@@ -2118,9 +2118,8 @@
from the site.
"""
del self._userinfo
- old_status = self._loginstatus
self._loginstatus = LoginStatus.NOT_LOGGED_IN
- self.login(old_status)
+ self.login()
def logout(self):
"""
@@ -2133,10 +2132,11 @@
"""
if self.is_oauth_token_available():
pywikibot.warning('Using OAuth suppresses logout function')
- uirequest = self._simple_request(action='logout')
+ uirequest = self._simple_request(action='logout',
+ token=self.tokens['csrf'])
uirequest.submit()
self._loginstatus = LoginStatus.NOT_LOGGED_IN
- self.getuserinfo(force=True)
+ del self._userinfo
def getuserinfo(self, force=False):
"""Retrieve userinfo from site and store in _userinfo attribute.
diff --git a/tests/site_tests.py b/tests/site_tests.py
index 705d194..d157f48 100644
--- a/tests/site_tests.py
+++ b/tests/site_tests.py
@@ -3703,6 +3703,33 @@
self.assertIsNone(page)
+class TestLoginLogout(DefaultSiteTestCase):
+
+ """Test for login and logout methods."""
+
+ def test_login_logout(self):
+ """Validate login and logout methods by toggling the
state."""
+ site = self.get_site()
+ loginstatus = pywikibot.site.LoginStatus
+
+ self.assertFalse(site.logged_in())
+
+ site.login()
+ self.assertTrue(site.logged_in())
+ self.assertGreaterEqual(site._loginstatus, loginstatus.AS_USER)
+ self.assertIn('_userinfo', site.__dict__.keys())
+
+ self.assertIsNone(site.login())
+
+ site.logout()
+ self.assertFalse(site.logged_in())
+ self.assertEqual(site._loginstatus, loginstatus.NOT_LOGGED_IN)
+ self.assertNotIn('_userinfo', site.__dict__.keys())
+
+ self.assertRaisesRegexp(AssertionError,
+ 'User must login in this site', site.logout)
+
+
if __name__ == '__main__': # pragma: no cover
try:
unittest.main()
--
To view, visit
https://gerrit.wikimedia.org/r/508072
To unsubscribe, or for help writing mail filters, visit
https://gerrit.wikimedia.org/r/settings
Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia94254b0bfe95c4c13ca71211128f7a0b0fe78d6
Gerrit-Change-Number: 508072
Gerrit-PatchSet: 8
Gerrit-Owner: Framawiki <framawiki(a)tools.wmflabs.org>
Gerrit-Reviewer: Dvorapa <dvorapa(a)seznam.cz>
Gerrit-Reviewer: John Vandenberg <jayvdb(a)gmail.com>
Gerrit-Reviewer: Xqt <info(a)gno.de>
Gerrit-Reviewer: jenkins-bot (75)