jayvdb created this task. jayvdb claimed this task. jayvdb added subscribers: pywikipedia-bugs, Aklapper, jayvdb, Legoktm. jayvdb added a project: Pywikibot-tests.
TASK DESCRIPTION In order for the 'wikimedia' Travis-CI builds to run tests on the beta sites, the standard test account 'Pywikibot-test' needs to exist with the same password used elsewhere.
As beta sites only use http, that means the password for the account used on real wikis needs to be used on the beta sites, and can be captured easily. It is a risk. The Pywikibot-test account could become compromised. That may not be a serious problem as the account doesnt have any special permissions. However HTTPS on beta (T50501) would be solve this problem.
TASK DETAIL https://phabricator.wikimedia.org/T100797
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Legoktm, jayvdb, Aklapper, pywikipedia-bugs
jayvdb added a comment.
Using OAuth was suggested as an alternative to passwords, but pywikibot doesnt support that yet. We have an ongoing GSoC project for it: https://phabricator.wikimedia.org/tag/pywikibot-oauth/
TASK DETAIL https://phabricator.wikimedia.org/T100797
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Legoktm, jayvdb, Aklapper, pywikipedia-bugs
Legoktm added a comment.
The raw password for the Pywikibot-test account is in the "pywikibot" tool on tool labs in the file `passwd`.
TASK DETAIL https://phabricator.wikimedia.org/T100797
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb, Legoktm Cc: Legoktm, jayvdb, Aklapper, pywikipedia-bugs
jayvdb added a comment.
Thanks @legoktm. At Lyon Hackathon we fetched that password and used it to create an account on a new empty wiki for https://phabricator.wikimedia.org/T100802.
An alternative is to use a constant suffix for all 'unsafe' wikis. i.e. in .travis.yml use "${PYWIKIBOT2_USERNAME}-unsafe" e.g. 'Pywikibot-test-unsafe' for the Github 'wikimedia' account, and it would be "JVbot-test-unsafe" for mine, etc.
Another option is to globally lock the 'Pywikibot-test' account on the production wikis - we'd probably need to create a separate task to test and fix any unit test breakages caused by testing with a globally locked account, but I suspect their wouldnt be many as the test suite doesnt edit (or attempt to edit) using the 'Pywikibot-test' account.
TASK DETAIL https://phabricator.wikimedia.org/T100797
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Legoktm, jayvdb, Aklapper, pywikipedia-bugs
Legoktm added a comment.
Global locks prevent a user from logging in, so I don't think that's what we want.
TASK DETAIL https://phabricator.wikimedia.org/T100797
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb, Legoktm Cc: Legoktm, jayvdb, Aklapper, pywikipedia-bugs
pywikipedia-bugs@lists.wikimedia.org