jayvdb created this task. jayvdb added a subscriber: jayvdb. jayvdb added a project: pywikibot-core.
TASK DESCRIPTION Currently APISite includes hard-coded lists of tokens. These lists should instead be obtained using the API paraminfo. The API token interface has changed a few times, and therefore depending on the version, the list of tokens for the site is found in the paraminfo of different modules.
http://www.wikia.com/api.php?format=jsonfm&action=paraminfo&querymod... http://en.wikipedia.org/w/api.php?format=jsonfm&action=paraminfo&que...
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs
jayvdb added a blocking task: T75513: Tests fail on Wikia.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs
jayvdb added projects: Pywikibot-tests, PyWikiBot-Interwiki-Map. jayvdb set Security to none.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs
jayvdb removed a blocking task: T75513: Tests fail on Wikia.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs
jayvdb moved this task to MW Version 1.14+ issues on the PyWikiBot-Interwiki-Map workboard.
TASK DETAIL https://phabricator.wikimedia.org/T85725
WORKBOARD https://phabricator.wikimedia.org/project/board/900/
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: Aklapper, jayvdb, pywikipedia-bugs
Omegat added a subscriber: Omegat.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Omegat Cc: Aklapper, jayvdb, Omegat, pywikipedia-bugs
XZise added a subscriber: XZise. XZise added a comment.
One main problem here is how to determine if a token name like //edit// is actually a //csrf// token. We could do it similar to the current implementation that we have a static set which contains all tokens which are mapped to the //csrf// token. As this is about past tokens, this set won't change (unless other tokens at a later point are mapped to a //csrf// token). One problem there is that it doesn't detect if tokens by extensions are mapped now to the //csrf// token.
Another suggestion was to look in the paraminfo for `prop=info` and compare that list (which does contain all token names except the //csrf// token, but those mapped to //csrf//) to the new `meta=tokens` paraminfo. Problem there is, that `intoken` is deprecated so at some point this will break.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: XZise Cc: Aklapper, jayvdb, Omegat, XZise, pywikipedia-bugs
akashagarwal added a subscriber: akashagarwal.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: akashagarwal Cc: akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
Ricordisamoa added a subscriber: Ricordisamoa.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Ricordisamoa Cc: Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
gerritbot added a subscriber: gerritbot. gerritbot added a comment.
Change 196450 had a related patch set uploaded (by Akashagarwal): Verifies tokens from paraminfo
https://gerrit.wikimedia.org/r/196450
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: gerritbot Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
gerritbot added a project: Patch-For-Review.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: gerritbot Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
gerritbot added a comment.
Change 196450 merged by jenkins-bot: Verifies tokens from paraminfo
https://gerrit.wikimedia.org/r/196450
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: gerritbot Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
jayvdb closed this task as "Resolved". jayvdb claimed this task. jayvdb added a comment.
@xzise, re your Jan 3 comment about csrf, do we need to do any more here? Is a new task needed to flesh out the problem? Or please re-open if the recently merged code has regressed some aspect of handling tokens.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
Ricordisamoa removed a project: Patch-For-Review.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb, Ricordisamoa Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
XZise added a comment.
Well @akashagarwal has implemented in such a way that it behaves like before. The only problem there is when `action=tokens` or `prop=info&intoken=…` are removed because then the code can't compare it to anything.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb, XZise Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
XZise added a comment.
Fyi: With T78393: Load token types needed for each API module from the API https://phabricator.wikimedia.org/T78393 we could lessen that impact by avoiding statically using ”edit” and such. But scripts themselves might not be fixed by that.
TASK DETAIL https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>.
EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: jayvdb, XZise Cc: gerritbot, Ricordisamoa, akashagarwal, jayvdb, Aklapper, XZise, Omegat, pywikipedia-bugs
pywikipedia-bugs@lists.wikimedia.org