Event Timeline
Comment Actions
@Joe I tried passing x-forwareded-proto: https, but it didn't work out. I remember Michael talking about problems with session cookies not being satisfied by the service, do you think that is what happening here?
The error is Invalid CSRF token., although the credentials are ok.
Comment Actions
@Joe I tried to reproduce this with curl commands without success.
mbsantos@deployment-push-notifications01:~$ curl -c cookies_mw --request GET 'http://deployment-mediawiki-07.deployment-prep.eqiad1.wikimedia.cloud/w/api.php?action=query&meta=tokens&format=json&type=login' \ > --header 'host: meta.wikimedia.beta.wmflabs.org' {"batchcomplete":"","warnings":{"main":{"*":"HTTP used when HTTPS was expected.\nSubscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application."}},"query":{"tokens":{"logintoken":"cfe5886901f21f5ac7685aa1e32836e15f99bb23+\\"}}} mbsantos@deployment-push-notifications01:~$ curl -b cookies_mw --location --request POST 'http://deployment-mediawiki-07.deployment-prep.eqiad1.wikimedia.cloud/w/api.php?format=json' \ > --header 'host: meta.wikimedia.beta.wmflabs.org' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'action=login' \ > --data-urlencode 'lgname=PushSubscriptionManager2' \ > --data-urlencode 'lgpassword=password' \ > --data-urlencode 'lgtoken=cfe5886901f21f5ac7685aa1e32836e15f99bb23+\' {"warnings":{"main":{"*":"HTTP used when HTTPS was expected.\nSubscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application."}},"login":{"result":"Failed","reason":"Unable to continue login. Your session most likely timed out."}} mbsantos@deployment-push-notifications01:~$ cat cookies_mw # Netscape HTTP Cookie File # https://curl.haxx.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk.
Apparently no cookies are returned. The internal endpoint is the only problem, because the public endpoint does return cookies, see:
mbsantos@deployment-push-notifications01:~$ curl -c cookies_mw --request GET 'https://meta.wikimedia.beta.wmflabs.org/w/api.php?action=query&meta=tokens&format=json&type=login' {"batchcomplete":"","query":{"tokens":{"logintoken":"d48b4354e50284488ce5ea780b2758255f99bc90+\\"}}}mbsantos@deployment-push-notifications01:~$ curl -b cookies_mw --location --request POST 'https://meta.wikimedia.beta.wmflabs.org/w/api.php?format=json' \ > --header 'Content-Type: application/x-www-form-urlencoded' \ > --data-urlencode 'action=login' \ > --data-urlencode 'lgname=PushSubscriptionManager2' \ > --data-urlencode 'lgpassword=password' \ > --data-urlencode 'lgtoken=d48b4354e50284488ce5ea780b2758255f99bc90+\' {"warnings":{"main":{"*":"Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application."},"login":{"*":"Main-account login via \"action=login\" is deprecated and may stop working without warning. To continue login with \"action=login\", see [[Special:BotPasswords]]. To safely continue using main-account login, see \"action=clientlogin\"."}},"login":{"result":"Success","lguserid":44629,"lgusername":"PushSubscriptionManager2"}} mbsantos@deployment-push-notifications01:~$ cat cookies_mw # Netscape HTTP Cookie File # https://curl.haxx.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. .beta.wmflabs.org TRUE / TRUE 0 GeoIP :::::v4 #HttpOnly_.wikimedia.beta.wmflabs.org TRUE / TRUE 1606651200 WMF-Last-Access-Global 28-Oct-2020 #HttpOnly_meta.wikimedia.beta.wmflabs.org FALSE / TRUE 1606651200 WMF-Last-Access 28-Oct-2020 #HttpOnly_meta.wikimedia.beta.wmflabs.org FALSE / TRUE 0 metawikiSession s3fn6f5fidt5eit92cd3s420agbchr8j #HttpOnly_meta.wikimedia.beta.wmflabs.org FALSE / TRUE 0 ss0-metawikiSession s3fn6f5fidt5eit92cd3s420agbchr8j mbsantos@deployment-push-notifications01:~$
I don't think a change in the service would suffice and probably there is no way to use the internal endpoint in the beta cluster. Could that also be an issue in the production environment?