Page MenuHomePhabricator
Create Task
Maniphest T112671

centralauthtoken doesn't work anymore
Closed, ResolvedPublic
Actions

Description

Due to unknown changes in API centralauthtoken doesn't work anymore at all. Previously the following schema worked:

  1. obtain centralauthtoken from local wiki (for example https://ru.wikipedia.org/w/api.php?action=centralauthtoken )
  2. do anything on another wiki (for example https://www.wikidata.org/w/api.php?centralauthtoken=%YOURTOKENHERE%&action=query&meta=tokens&type=csrf )

Currently second point results in error message:

"error": {
    "code": "badtoken",
    "info": "The centralauthtoken is not valid",
    "*": "See https://www.wikidata.org/w/api.php for API usage"
}

This breaks all interwiki wikidata editing gadgets (aka WE-Framework gadgets) used on different wikis

Related Objects

Event Timeline

vlsergey created this task.Sep 15 2015, 4:31 PM
vlsergey raised the priority of this task from to High.
vlsergey updated the task description. (Show Details)
vlsergey added projects: MediaWiki-Action-API, Wikidata-Gadgets.
vlsergey subscribed.
Restricted Application added a project: Wikidata. · View Herald TranscriptSep 15 2015, 4:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Legoktm raised the priority of this task from High to Unbreak Now!.Sep 15 2015, 4:32 PM
Legoktm added a project: MediaWiki-extensions-CentralAuth.
Legoktm set Security to None.
Legoktm added subscribers: hoo, Legoktm.

@hoo and I are debugging this currently

Pessimist2006 subscribed.EditedSep 15 2015, 4:48 PM

support request

Ricordisamoa subscribed.Sep 15 2015, 5:57 PM
Legoktm assigned this task to aaron.Sep 15 2015, 6:16 PM
[10:43:44] <anomie> legoktm: I'm seeing "read error on connection" coming back from redis.
[10:44:03] <anomie> in response to the call to $conn->multi().
[10:44:06] <legoktm> nutcracker issue then?
[10:44:35] <legoktm> is it a specific backend?
[10:45:25] <anomie> Some commands work fine, e.g. ping(). Others do this. Do we have some sort of command whitelist set up in our redis?
[10:50:52] <AaronSchulz> no whitelist afaik
[10:54:04] <anomie> ->ping() works, ->time() doesn't, ->info() doesn't, ->echo() doesn't. And, critically, ->multi() doesn't.
[10:56:17] <AaronSchulz> multi() may be a temproxy bug
[10:56:47] <AaronSchulz> for info() it at least makes sense that it doesn't work due to the proxying/hashing
[10:57:20] -*- AaronSchulz noticed that before
[10:57:59] <AaronSchulz> https://github.com/twitter/twemproxy/blob/master/notes/redis.md
[10:59:12] <Reedy> Almost sounds like we need an extra MW class a wrapper
[10:59:55] <AaronSchulz> multi() is not supported there, so that explains
[11:00:03] <AaronSchulz> CA can clearly just use set() for the tokens for now
[11:00:36] <AaronSchulz> I'll make a patch for that, maybe core, and poke at cas() later
[11:01:06] <anomie> Well, there we go then. RedisBagOStuff doesn't fully work with twemproxy because it doesn't support multi/exec, watch/unwatch, or info.
[11:01:32] <hoo> AaronSchulz: Thanks
Anomie moved this task from Unsorted to Non-core-API stuff on the MediaWiki-Action-API board.Sep 15 2015, 6:54 PM
Mbch331 subscribed.Sep 15 2015, 7:33 PM
Okras subscribed.Sep 15 2015, 9:47 PM
Legoktm closed this task as Resolved.Sep 16 2015, 12:17 AM

Fixed by rECAU933e90368390: Use set() for tokens with unique keys, which I just backported.

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Dec 15 2016, 4:19 PM
Restricted Application added subscribers: Jay8g, TerraCodes. · View Herald TranscriptDec 15 2016, 4:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL