Page MenuHomePhabricator

Make Selenium tests work with AuthManager
Closed, ResolvedPublic

Description

AuthManager replaces the createaccount API; the new API is meant for generating UIs for humans (the fields and steps are not predictable and depend on what types of auth extensions are enabled). For browser tests, we would need a machine-oriented API though, something like the API version of user::newSystemUser. (Or maybe a session provider that identifies via some kind of shared secret and then just autocreates whatever username it is told to use?)

Example of errors caused by the lack of this: https://integration.wikimedia.org/ci/job/mwext-mw-selenium/6607/console

Given I am logged into the mobile website # features/step_definitions/common_steps.rb:28
  The token parameter must be set (createnotoken) (MediawikiApi::ApiError)
  ./features/step_definitions/common_steps.rb:30:in `/^I am logged into the mobile website$/'

Related Objects

Event Timeline

Tgr created this task.May 20 2016, 9:51 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 20 2016, 9:51 PM
Tgr added a comment.EditedMay 20 2016, 10:14 PM

In the shorter term, $wgDisableAuthManager = true should probably be set for CI MediaWiki installs which run browser tests (but ideally not for the ones which run PHPUnit). Or if that's not possible just revert https://gerrit.wikimedia.org/r/#/c/289498/ which triggered this.

demon added a subscriber: demon.May 20 2016, 11:04 PM

Reverted out of master for now, we'll revisit Monday prior to cutting the RC.

Tgr updated the task description. (Show Details)May 23 2016, 2:47 PM

Change 290269 had a related patch set uploaded (by Gergő Tisza):
Update account creation code for AuthManager

https://gerrit.wikimedia.org/r/290269

The shared-secret SessionProvider is a good idea if the tests just need to be logged in and not worry about how that happened. Or, if you can assume a $wgAuthManagerConfig with no surprises (e.g. no ConfirmEdit, no two-factor auth extension offering to set itself up), you can treat the new action=createaccount much like the old one and just feed it what it expects.

Difficulties with a general machine-usable account creation API include:

  • Chances are the features that make it machine-usable would also make it attractive to spammers and other attackers. For example, it would have to bypass captchas.
  • AuthManager specifically includes interactive methods of establishing authentication credentials for the account, such as interacting with a third-party authentication service.

Note we have the same problem with login under AuthManager, and note the solutions for machine-usable login: OAuth, a shared-secret SessionProvider, and BotPasswords, which bypasses AuthManager entirely while trying to reduce the security risk by limiting the userrights available to the session, requiring long randomly generated passwords, and restricting use to the API only.

Change 290269 merged by Zfilipin:
Update account creation code for AuthManager

https://gerrit.wikimedia.org/r/290269

Change 290805 had a related patch set uploaded (by Gergő Tisza):
[DO NOT MERGE] Test mediawiki_api Selenium helper with AuthManager

https://gerrit.wikimedia.org/r/290805

Change 290805 abandoned by Gergő Tisza:
[DO NOT MERGE] Test mediawiki_api Selenium helper with AuthManager

Reason:
Works as expected.

https://gerrit.wikimedia.org/r/290805

Change 290832 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290832

Change 290833 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290833

Change 290834 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290834

Change 290837 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290837

Change 290838 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290838

Change 290839 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290839

Change 290840 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290840

Change 290841 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290841

Change 290842 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290842

Change 290843 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290843

Change 290844 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290844

Change 290845 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290845

Change 290846 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290846

Change 290847 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290847

Change 290848 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290848

Change 290849 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290849

Change 290850 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290850

Change 290851 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290851

Change 290852 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290852

Change 290853 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290853

Change 290854 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290854

Change 290855 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290855

Change 290856 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290856

Change 290857 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290857

Change 290858 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290858

Change 290843 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290843

Change 290837 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290837

I looked at a few of these patches and they do not update the Gemfile.lock after the Gemfile was changed. Please amend so they can be merged.

Change 290897 had a related patch set uploaded (by JanZerebecki):
Update dependency of mediawiki_api

https://gerrit.wikimedia.org/r/290897

Change 290856 abandoned by JanZerebecki:
Update mediawiki_api gem to 1.7.1

Reason:
There is now one for both Wikibase and one for browsertests.

https://gerrit.wikimedia.org/r/290856

Change 290841 abandoned by JanZerebecki:
Update mediawiki_api gem to 1.7.1

Reason:
Extension is archived.

https://gerrit.wikimedia.org/r/290841

Change 290851 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290851

Change 290853 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290853

Change 290852 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290852

Change 290844 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290844

Change 290858 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290858

Change 290857 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290857

Change 290845 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290845

Change 290839 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290839

Change 290850 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290850

Change 290847 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290847

Change 290849 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290849

Change 290846 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290846

Change 290840 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290840

Change 290842 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290842

Change 290833 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290833

Change 290834 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290834

Change 290848 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290848

Change 290838 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290838

Change 290854 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290854

Change 290855 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290855

Change 290897 merged by jenkins-bot:
Update dependency of mediawiki_api

https://gerrit.wikimedia.org/r/290897

Tgr closed this task as Resolved.May 27 2016, 3:35 PM
Tgr claimed this task.
hashar added a subscriber: hashar.May 30 2016, 9:15 AM

Well done @Tgr and thank you very much.

Change 290832 abandoned by Gergő Tisza:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/290832

Change 294493 had a related patch set uploaded (by Zfilipin):
Make Selenium tests work with AuthManager

https://gerrit.wikimedia.org/r/294493

Change 294493 merged by jenkins-bot:
Make Selenium tests work with AuthManager

https://gerrit.wikimedia.org/r/294493

Change 296523 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/296523

Change 296523 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/296523

Change 296532 had a related patch set uploaded (by Gergő Tisza):
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/296532

Change 296532 merged by jenkins-bot:
Update mediawiki_api gem to 1.7.1

https://gerrit.wikimedia.org/r/296532