Page MenuHomePhabricator

every edit save fails on 2.4.180-alpha-2016-11-10
Closed, ResolvedPublic

Description

every edit attempt fails with : edit failed! message

Event Timeline

This only seems to affect logged in users from what I've seen. There's a TODO in WikidataDescriptionEditClient that is related to logged in user edits but independent as it only affects Wikidata descriptions.

I'm not yet sure what the real issue is but the error message is:

EditSectionActivity$4$1  W  failure():344: Caught java.lang.RuntimeException: Assertion that the user is logged in failed
Niedzielski added a subscriber: Dbrant.

@Dbrant, blocker for beta. Please consider bringing this into the current sprint.

Change 322018 had a related patch set uploaded (by Niedzielski):
Fix server logout case when logged in user edits

https://gerrit.wikimedia.org/r/322018

Change 322018 merged by jenkins-bot:
Fix server logout case when logged in user edits

https://gerrit.wikimedia.org/r/322018

I am not sure this fixes it. I am on 2.4.180-alpha-2016-11-19, and it is still happening, maybe it is not in this version yet.

I was able to logcat it:

11-19 18:30:16.749 10166 10166 D org.wikipedia.analytics.Funnel: log():144: EditFunnel: Sending event, event_action = saveAttempt
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: failure():346: 
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: java.lang.RuntimeException: Invalid token
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at org.wikipedia.edit.EditClient$1.onResponse(EditClient.java:75)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at retrofit2.ExecutorCallAdapterFactory$ExecutorCallbackCall$1$1.run(ExecutorCallAdapterFactory.java:68)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at android.os.Handler.handleCallback(Handler.java:739)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at android.os.Handler.dispatchMessage(Handler.java:95)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at android.os.Looper.loop(Looper.java:148)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at android.app.ActivityThread.main(ActivityThread.java:5417)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at java.lang.reflect.Method.invoke(Native Method)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
11-19 18:30:16.940 10166 10166 W org.wikipedia.edit.EditSectionActivity$4$1: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)

This happens on every edit attempt.

After much digging i figured out the problem.

due to the account compromised issues we had a week and a half ago, people with higher rights were forcibly logged-out. The app didn't show this, and you were still shown as if you are logged in. Furthermore, 2FA was implemented for people with higher privileges and enabled by most of us. The app currently doesn't have a way to do 2FA, I am effectively shown as logged in by the app, but in fact, logout, and can't login back, cause no 2FA.

I think supporting 2FA should become Unbreak Now for the app, as 2FA is being rolled out to all users.

I think this also indicates a serious problem with handling token and authentication errors. If the UI is expecting that the user is logged in, perhaps it should use the APIs assert param, to indicate this expectation. When the assertion fails, it should reflect this failure in the UI immediately. If the token fails it can fetch a new token and retry (the JS api does this).