Page MenuHomePhabricator
Create Task
Maniphest T153104

Always request an edit token before page edit
Closed, ResolvedPublic
Actions

Description

The hard-coded, non-authenticated edit token, +\, will go away soon, see T40417.

The apps should always request an edit token before sending the edit request, even when not logged in. The Android app has this done for description editing but not yet for page editing.

Details

SubjectRepoBranchLines +/-
Fetch CSRF token before each page editapps/android/wikipediamaster+8 -12
Customize query in gerrit

Related Objects

Event Timeline

bearND created this task.Dec 13 2016, 6:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 13 2016, 6:50 PM
bearND mentioned this in T153106: Always request an edit token before page edit.Dec 13 2016, 6:54 PM
Mholloway subscribed.Dec 14 2016, 4:18 PM
Dbrant added a project: Technical-Debt.Dec 14 2016, 4:19 PM
Dbrant moved this task from Needs Triage to Tech Debt Backlog on the Wikipedia-Android-App-Backlog board.
jeremyb subscribed.Jan 2 2017, 5:55 AM
bearND updated the task description. (Show Details)Jan 6 2017, 5:29 PM
Mholloway added a comment.Jan 11 2017, 7:00 PM

I think this change would prevent weird states like T155005: Error upon attempted edit from occurring. I'm not sure how frequently users are experiencing that but I vote to put it into Kanban sooner than later.

Dbrant moved this task from Tech Debt Backlog to Android-app-release-v2.6.19x-Bermuda🌴 on the Wikipedia-Android-App-Backlog board.Jan 11 2017, 10:48 PM
Dbrant edited projects, added Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴); removed Wikipedia-Android-App-Backlog.
Mholloway claimed this task.Jan 11 2017, 11:36 PM
Mholloway moved this task from To Do to Doing on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.
gerritbot subscribed.Jan 17 2017, 2:56 PM

Change 332471 had a related patch set uploaded (by Mholloway):
Fetch CSRF token before each page edit

https://gerrit.wikimedia.org/r/332471

gerritbot added a project: Patch-For-Review.Jan 17 2017, 2:56 PM
Mholloway moved this task from Doing to Code Review on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.Jan 17 2017, 3:12 PM
gerritbot added a comment.Jan 20 2017, 4:54 PM

Change 332471 merged by jenkins-bot:
Fetch CSRF token before each page edit

https://gerrit.wikimedia.org/r/332471

Mholloway moved this task from Code Review to Ready for Signoff on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.Jan 20 2017, 6:18 PM
Dbrant moved this task from Ready for Signoff to Done on the Wikipedia-Android-App-Backlog (Android-app-release-v2.6.19x-Bermuda🌴) board.Jan 23 2017, 7:39 PM
Dbrant closed this task as Resolved.Jan 30 2017, 4:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL