Page MenuHomePhabricator
Create Task
Maniphest T188451

Migrate mobile editor to CSRF from edit token in TalkSectionAddOverlay
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

  1. Make sure that the MobileFrontend extension is installed.
  2. Visit a mobile talk page (e.g., http://localhost:8080/wiki/User_talk:Stephen?debug=true#/talk on your local machine)
  3. Press "add discussion" at the bottom
  4. Enter some text
  5. Press "save"

The following warning is printed to the console of your web browser's developer tools:

Use of the "edit" token is deprecated. Use "csrf" instead. http://localhost:8080/w/resources/src/mediawiki/api.js?8308a

mapLegacyToken @ api.js?8308a:47
getToken @ api.js?8308a:367
postWithToken @ api.js?8308a:315
save @ TalkSectionAddOverlay.js?5f060:160
onSaveClick @ TalkSectionAddOverlay.js?5f060:101
proxy @ load.php?debug=true&lang=en&modules=jquery%2Cmediawiki&only=scripts&skin=minerva&version=1mi7wed:496
dispatch @ load.php?debug=true&lang=en&modules=jquery%2Cmediawiki&only=scripts&skin=minerva&version=1mi7wed:5206
elemData.handle @ load.php?debug=true&lang=en&modules=jquery%2Cmediawiki&only=scripts&skin=minerva&version=1mi7wed:5014

We should migrate this code so it doesn't break unexpectedly when the old way is no longer supported.

Acceptance criteria

  • Category, Talk and Edit overlays should make use of the csrf token rather than the edit token
  • We'll probably need to update tests and add tests for the CategoryGateway
  • Previous changes have introduced bugs so we'll want to simulate a few error and success cases to verify the change has been successful

Details

SubjectRepoBranchLines +/-
Use the 'csrf' token to authenticate post requestsmediawiki/extensions/MobileFrontendmaster+71 -5
Customize query in gerrit

Related Objects

Event Timeline

Niedzielski created this task.Feb 27 2018, 10:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 27 2018, 10:00 PM
Jdlrobson moved this task from Incoming to Triaged but Future on the Web-Team-Backlog board.Feb 27 2018, 10:50 PM
ovasileva triaged this task as Medium priority.Feb 28 2018, 5:48 PM
Jdlrobson updated the task description. (Show Details)Mar 6 2018, 5:50 PM
Jdlrobson updated the task description. (Show Details)Mar 6 2018, 5:53 PM
Jdlrobson set the point value for this task to 3.
MBinder_WMF moved this task from Triaged but Future to 2017-18 Q2 on the Web-Team-Backlog board.Mar 6 2018, 6:46 PM
MBinder_WMF moved this task from 2017-18 Q2 to Triaged but Future on the Web-Team-Backlog board.
Jdlrobson added a project: good first task.Jul 27 2018, 9:36 AM
Jdlrobson added a project: MobileFrontend (MobileFrontend and MinervaNeue architecture).Aug 15 2018, 4:45 PM
Jdlrobson lowered the priority of this task from Medium to Low.Aug 30 2018, 1:35 AM
Jdlrobson moved this task from Backlog to Misc on the MobileFrontend (MobileFrontend and MinervaNeue architecture) board.
Jdlrobson added a project: Google-Code-in-2018.Sep 19 2018, 11:53 PM
Aklapper updated the task description. (Show Details)Oct 5 2018, 11:17 AM
Aklapper updated the task description. (Show Details)Oct 5 2018, 11:21 AM

(I tried to follow the steps and it looks like User_talk: is required instead of User:, so I boldly edited the task description.)

Aklapper moved this task from Proposed tasks to Imported in GCI Site on the Google-Code-in-2018 board.Oct 5 2018, 11:24 AM

https://codein.withgoogle.com/tasks/6639114838343680/

Liuxinyu970226 subscribed.Oct 21 2018, 2:45 AM
LukBukkit claimed this task.Nov 24 2018, 6:00 PM
gerritbot subscribed.Nov 26 2018, 8:30 PM

Change 475831 had a related patch set uploaded (by LukBukkit; owner: LukBukkit):
[mediawiki/extensions/MobileFrontend@master] Use the 'csrf' token to authenticate post requests

https://gerrit.wikimedia.org/r/475831

gerritbot added a project: Patch-For-Review.Nov 26 2018, 8:30 PM
Jdlrobson edited projects, added Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2); removed Web-Team-Backlog.Nov 26 2018, 9:56 PM
Jdlrobson moved this task from To Do to Needs Code Review on the Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2) board.
gerritbot added a comment.Nov 28 2018, 1:24 AM

Change 475831 merged by jenkins-bot:
[mediawiki/extensions/MobileFrontend@master] Use the 'csrf' token to authenticate post requests

https://gerrit.wikimedia.org/r/475831

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.8; 2018-12-11).Nov 28 2018, 2:01 AM
Jdlrobson updated the task description. (Show Details)Nov 28 2018, 2:08 AM
Jdlrobson moved this task from Needs Code Review to Needs QA on the Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2) board.Nov 28 2018, 5:59 PM
Jdlrobson mentioned this in T163121: Bug: Category overlay does not refresh after category added.Nov 28 2018, 6:48 PM
Jdlrobson claimed this task.Nov 29 2018, 6:06 PM
Jdlrobson added a subscriber: LukBukkit.
Jdlrobson moved this task from Needs QA to Ready for Signoff on the Web-Team-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2) board.Nov 29 2018, 7:16 PM
Jdlrobson updated the task description. (Show Details)
Jdlrobson closed this task as Resolved.Nov 29 2018, 7:20 PM

I've tested editing, talk and categories on the following browsers and all work without problem:

  • Chrome mobile
  • Chrome desktop
  • Firefox desktop
  • Firefox mobile
  • Dolphin
  • Safari desktop
Liuxinyu970226 unsubscribed.Dec 2 2018, 7:19 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL