Page MenuHomePhabricator
Create Task
Maniphest T199643

Generate a new CSRF token if the old one is invalidated
Closed, InvalidPublic
Actions

Description

The bot may fail to because the current CSRF token is invalid. Then a new one should be generated.

(This is important with T139842: Restartable bot framework as CSRF token is not always persistent.)

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT229364 CSRF token issues (tracking)
 OpenNoneT139842 Restartable bot framework
 InvalidNoneT199643 Generate a new CSRF token if the old one is invalidated

Event Timeline

Bugreporter created this task.Jul 15 2018, 10:01 AM
Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald TranscriptJul 15 2018, 10:01 AM
Dvorapa subscribed.EditedJul 15 2018, 4:32 PM

Isn't this the same as T78393? (or at least too similar)

Framawiki subscribed.Jul 18 2018, 6:15 PM
Xqt added a parent task: T229364: CSRF token issues (tracking).Jul 30 2019, 5:54 PM
Xqt triaged this task as Medium priority.Jul 30 2019, 5:56 PM
Xqt added a parent task: T139842: Restartable bot framework.
Dvorapa added a comment.Feb 22 2020, 11:16 PM

We should use action=checktoken for a token validation, but I'm not sure, where to put this check. It needs to check before every write/relogin action I think

Xqt closed this task as Invalid.Oct 18 2022, 4:33 AM
Xqt subscribed.

Was already implemented in api.Request._badtoken() with rPWBCffb2242 due to T61678. Therefore I cannot reproduce this task. Was is a compat issue?

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits