Page MenuHomePhabricator

action=logout needs CSRF token, since API breaking change
Open, HighPublic

Description

Since T25227: Use token when logging out was resolved and pushed on live WMF wikis, pywikibot.Site().logout() fails with pywikibot.data.api.APIError: notoken: The "token" parameter must be set..

Event Timeline

Dvorapa triaged this task as High priority.May 4 2019, 10:19 AM

Change 508072 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [bugfix] add CSRF token in sitelogout() api call

https://gerrit.wikimedia.org/r/508072

Change 508072 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] add CSRF token in sitelogout() api call

https://gerrit.wikimedia.org/r/508072

Xqt added a subscriber: Xqt.

Reopened due to failing tests

=================================== FAILURES ===================================
______________________ TestLoginLogout.test_login_logout _______________________

self = <tests.site_tests.TestLoginLogout testMethod=test_login_logout>

    def test_login_logout(self):
        """Validate login and logout methods by toggling the state."""
        site = self.get_site()
        loginstatus = pywikibot.site.LoginStatus
    
        self.assertFalse(site.logged_in())
    
        site.login()
        self.assertTrue(site.logged_in())
>       self.assertGreaterEqual(site._loginstatus, loginstatus.AS_USER)
E       AssertionError: -2 not greater than or equal to 0

tests/site_tests.py:3719: AssertionError

Change 508094 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [TEST] fix test_login_logout

https://gerrit.wikimedia.org/r/508094

Change 508094 merged by jenkins-bot:
[pywikibot/core@master] [TEST] fix test_login_logout

https://gerrit.wikimedia.org/r/508094

Change 508111 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [TEST] fix test_login_logout, OAuth case

https://gerrit.wikimedia.org/r/508111

Change 508111 merged by jenkins-bot:
[pywikibot/core@master] [TEST] fix test_login_logout, OAuth case

https://gerrit.wikimedia.org/r/508111

Since the very first patch it also fails on AppVeyor with the following error:

======================================================================
ERROR: test_login_logout (tests.site_tests.TestLoginLogout)
Validate login and logout methods by toggling the state.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "c:\projects\pywikibot-g4xqx\tests\site_tests.py", line 3717, in test_login_logout
    site.login()
  File "c:\projects\pywikibot-g4xqx\pywikibot\site.py", line 2101, in login
    if login_manager.login(retry=True, autocreate=autocreate):
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 306, in login
    self.check_user_exists()
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 155, in check_user_exists
    % (main_username, self.site))
NoUsername: Username 'None' does not exist on wikipedia:en
----------------------------------------------------------------------

Seems there is no password found to login

Perhaps this should be skipped on AppVeyor as we have no chance to add password/env variable in AppVeyor config?

Change 508893 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

The later patch also intents to skip test on AppVeyor.
I'm not sure how to deal with the pywikibot.data.api.APIError: Failed: You have made too many recent login attempts. Please wait 5 minutes before trying again. present on Travis.

Change 508893 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

Change 510520 had a related patch set uploaded (by Xqt; owner: Xqt):
[pywikibot/core@master] Skip TestLoginLogout unless it is running on Travis

https://gerrit.wikimedia.org/r/510520

Change 510520 merged by jenkins-bot:
[pywikibot/core@master] Skip TestLoginLogout if it is running on Appveyor

https://gerrit.wikimedia.org/r/510520

Okay, Appveyor tests skipped, en:wsbeta test account created. Last fails:

  • en:musicbrainz - test account created, but still failing (weird)
  • zh:wikisource - sometimes some login_logout test timeouts
  • en:musicbrainz - test account created, but still failing (weird)

For en:musicbrainz I see pywikibot.data.api.APIError: Failed: Incorrect username or password entered. Please try again. and it is full of

Logging in to musicbrainz:en as Pywikibot-test
ERROR: Login failed (Failed).
  • en:musicbrainz - test account created, but still failing (weird)

For en:musicbrainz I see pywikibot.data.api.APIError: Failed: Incorrect username or password entered. Please try again. and it is full of

Logging in to musicbrainz:en as Pywikibot-test
ERROR: Login failed (Failed).

Probably travis username/password settings does not match the musicbrainz test account?

The username and general password do match. What else should be set to make it work? OAuth? Some preferences?

What else should be set to make it work? OAuth? Some preferences?

I've no glue. Deactivating tests where login is needed then.

musicbrainz issue solved, only the timeout is the issue now (happens only sometimes)

musicbrainz issue solved

What was the problem here?

musicbrainz issue solved

What was the problem here?

My stupidity: I created the Pywikibot-test account on musicbrainz, not musicbrainz wiki :D

Change 508893 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Is this recognized for APPVEYOR tests?

Since the very first patch it also fails on AppVeyor with the following error:

======================================================================
ERROR: test_login_logout (tests.site_tests.TestLoginLogout)
Validate login and logout methods by toggling the state.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "c:\projects\pywikibot-g4xqx\tests\site_tests.py", line 3717, in test_login_logout
    site.login()
  File "c:\projects\pywikibot-g4xqx\pywikibot\site.py", line 2101, in login
    if login_manager.login(retry=True, autocreate=autocreate):
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 306, in login
    self.check_user_exists()
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 155, in check_user_exists
    % (main_username, self.site))
NoUsername: Username 'None' does not exist on wikipedia:en
----------------------------------------------------------------------

! In T222508#5159234, @Xqt wrote:

Seems there is no password found to login

Means passed badtoken APIError, see T248771 and T248769

The later patch also intents to skip test on AppVeyor.
I'm not sure how to deal with the pywikibot.data.api.APIError: Failed: You have made too many recent login attempts. Please wait 5 minutes before trying again. present on Travis.

Solved yesterday by appending to 'Throttle' response and parsing time

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Is this recognized for APPVEYOR tests?

Credentials added to AppVeyor, but Appveyor failing to load settings currently. Anyway, we can enable tests once Upstream issue solved or workarounded