Page MenuHomePhabricator

action=logout needs CSRF token, since API breaking change
Open, HighPublic

Description

Since T25227: Use token when logging out was resolved and pushed on live WMF wikis, pywikibot.Site().logout() fails with pywikibot.data.api.APIError: notoken: The "token" parameter must be set..

Details

Related Gerrit Patches:

Event Timeline

Framawiki created this task.May 4 2019, 9:26 AM
Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald TranscriptMay 4 2019, 9:26 AM
Dvorapa triaged this task as High priority.May 4 2019, 10:19 AM

Change 508072 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [bugfix] add CSRF token in sitelogout() api call

https://gerrit.wikimedia.org/r/508072

Framawiki moved this task from Backlog to Needs Review on the Pywikibot board.May 4 2019, 11:54 AM
Xqt closed this task as Resolved.May 4 2019, 3:45 PM

Change 508072 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] add CSRF token in sitelogout() api call

https://gerrit.wikimedia.org/r/508072

Xqt reopened this task as Open.May 4 2019, 4:52 PM
Xqt added a subscriber: Xqt.

Reopened due to failing tests

Xqt added a comment.May 4 2019, 6:01 PM
=================================== FAILURES ===================================
______________________ TestLoginLogout.test_login_logout _______________________

self = <tests.site_tests.TestLoginLogout testMethod=test_login_logout>

    def test_login_logout(self):
        """Validate login and logout methods by toggling the state."""
        site = self.get_site()
        loginstatus = pywikibot.site.LoginStatus
    
        self.assertFalse(site.logged_in())
    
        site.login()
        self.assertTrue(site.logged_in())
>       self.assertGreaterEqual(site._loginstatus, loginstatus.AS_USER)
E       AssertionError: -2 not greater than or equal to 0

tests/site_tests.py:3719: AssertionError

Change 508094 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [TEST] fix test_login_logout

https://gerrit.wikimedia.org/r/508094

Change 508094 merged by jenkins-bot:
[pywikibot/core@master] [TEST] fix test_login_logout

https://gerrit.wikimedia.org/r/508094

Xqt closed this task as Resolved.May 5 2019, 5:46 AM

Change 508111 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [TEST] fix test_login_logout, OAuth case

https://gerrit.wikimedia.org/r/508111

Change 508111 merged by jenkins-bot:
[pywikibot/core@master] [TEST] fix test_login_logout, OAuth case

https://gerrit.wikimedia.org/r/508111

Xqt added a comment.May 5 2019, 1:42 PM

There are two remaining issues for wsbeta and musicbrainz: https://travis-ci.org/wikimedia/pywikibot/builds/528404683

Dvorapa added a subscriber: Dvorapa.May 6 2019, 7:00 AM

Since the very first patch it also fails on AppVeyor with the following error:

======================================================================
ERROR: test_login_logout (tests.site_tests.TestLoginLogout)
Validate login and logout methods by toggling the state.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "c:\projects\pywikibot-g4xqx\tests\site_tests.py", line 3717, in test_login_logout
    site.login()
  File "c:\projects\pywikibot-g4xqx\pywikibot\site.py", line 2101, in login
    if login_manager.login(retry=True, autocreate=autocreate):
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 306, in login
    self.check_user_exists()
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 155, in check_user_exists
    % (main_username, self.site))
NoUsername: Username 'None' does not exist on wikipedia:en
----------------------------------------------------------------------
Xqt added a comment.May 6 2019, 9:26 AM

Seems there is no password found to login

Perhaps this should be skipped on AppVeyor as we have no chance to add password/env variable in AppVeyor config?

Change 508893 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

The later patch also intents to skip test on AppVeyor.
I'm not sure how to deal with the pywikibot.data.api.APIError: Failed: You have made too many recent login attempts. Please wait 5 minutes before trying again. present on Travis.

Apart from the wsbeta and musicbrainz on Travis there sometimes occur infinite loops:

https://travis-ci.org/wikimedia/pywikibot/jobs/530930561
https://travis-ci.org/wikimedia/pywikibot/jobs/530930559

Change 508893 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

Change 510520 had a related patch set uploaded (by Xqt; owner: Xqt):
[pywikibot/core@master] Skip TestLoginLogout unless it is running on Travis

https://gerrit.wikimedia.org/r/510520

Change 510520 merged by jenkins-bot:
[pywikibot/core@master] Skip TestLoginLogout if it is running on Appveyor

https://gerrit.wikimedia.org/r/510520

Dvorapa added a comment.EditedMay 16 2019, 10:23 AM

Okay, Appveyor tests skipped, en:wsbeta test account created. Last fails:

  • en:musicbrainz - test account created, but still failing (weird)
  • zh:wikisource - sometimes some login_logout test timeouts
  • en:musicbrainz - test account created, but still failing (weird)

For en:musicbrainz I see pywikibot.data.api.APIError: Failed: Incorrect username or password entered. Please try again. and it is full of

Logging in to musicbrainz:en as Pywikibot-test
ERROR: Login failed (Failed).
Xqt added a comment.May 25 2019, 10:02 AM
  • en:musicbrainz - test account created, but still failing (weird)

For en:musicbrainz I see pywikibot.data.api.APIError: Failed: Incorrect username or password entered. Please try again. and it is full of

Logging in to musicbrainz:en as Pywikibot-test
ERROR: Login failed (Failed).

Probably travis username/password settings does not match the musicbrainz test account?

The username and general password do match. What else should be set to make it work? OAuth? Some preferences?

Xqt added a comment.EditedMay 25 2019, 11:29 AM

What else should be set to make it work? OAuth? Some preferences?

I've no glue. Deactivating tests where login is needed then.

musicbrainz issue solved, only the timeout is the issue now (happens only sometimes)

Xqt added a comment.May 27 2019, 6:28 PM

musicbrainz issue solved

What was the problem here?

Dvorapa added a comment.EditedMay 27 2019, 6:55 PM

musicbrainz issue solved

What was the problem here?

My stupidity: I created the Pywikibot-test account on musicbrainz, not musicbrainz wiki :D

Dalba added a subscriber: Dalba.EditedMay 31 2019, 4:34 AM

Change 508893 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] clear tokens on logout()
https://gerrit.wikimedia.org/r/508893

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Xqt added a comment.May 31 2019, 10:09 AM

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Is this recognized for APPVEYOR tests?

Xqt moved this task from Needs Review to Backlog on the Pywikibot board.Sep 12 2019, 11:36 AM