Page MenuHomePhabricator
Create Task
Maniphest T222508

action=logout needs CSRF token, since API breaking change
Closed, ResolvedPublic
Actions

Description

Since T25227: Use token when logging out was resolved and pushed on live WMF wikis, pywikibot.Site().logout() fails with pywikibot.data.api.APIError: notoken: The "token" parameter must be set..

Details

SubjectRepoBranchLines +/-
Skip TestLoginLogout if it is running on Appveyorpywikibot/coremaster+1 -1
[bugfix] clear tokens on logout()pywikibot/coremaster+6 -0
[TEST] fix test_login_logout, OAuth casepywikibot/coremaster+16 -6
[TEST] fix test_login_logoutpywikibot/coremaster+3 -1
[bugfix] add CSRF token in sitelogout() api callpywikibot/coremaster+31 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

Framawiki created this task.May 4 2019, 9:26 AM
Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald TranscriptMay 4 2019, 9:26 AM
Dvorapa triaged this task as High priority.May 4 2019, 10:19 AM
gerritbot added a comment.May 4 2019, 11:48 AM

Change 508072 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [bugfix] add CSRF token in sitelogout() api call

https://gerrit.wikimedia.org/r/508072

gerritbot added a project: Patch-For-Review.May 4 2019, 11:48 AM
Framawiki moved this task from Backlog to Needs Review on the Pywikibot board.May 4 2019, 11:54 AM
Xqt closed this task as Resolved.May 4 2019, 3:45 PM
gerritbot added a comment.May 4 2019, 3:48 PM

Change 508072 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] add CSRF token in sitelogout() api call

https://gerrit.wikimedia.org/r/508072

Xqt reopened this task as Open.May 4 2019, 4:52 PM
Xqt subscribed.

Reopened due to failing tests

Xqt added a comment.May 4 2019, 6:01 PM
=================================== FAILURES ===================================
______________________ TestLoginLogout.test_login_logout _______________________

self = <tests.site_tests.TestLoginLogout testMethod=test_login_logout>

    def test_login_logout(self):
        """Validate login and logout methods by toggling the state."""
        site = self.get_site()
        loginstatus = pywikibot.site.LoginStatus
    
        self.assertFalse(site.logged_in())
    
        site.login()
        self.assertTrue(site.logged_in())
>       self.assertGreaterEqual(site._loginstatus, loginstatus.AS_USER)
E       AssertionError: -2 not greater than or equal to 0

tests/site_tests.py:3719: AssertionError
gerritbot added a comment.May 4 2019, 7:22 PM

Change 508094 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [TEST] fix test_login_logout

https://gerrit.wikimedia.org/r/508094

gerritbot added a comment.May 4 2019, 8:01 PM

Change 508094 merged by jenkins-bot:
[pywikibot/core@master] [TEST] fix test_login_logout

https://gerrit.wikimedia.org/r/508094

Xqt closed this task as Resolved.May 5 2019, 5:46 AM
Xqt reopened this task as Open.May 5 2019, 9:42 AM

Still fails for several wikis: https://travis-ci.org/wikimedia/pywikibot/builds/528251139

gerritbot added a comment.May 5 2019, 9:55 AM

Change 508111 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [TEST] fix test_login_logout, OAuth case

https://gerrit.wikimedia.org/r/508111

gerritbot added a comment.May 5 2019, 10:12 AM

Change 508111 merged by jenkins-bot:
[pywikibot/core@master] [TEST] fix test_login_logout, OAuth case

https://gerrit.wikimedia.org/r/508111

Xqt added a comment.May 5 2019, 1:42 PM

There are two remaining issues for wsbeta and musicbrainz: https://travis-ci.org/wikimedia/pywikibot/builds/528404683

Dvorapa subscribed.May 6 2019, 7:00 AM

Since the very first patch it also fails on AppVeyor with the following error:

======================================================================
ERROR: test_login_logout (tests.site_tests.TestLoginLogout)
Validate login and logout methods by toggling the state.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "c:\projects\pywikibot-g4xqx\tests\site_tests.py", line 3717, in test_login_logout
    site.login()
  File "c:\projects\pywikibot-g4xqx\pywikibot\site.py", line 2101, in login
    if login_manager.login(retry=True, autocreate=autocreate):
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 306, in login
    self.check_user_exists()
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 155, in check_user_exists
    % (main_username, self.site))
NoUsername: Username 'None' does not exist on wikipedia:en
----------------------------------------------------------------------
Xqt added a comment.May 6 2019, 9:26 AM

Seems there is no password found to login

Dvorapa added a comment.May 6 2019, 9:28 AM

Perhaps this should be skipped on AppVeyor as we have no chance to add password/env variable in AppVeyor config?

Xqt removed a project: Patch-For-Review.May 7 2019, 12:59 PM
gerritbot added a comment.May 8 2019, 6:56 PM

Change 508893 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

gerritbot added a project: Patch-For-Review.May 8 2019, 6:56 PM
Framawiki added a comment.May 8 2019, 6:58 PM

The later patch also intents to skip test on AppVeyor.
I'm not sure how to deal with the pywikibot.data.api.APIError: Failed: You have made too many recent login attempts. Please wait 5 minutes before trying again. present on Travis.

Dvorapa added a comment.May 10 2019, 10:20 PM

Apart from the wsbeta and musicbrainz on Travis there sometimes occur infinite loops:

https://travis-ci.org/wikimedia/pywikibot/jobs/530930561
https://travis-ci.org/wikimedia/pywikibot/jobs/530930559

gerritbot added a comment.May 14 2019, 10:49 AM

Change 508893 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

gerritbot added a comment.May 15 2019, 2:11 PM

Change 510520 had a related patch set uploaded (by Xqt; owner: Xqt):
[pywikibot/core@master] Skip TestLoginLogout unless it is running on Travis

https://gerrit.wikimedia.org/r/510520

gerritbot added a comment.May 16 2019, 9:11 AM

Change 510520 merged by jenkins-bot:
[pywikibot/core@master] Skip TestLoginLogout if it is running on Appveyor

https://gerrit.wikimedia.org/r/510520

Dvorapa added a comment.EditedMay 16 2019, 10:23 AM

Okay, Appveyor tests skipped, en:wsbeta test account created. Last fails:

  • en:musicbrainz - test account created, but still failing (weird)
  • zh:wikisource - sometimes some login_logout test timeouts
Maintenance_bot removed a project: Patch-For-Review.May 22 2019, 3:13 PM
Framawiki added a comment.May 25 2019, 9:55 AM
In T222508#5186431, @Dvorapa wrote:
  • en:musicbrainz - test account created, but still failing (weird)

For en:musicbrainz I see pywikibot.data.api.APIError: Failed: Incorrect username or password entered. Please try again. and it is full of

Logging in to musicbrainz:en as Pywikibot-test
ERROR: Login failed (Failed).
Xqt added a comment.May 25 2019, 10:02 AM
In T222508#5212037, @Framawiki wrote:
In T222508#5186431, @Dvorapa wrote:
  • en:musicbrainz - test account created, but still failing (weird)

For en:musicbrainz I see pywikibot.data.api.APIError: Failed: Incorrect username or password entered. Please try again. and it is full of

Logging in to musicbrainz:en as Pywikibot-test
ERROR: Login failed (Failed).

Probably travis username/password settings does not match the musicbrainz test account?

Dvorapa added a comment.May 25 2019, 11:21 AM

The username and general password do match. What else should be set to make it work? OAuth? Some preferences?

Xqt added a comment.EditedMay 25 2019, 11:29 AM
In T222508#5212114, @Dvorapa wrote:

What else should be set to make it work? OAuth? Some preferences?

I've no glue. Deactivating tests where login is needed then.

Dvorapa added a comment.May 27 2019, 5:49 PM

musicbrainz issue solved, only the timeout is the issue now (happens only sometimes)

Xqt added a comment.May 27 2019, 6:28 PM
In T222508#5215288, @Dvorapa wrote:

musicbrainz issue solved

What was the problem here?

Dvorapa added a comment.EditedMay 27 2019, 6:55 PM
In T222508#5215339, @Xqt wrote:
In T222508#5215288, @Dvorapa wrote:

musicbrainz issue solved

What was the problem here?

My stupidity: I created the Pywikibot-test account on musicbrainz, not musicbrainz wiki :D

Dalba subscribed.EditedMay 31 2019, 4:34 AM
In T222508#5179922, @gerritbot wrote:

Change 508893 merged by jenkins-bot:
[pywikibot/core@master] [bugfix] clear tokens on logout()

https://gerrit.wikimedia.org/r/508893

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Dalba mentioned this in T224712: Attempt to login fails several times.May 31 2019, 8:33 AM
Dvorapa added a subtask: T224712: Attempt to login fails several times.May 31 2019, 10:00 AM
Xqt added a comment.May 31 2019, 10:09 AM
In T222508#5225437, @Dalba wrote:

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Is this recognized for APPVEYOR tests?

Xqt added a parent task: T229364: CSRF token issues (tracking).Jul 30 2019, 5:54 PM
Xqt moved this task from Needs Review to Backlog on the Pywikibot board.Sep 12 2019, 11:36 AM
Dvorapa added a comment.EditedMar 29 2020, 3:15 AM
In T222508#5158894, @Dvorapa wrote:

Since the very first patch it also fails on AppVeyor with the following error:

======================================================================
ERROR: test_login_logout (tests.site_tests.TestLoginLogout)
Validate login and logout methods by toggling the state.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "c:\projects\pywikibot-g4xqx\tests\site_tests.py", line 3717, in test_login_logout
    site.login()
  File "c:\projects\pywikibot-g4xqx\pywikibot\site.py", line 2101, in login
    if login_manager.login(retry=True, autocreate=autocreate):
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 306, in login
    self.check_user_exists()
  File "c:\projects\pywikibot-g4xqx\pywikibot\login.py", line 155, in check_user_exists
    % (main_username, self.site))
NoUsername: Username 'None' does not exist on wikipedia:en
----------------------------------------------------------------------

! In T222508#5159234, @Xqt wrote:

Seems there is no password found to login

Means passed badtoken APIError, see T248771 and T248769

Dvorapa added a comment.EditedMar 29 2020, 3:16 AM
In T222508#5168363, @Framawiki wrote:

The later patch also intents to skip test on AppVeyor.
I'm not sure how to deal with the pywikibot.data.api.APIError: Failed: You have made too many recent login attempts. Please wait 5 minutes before trying again. present on Travis.

Solved yesterday by appending to 'Throttle' response and parsing time

Dvorapa added a comment.Mar 29 2020, 3:18 AM
In T222508#5225702, @Xqt wrote:
In T222508#5225437, @Dalba wrote:

Wouldn't it be better to mark the test with a user = True attribute instead of skipIf(os.environ.get('APPVEYOR', ...?

Is this recognized for APPVEYOR tests?

Credentials added to AppVeyor, but Appveyor failing to load settings currently. Anyway, we can enable tests once Upstream issue solved or workarounded

Dvorapa added a subtask: T245012: test bot is unable to login on wikipedia:en.Mar 29 2020, 12:08 PM
Dvorapa removed a subtask: T245012: test bot is unable to login on wikipedia:en.Apr 3 2020, 3:43 PM
Dvorapa changed the status of subtask T224712: Attempt to login fails several times from Open to Stalled.Apr 6 2020, 5:35 PM
Xqt changed the status of subtask T224712: Attempt to login fails several times from Stalled to Open.Oct 19 2020, 6:20 AM
Framawiki removed Framawiki as the assignee of this task.Jan 22 2021, 7:29 PM
Xqt added a comment.Jul 3 2021, 4:29 PM

Tests are failing now due to this https://travis-ci.com/github/wikimedia/pywikibot/jobs/521442547

Xqt added a comment.Jan 10 2022, 1:13 PM

https://github.com/xqt/pwb/runs/4761389285?check_suite_focus=true

======================================================================
ERROR: test_clear_cookies (tests.site_tests.TestClearCookies)
Test cookies are cleared (T224712).
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/runner/work/pwb/pwb/tests/site_tests.py", line 3633, in test_clear_cookies
    site.logout()
  File "/home/runner/work/pwb/pwb/pywikibot/site/_apisite.py", line 430, in logout
    uirequest.submit()
  File "/home/runner/work/pwb/pwb/pywikibot/data/api.py", line 1868, in submit
    raise pywikibot.exceptions.APIError(**result['error'])
pywikibot.exceptions.APIError: missingparam: The "token" parameter must be set.
[help: See https://zh.wikisource.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/&gt; for notice of API deprecations and breaking changes.]
Xqt added a project: TestMe.Oct 18 2022, 4:00 AM

I guess this is solved

Xqt closed this task as Resolved.Oct 18 2022, 4:19 AM
Xqt claimed this task.
Xqt mentioned this in T326614: Don't try to login during logout.Jan 10 2023, 7:09 AM
Xqt closed subtask T224712: Attempt to login fails several times as Resolved.Apr 10 2023, 5:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL