Token missing
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Steinsplitter
	May 13 2019, 2:05 PM

Description

Token missing in addwiki-api and addwiki-api-base.

PHP Fatal error: Uncaught Mediawiki\Api\UsageException: Code: notoken
Message: The "token" parameter must be set.
Result: {"error":{"code":"notoken","info":"The \"token\" parameter must be set.","*":"See https:\/\/commons.wikimedia.org\/w\/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https:\/\/lists.wikimedia.org\/mailman\/listinfo\/mediawiki-api-announce> for notice of API deprecations and breaking changes."},"servedby":"mw1276"} in /vendor/addwiki/mediawiki-api-base/src/MediawikiApi.php:374

Related Objects

Mentioned Here: T25227: Use token when logging out

Event Timeline

Steinsplitter created this task.May 13 2019, 2:05 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 13 2019, 2:05 PM

This is important. Because of this the Delinker bot is down, and there is already a huge queue:
https://commons.wikimedia.org/wiki/User:CommonsDelinker/commands

Steinsplitter added a subscriber: Magnus.May 13 2019, 2:13 PM

Ankry subscribed.May 13 2019, 3:02 PM

Line refers to https://github.com/addwiki/mediawiki-api-base/blob/master/src/MediawikiApi.php#L376 I think. Without a stack trace this is a bit hard to debug. Might be related to https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2019-April/000145.html

JeanFred subscribed.May 14 2019, 9:15 AM

In T223106#5178195, @Multichill wrote:

Line refers to https://github.com/addwiki/mediawiki-api-base/blob/master/src/MediawikiApi.php#L376 I think. Without a stack trace this is a bit hard to debug. Might be related to https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2019-April/000145.html

Sorry, forgot to add that!

Exactly, the error is caused when the logout();[1] function is called.

https://github.com/addwiki/mediawiki-api-base/blob/1faa726371ef6d7c28eb81e5f269b9bf9a64973c/src/MediawikiApi.php#L490 (so SimpleRequest has to be extended with params['token'] in that line i guess)

Addshore moved this task from Incoming to In Progress on the Addwiki board.May 14 2019, 8:44 PM

I found this discussion here because I get the same error message above in line 1 on different PCs when using nameGuzzler. What I have to do to get nameGuzzler to work again for me (looks like it works for other users).

PS: Solved by copying the slightly modified content of commons.js and nameGuzzler.js from Wikidata User:Jitrixis to the own pages.

Found in the [Mediawiki-api-announce] mailing list (april 2019) : BREAKING CHANGE: Action API action=logout will require a CSRF token (Brad Jorsch (Anomie))

See https://phabricator.wikimedia.org/T25227

With the merge of Icb674095,[1] use of API action=logout will require a
CSRF token. This was considered a security issue, so the usual deprecation
process was not followed. See T25227[2] for details.

Clients that do not use a CSRF token with action=logout will receive a
badtoken error message *and will not be logged out*.

This change should be deployed to Wikimedia wikis with 1.34.0-wmf.3. See
https://www.mediawiki.org/wiki/MediaWiki_1.34/Roadmap for a schedule.

Overall client impact is expected to be relatively low, as gathered
statistics indicate there are relatively few users of this API call. None
the less, maintainers should check their code for use of action=logout and
update as necessary to maintain expected operation.

Looks like this is fixed: https://commons.wikimedia.org/w/index.php?title=User:CommonsDelinker/commands&diff=376718950&oldid=376716665

Token missingClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Token missing
Closed, ResolvedPublic
Actions