Value proposition
The Citation Bot web interface doesn't have any kind of authentication for users who wish to run the bot on the wiki. Thus, it can be used to circumvent blocks or interaction bans on Wikipedia (albeit in a limited fashion). Here's a report of such use for harassment. Note that the edits made by the bot itself are fine, the issue is that the bot is being used to follow around other users despite the interaction ban on user triggering the bot.
Most user-activated bots these days use OAuth to handle authentication, but Citation bot was built in the days before OAuth existed. It should be relatively easy, however, to add OAuth to the bot interface using one of the PHP OAuth libraries.
Acceptance criteria:
- It isn't possible to use https://tools.wmflabs.org/citations/ without authenticating via OAuth.
- The actual edit is made via the authenticated user's account.