Page MenuHomePhabricator
Create Task
Maniphest T261050

Frequent "Invalid CSRF token" errors on Wikimedia projects using Pywikibot since August 2020
Open, HighPublic
Actions

Description

Since August 2020 I often seem to be getting "Invalid CSRF token" errors in Pywikibot. At first I thought I messed something up in my own code, but I get a whole bunch of them using touch.py. I've only seen this error on Commons, but that might be because I've not run a lot of stuff on Wikidata. I'm using the latest git version from this month. I'm pretty sure I haven't seen this error before or at least not as often as now. It seems to be coming in waves (intermittent problem). It's unclear to me if this is caused by the Mediawiki-api, Pywikibot or the two of them not properly communicating.

I wonder if it's visible in logstash.wikimedia.org/ if a user is hitting this error and if so, if an increase is visible.

Details

SubjectRepoBranchLines +/-
[IMPR] Print login status to log file if 'badtoken' API error occurespywikibot/coremaster+16 -12
Customize query in gerrit

Related Objects
Search...

Event Timeline

Multichill created this task.Aug 22 2020, 5:12 PM
Restricted Application added a project: Platform Engineering. · View Herald TranscriptAug 22 2020, 5:12 PM
Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald Transcript
Xqt added a parent task: T229364: CSRF token issues (tracking).Aug 22 2020, 6:14 PM
Multichill added a comment.Aug 24 2020, 4:17 PM

@Xqt what is the correct way to force the bot to get a new token? Just site.get_tokens() or something else? I noticed some of my bots now stuck with 100s of errors in a row.

Xqt added a subscriber: Tgr.Aug 25 2020, 1:00 AM

Unfortunately I am not familiar with it. I haven't seen that problem for a long time. But we have no CI tests for commons as default site, I guess we should have some.

eprodromou triaged this task as Medium priority.Aug 25 2020, 8:18 PM
eprodromou edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering.
eprodromou subscribed.

Accepting this for clinic duty. Not sure what's going on here, but we have a couple of ideas.

daniel added subscribers: Krinkle, daniel.Aug 25 2020, 8:18 PM

Pinging @Krinkle in case it's a main stash thing.

eprodromou moved this task from Inbox to Later on the Platform Team Workboards (Clinic Duty Team) board.Aug 25 2020, 8:18 PM
Tgr added a comment.Aug 25 2020, 10:27 PM

What login method are you using?

In T261050#6410502, @daniel wrote:

Pinging @Krinkle in case it's a main stash thing.

The main stash is not involved with CSRF tokens, it's either a SessionManager thing or a Kask thing (assuming it's on our side).

Multichill added a comment.Aug 26 2020, 7:16 PM
In T261050#6410732, @Tgr wrote:

What login method are you using?

Classic login

In T261050#6410502, @daniel wrote:

Pinging @Krinkle in case it's a main stash thing.

The main stash is not involved with CSRF tokens, it's either a SessionManager thing or a Kask thing (assuming it's on our side).

I was unable to find any relevant logging in logstash.

Tgr added a comment.Aug 26 2020, 9:35 PM

If the error is easy enough to reproduce, you could try setting the X-Wikimedia-Debug header to get some pretty detailed logs.

matej_suchanek subscribed.Aug 28 2020, 11:58 AM

https://travis-ci.org/github/wikimedia/pywikibot/jobs/721977220 (large page) got this warning once and then on every next attempt:

WARNING: API error badtoken: Invalid CSRF token.
ERROR: Received incorrect login token. Forcing re-login.
Xqt mentioned this in T261521: Pywikibot-test is logging in frequently.Aug 29 2020, 10:36 AM
Multichill added a comment.Aug 29 2020, 6:30 PM
In T261050#6414369, @Tgr wrote:

If the error is easy enough to reproduce, you could try setting the X-Wikimedia-Debug header to get some pretty detailed logs.

No, it's not, it seems to be intermittent. I added a bit more debugging code to my bot. When it hits the exception, it will print the current token, grab a new one and print the new one. The new and old tokens are the same so either the bot is not actually getting a new token or the api is returning the same one. I'll investigate a bit more.

Multichill added a comment.EditedAug 29 2020, 7:41 PM

I think I found what is going wrong. site.get_tokens(['csrf']) gets you a new token, but doesn't update the internal token state:

>>> import pywikibot
>>> site = pywikibot.Site(u'commons', u'commons')
>>> print (site.tokens['csrf'])
1ade99bef6b895e188692438b12cbd9e5f4aacac+\
>>> site.get_tokens(['csrf'])
{'csrf': '113400e3b87ae1d1d53ec4ebee9bde105f4aacb8+\\'}
>>> print (site.tokens['csrf'])
1ade99bef6b895e188692438b12cbd9e5f4aacac+\

Looks like a site.tokens.load_tokens(['csrf']) does refresh the token, all quite confusing.

Xqt added a comment.EditedAug 29 2020, 8:06 PM

site.tokens property is the container object which holds tokens. It uses site.get_tokens() to load tokens.

Multichill added a comment.Aug 30 2020, 11:27 AM

I think this happens:

  • Bot fires up and gets some tokens
  • Bot does a lot of edits all with the same token
  • For some reason after a long time the token is not valid anymore
  • The bot continues to try to edit with the old invalid token instead of getting a new one

How long is a token supposed to be valid? Forever? The Pywikibot code seems to assume that it can use the same token for all edits in a one run. One run can take days or weeks. As a work around I now force the site to get a new token when I run into a problem. That seems to be stable.

So I think Pywikibot needs to be updated in the framework itself that if it runs into a token error, the a new token gets retrieved, updated in the token cache and the edit should be retried. Agree @Xqt ?

Most relevant code is in https://github.com/wikimedia/pywikibot/blob/master/pywikibot/site/__init__.py btw.

Krinkle unsubscribed.Aug 30 2020, 2:27 PM
Tgr added a comment.Aug 31 2020, 12:09 PM

Tokens never expire, but the session that holds them can. That behavior changed recently with the switch to Kask (less recently than August, though): before we had theoretically-infinite sessions which could get evicted, now we have a set session lifetime (1 day, IIRC?).

The session also gets terminted when authentication fails, so possibly the bot actually gets logged out and the CSRF error is an effect of that.

Xqt added a comment.Aug 31 2020, 1:25 PM

@Multichill: do you have any tracebacks for investigation?

JJMC89 renamed this task from Frequent "Invalid CSRF token" errors on Wikimedia Commons using Pywikibot since August 2020 to Frequent "Invalid CSRF token" errors on Wikimedia projects using Pywikibot since August 2020.EditedSep 2 2020, 6:03 AM
JJMC89 removed a project: Commons.
JJMC89 subscribed.

This isn't just on Commons.

First Invalid CSRF token error from a job that started 2020-09-01 05:59:32.
2020-09-02 02:43:21             api.py, 2025 in             submit: WARNING  API error badtoken: Invalid CSRF token.
2020-09-02 02:43:21             api.py, 2074 in             submit: VERBOSE  API Error: query=
("{'assert': ['user'], 'nocreate': [True], 'text': ['{{possibly empty "
 'category}} {{Tracking category}} {{polluted category}}[[Category:Infobox '
 "road instances in Australia', 'Australian Capital Territory]]'], 'summary': "
 "['Removing [[:Category:Empty categories with no backlinks]] per "
 '[[Wikipedia:Categories for discussion/Log/2020 August 9#Category:Empty '
 "categories with no backlinks]]'], 'action': ['edit'], 'createonly': [False], "
 "'format': ['json'], 'minor': [True], 'token': "
 "['<token_goes_here>'], 'basetimestamp': "
 "[Timestamp(2020, 8, 22, 10, 26)], 'bot': [True], 'recreate': [True], "
 "'title': [Category('Category:Infobox road instances in the Australian "
 "Capital Territory')], 'notminor': [False], 'maxlag': ['5']}")
2020-09-02 02:43:21             api.py, 2076 in             submit: VERBOSE             response=
{'error': {'info': 'Invalid CSRF token.', 'code': 'badtoken', 'help': 'See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; for notice of API deprecations and breaking changes.'}, 'servedby': 'mw2368'}
2020-09-02 02:43:21        __init__.py,  108 in             handle: VERBOSE  Error saving page [[Category:Infobox road instances in the Australian Capital Territory]] (badtoken: Invalid CSRF token.
[help: See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; for notice of API deprecations and breaking changes.])
Traceback (most recent call last):
  File "/shared/pywikibot/core_stable/pywikibot/page/__init__.py", line 99, in handle
    func(self, *args, **kwargs)
  File "/shared/pywikibot/core_stable/pywikibot/page/__init__.py", line 1315, in _save
    watch=watch, bot=botflag, **kwargs)
  File "/shared/pywikibot/core_stable/pywikibot/site/_decorators.py", line 94, in callee
    return fn(self, *args, **kwargs)
  File "/shared/pywikibot/core_stable/pywikibot/site/__init__.py", line 5202, in editpage
    result = req.submit()
  File "/shared/pywikibot/core_stable/pywikibot/data/api.py", line 2078, in submit
    raise APIError(**result['error'])
pywikibot.data.api.APIError: badtoken: Invalid CSRF token.
[help: See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; for notice of API deprecations and breaking changes.]
2020-09-02 02:43:22             bot.py, 1251 in         _save_page: ERROR    Skipping Category:Infobox road instances in the Australian Capital Territory because of a save related error: Edit to page [[Category:Infobox road instances in the Australian Capital Territory]] failed:
badtoken: Invalid CSRF token.
[help: See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; for notice of API deprecations and breaking changes.]
daniel edited projects, added Platform Engineering; removed Platform Team Workboards (Clinic Duty Team).Sep 2 2020, 2:51 PM

Based on Multichill's analysis, I assume this is working as designed on the MediaWiki side, and needs to be fixed in pywikibot.

However, MediaWiki documentations should be more clear on session lifetime (and whether it's counted against periods of inactivity, or in total). Documentation for the token API should also be improved in that respect.

I'm dropping this off the clinic duty board, since I don't see anything for PET to do here.

daniel moved this task from Inbox to Tracking/Watching on the Platform Engineering board.Sep 2 2020, 2:52 PM
Xqt added a comment.Sep 3 2020, 4:36 AM

I can confirm that badtoken error is not handled by pywikibot.data.api.py like other API exceptions.

Count_Count subscribed.Sep 4 2020, 8:55 PM
Multichill raised the priority of this task from Medium to High.Sep 7 2020, 4:14 PM
Multichill added a subscriber: Schlurcher.

Bumping this to high because this makes longer pywikibot bot runs crash.

Tgr added a comment.Sep 7 2020, 6:09 PM
In T261050#6430351, @daniel wrote:

However, MediaWiki documentations should be more clear on session lifetime (and whether it's counted against periods of inactivity, or in total). Documentation for the token API should also be improved in that respect.

Do you know which pieces of documentation should be updated?

Xqt added a comment.Sep 7 2020, 6:33 PM
In T261050#6440882, @Multichill wrote:

Bumping this to high because this makes longer pywikibot bot runs crash.

Very strange! My bots are working since weeks without any problem.

Xqt added a comment.EditedSep 7 2020, 6:37 PM

@Multichill: In front of this raising API exception

File "/shared/pywikibot/core_stable/pywikibot/data/api.py", line 2078, in submit
  raise APIError(**result['error'])

a log entry should be made in api.py line 2040:

pywikibot.log('API Error: query=\n%s'
              % pprint.pformat(param_repr))
pywikibot.log('           response=\n%s'
              % result)

Anyway there is a badtoken handling in line 2014/1871. No idea why this fails but there is also some hints witten to the log file (lines 1886 and 1904). This would be very helpfull to investigate in this matter.

gerritbot added a comment.Sep 7 2020, 7:07 PM

Change 625720 had a related patch set uploaded (by Xqt; owner: Xqt):
[pywikibot/core@master] [IMPR] Print login status to log fil if 'badtoken' API error occures

https://gerrit.wikimedia.org/r/625720

gerritbot added a project: Patch-For-Review.Sep 7 2020, 7:07 PM
Xqt added a comment.Sep 7 2020, 7:11 PM

Looks like LoginStatus is IN_PROGRESS during that 'badtoken' error.

gerritbot added a comment.Sep 14 2020, 12:37 PM

Change 625720 merged by jenkins-bot:
[pywikibot/core@master] [IMPR] Print login status to log file if 'badtoken' API error occures

https://gerrit.wikimedia.org/r/625720

Xqt mentioned this in rPWBC332e89f27038: [IMPR] Print login status to log file if 'badtoken' API error occures.Sep 14 2020, 1:31 PM
Xqt removed a project: Patch-For-Review.Sep 15 2020, 5:45 AM
Xqt added a comment.Sep 16 2020, 10:17 AM

I guess after T263010 is merged this error should write 'Login status: IN_PROGRESS' into the logfile every time. @Multichill could you confirm?

Is this bug related to T261066?

Xqt added a comment.Sep 24 2020, 11:11 AM

See https://travis-ci.org/github/wikimedia/pywikibot/jobs/729896717 for a sample

Xqt added a comment.Sep 24 2020, 11:37 AM

The problematic loop is inside api.LoginManager.getCookie():
Status in line 3112 is 'badtoken', the error is printed in line 3122. After that session cookies are deleted in line 3125/51. After that a new 'login' token is retrieved in line 3090/3150

See also: T224712

SuperHamster subscribed.Aug 2 2021, 10:45 PM
SuperHamster added a comment.Aug 3 2021, 8:43 PM

Just noting that I was experiencing this issue while running touch.py, so I updated my PWB installation to the latest version (6.4.0) and no longer experience it. This may have been incidentally fixed at some point, if anyone knows what change that might have been and/or wants to confirm whether they are still experiencing this issue.

JJMC89 added a comment.Aug 6 2021, 4:29 PM

The error is still an issue. It appears to have decreased in frequency though. I am using OAuth if that matters.

2021-08-06 11:47:04             bot.py,  466 in     writelogheader: VERBOSE  === Pywikibot framework v6.5.0 -- Logging header ===
2021-08-06 11:47:04             bot.py,  469 in     writelogheader: VERBOSE  COMMAND: ['/data/project/jjmc89-bot/repos/JJMC89_bot/enwiki/cfdw.py', '-dir:.pywikibot_cfdwl', '-page:WP:Categories_for_discussion/Working/Large', '-page:WP:Categories_for_discussion/Working']
2021-08-06 11:47:04             bot.py,  472 in     writelogheader: VERBOSE  DATE: 2021-08-06 11:47:04.201385 UTC
2021-08-06 11:47:04             bot.py,  477 in     writelogheader: VERBOSE  VERSION: pywikibot/__init__.py (, -1 (unknown), 2021/08/05, 18:30:39, n/a)
2021-08-06 11:47:04             bot.py,  483 in     writelogheader: VERBOSE  SYSTEM: posix.uname_result(sysname='Linux', nodename='cfdwl-1628250420-dzr66', release='4.19.0-14-amd64', version='#1 SMP Debian 4.19.171-2 (2021-01-30)', machine='x86_64')
2021-08-06 11:55:17             api.py, 1815 in             submit: VERBOSE             headers=
{'Date': 'Fri, 06 Aug 2021 11:55:14 GMT', 'Server': 'mw2372.codfw.wmnet', 'X-Content-Type-Options': 'nosniff', 'Mediawiki-Api-Error': 'badtoken', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Disposition': 'inline; filename=api-result.json', 'Cache-Control': 'private, must-revalidate, max-age=0', 'Content-Type': 'application/json; charset=utf-8', 'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding', 'Age': '6', 'X-Cache': 'cp1077 pass, cp1087 pass', 'X-Cache-Status': 'pass', 'Server-Timing': 'cache;desc="pass", host;desc="cp1087"', 'Strict-Transport-Security': 'max-age=106384710; includeSubDomains; preload', 'Report-To': '{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }', 'NEL': '{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}', 'Permissions-Policy': 'interest-cohort=()', 'X-Client-IP': '172.16.1.189', 'Accept-Ranges': 'bytes', 'Content-Length': '242', 'Connection': 'keep-alive'}
2021-08-06 11:55:17             api.py, 1695 in         _bad_token: VERBOSE  Login status: IN_PROGRESS
2021-08-06 11:55:17             api.py, 1865 in             submit: VERBOSE  API Error: query=
("{'action': ['edit'], 'title': [Category('Category:Clean-up categories from "
 "January 2017')], 'text': ['{{Monthly clean-up category}}'], 'token': "
 "['<redacted>'], 'summary': "
 "['[[Wikipedia:Categories for discussion/Log/2021 June 17#Category:Clean-up "
 "categories]] closed as no consensus'], 'bot': [True], 'recreate': [True], "
 "'createonly': [False], 'nocreate': [False], 'minor': [True], 'notminor': "
 "[False], 'basetimestamp': [Timestamp(2021, 7, 30, 5, 0, 27)], 'assert': "
 "['user'], 'maxlag': ['5'], 'format': ['json']}")
2021-08-06 11:55:17             api.py, 1866 in             submit: VERBOSE             response=
{'error': {'code': 'badtoken', 'info': 'Invalid CSRF token.', 'help': 'See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/&gt; for notice of API deprecations and breaking changes.'}, 'servedby': 'mw2372'}
2021-08-06 11:55:17     _decorators.py,   42 in             handle: VERBOSE  Error saving page [[Category:Clean-up categories from January 2017]] (badtoken: Invalid CSRF token.
[help: See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/&gt; for notice of API deprecations and breaking changes.])
Traceback (most recent call last):
  File "/data/project/jjmc89-bot/.venvs/jjmc89-bot/lib/python3.7/site-packages/pywikibot/page/_decorators.py", line 33, in handle
    func(self, *args, **kwargs)
  File "/data/project/jjmc89-bot/.venvs/jjmc89-bot/lib/python3.7/site-packages/pywikibot/page/__init__.py", line 1224, in _save
    watch=watch, bot=botflag, **kwargs)
  File "/data/project/jjmc89-bot/.venvs/jjmc89-bot/lib/python3.7/site-packages/pywikibot/site/_decorators.py", line 92, in callee
    return fn(self, *args, **kwargs)
  File "/data/project/jjmc89-bot/.venvs/jjmc89-bot/lib/python3.7/site-packages/pywikibot/site/_apisite.py", line 1633, in editpage
    result = req.submit()
  File "/data/project/jjmc89-bot/.venvs/jjmc89-bot/lib/python3.7/site-packages/pywikibot/data/api.py", line 1868, in submit
    raise pywikibot.exceptions.APIError(**result['error'])
pywikibot.exceptions.APIError: badtoken: Invalid CSRF token.
[help: See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/&gt; for notice of API deprecations and breaking changes.]
2021-08-06 11:55:17        __init__.py, 1332 in             _flush: VERBOSE  Dropped throttle(s).
2021-08-06 11:55:17            http.py,   88 in              flush: VERBOSE  Closing network session.
2021-08-06 11:55:17            http.py,   92 in              flush: CRITICAL Exiting due to uncaught exception <class 'pywikibot.exceptions.OtherPageSaveError'>
2021-08-06 11:55:17            http.py,   94 in              flush: VERBOSE  Network session closed.
Shizhao subscribed.Oct 19 2021, 7:10 AM
Shizhao added a comment.EditedOct 19 2021, 7:54 AM

This error sometimes occurs when using page.save(), sometimes not

Here is the error log of one of my scripts:

ERROR: Logged in as '172.16.7.13' instead of 'Alertlivebot'. Forcing re-login.
WARNING: No user is logged in on site wikipedia:zh
Logging in to wikipedia:zh as Alertlivebot@alertlive
WARNING: API warning (login): Fetching a token via "action=login" is deprecated. Use "action=query&meta=tokens&type=login" instead.
WARNING: API warning (main): Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application.
ERROR: Received incorrect login token. Forcing re-login.
WARNING: API error badtoken: Invalid CSRF token.
Sleeping for 19.8 seconds, 2021-10-15 02:37:31
Page [[User:Alertlivebot/Status]] saved
ERROR: Logged in as '172.16.7.13' instead of 'Alertlivebot'. Forcing re-login.
WARNING: No user is logged in on site wikipedia:zh
Logging in to wikipedia:zh as Alertlivebot@alertlive
WARNING: API warning (login): Fetching a token via "action=login" is deprecated. Use "action=query&meta=tokens&type=login" instead.
WARNING: API warning (main): Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application.
ERROR: Received incorrect login token. Forcing re-login.
WARNING: API error badtoken: Invalid CSRF token.
Sleeping for 19.9 seconds, 2021-10-15 04:42:56
Following jobs do not exist: 
alertlive-beta
Page [[User:Alertlivebot/Status]] saved
ERROR: Logged in as '172.16.7.13' instead of 'Alertlivebot'. Forcing re-login.
WARNING: No user is logged in on site wikipedia:zh
Logging in to wikipedia:zh as Alertlivebot@alertlive
WARNING: API warning (login): Fetching a token via "action=login" is deprecated. Use "action=query&meta=tokens&type=login" instead.
WARNING: API warning (main): Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application.
ERROR: Received incorrect login token. Forcing re-login.
WARNING: API error badtoken: Invalid CSRF token.
Sleeping for 9.9 seconds, 2021-10-15 05:58:21
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
Sleeping for 9.6 seconds, 2021-10-15 14:17:44
Page [[User:Alertlivebot/Status]] saved
Page [[User:Alertlivebot/Status]] saved
ERROR: Logged in as '172.16.1.211' instead of 'Alertlivebot'. Forcing re-login.
WARNING: No user is logged in on site wikipedia:zh
Logging in to wikipedia:zh as Alertlivebot@alertlive
WARNING: API warning (main): Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application.
WARNING: API warning (login): Fetching a token via "action=login" is deprecated. Use "action=query&meta=tokens&type=login" instead.
ERROR: Received incorrect login token. Forcing re-login.
WARNING: API error badtoken: Invalid CSRF token.
Sleeping for 9.9 seconds, 2021-10-15 22:13:08
Page [[User:Alertlivebot/Status]] saved

My script: https://github.com/shizhao/alertlive/blob/main/alertstatus.py, the relevant code is in line 50-54

On Toolforge, I only have this script as continuous jobs, and found this error. The other scripts are one-off job, and this error did not occur

H0bby subscribed.Jan 6 2022, 9:44 AM
JJMC89 added a comment.Feb 2 2022, 6:05 AM
In T261050#6465754, @Xqt wrote:

I guess after T263010 is merged this error should write 'Login status: IN_PROGRESS' into the logfile every time. @Multichill could you confirm?

Confirmed

The bot having a login status of IN_PROGRESS (LoginStatus(-2)) when editing while logged in doesn't seem right. (see t.py below, configured with OAuth)
In this case, _bad_token('badtoken') would return False early instead of handling the bad token when the API gives a badtoken response.

$ python3 -m pip install -U pip setuptools wheel
Collecting pip
  Downloading pip-22.0.2-py3-none-any.whl (2.1 MB)
     |████████████████████████████████| 2.1 MB 12.5 MB/s
Collecting setuptools
  Downloading setuptools-60.6.0-py3-none-any.whl (953 kB)
     |████████████████████████████████| 953 kB 10.9 MB/s
Collecting wheel
  Using cached wheel-0.37.1-py2.py3-none-any.whl (35 kB)
Installing collected packages: pip, setuptools, wheel
  Attempting uninstall: pip
    Found existing installation: pip 20.2.3
    Uninstalling pip-20.2.3:
      Successfully uninstalled pip-20.2.3
  Attempting uninstall: setuptools
    Found existing installation: setuptools 49.2.1
    Uninstalling setuptools-49.2.1:
      Successfully uninstalled setuptools-49.2.1
Successfully installed pip-22.0.2 setuptools-60.6.0 wheel-0.37.1
$ python3 -m pip install -e .[mwoauth,mwparserfromhell]
Obtaining file:///home/jjmc89/wrk/pwb
  Preparing metadata (setup.py) ... done
Collecting requests>=2.20.1
  Using cached requests-2.27.1-py2.py3-none-any.whl (63 kB)
Requirement already satisfied: setuptools>=38.5.2 in /home/jjmc89/.pyenv/versions/3.9.2/envs/pwb-39/lib/python3.9/site-packages (from pywikibot==7.0.0.dev0) (60.6.0)
Collecting mwoauth!=0.3.1,>=0.2.4
  Using cached mwoauth-0.3.7-py3-none-any.whl (13 kB)
Collecting mwparserfromhell>=0.5.0
  Using cached mwparserfromhell-0.6.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl (177 kB)
Collecting PyJWT<2.0.0,>=1.0.1
  Using cached PyJWT-1.7.1-py2.py3-none-any.whl (18 kB)
Collecting six
  Using cached six-1.16.0-py2.py3-none-any.whl (11 kB)
Collecting oauthlib
  Downloading oauthlib-3.2.0-py3-none-any.whl (151 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 151.5/151.5 KB 8.5 MB/s eta 0:00:00
Collecting requests-oauthlib
  Downloading requests_oauthlib-1.3.1-py2.py3-none-any.whl (23 kB)
Collecting idna<4,>=2.5
  Using cached idna-3.3-py3-none-any.whl (61 kB)
Collecting certifi>=2017.4.17
  Using cached certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
Collecting urllib3<1.27,>=1.21.1
  Using cached urllib3-1.26.8-py2.py3-none-any.whl (138 kB)
Collecting charset-normalizer~=2.0.0
  Downloading charset_normalizer-2.0.11-py3-none-any.whl (39 kB)
Installing collected packages: PyJWT, certifi, urllib3, six, oauthlib, mwparserfromhell, idna, charset-normalizer, requests, requests-oauthlib, pywikibot, mwoauth
  Running setup.py develop for pywikibot
Successfully installed PyJWT-1.7.1 certifi-2021.10.8 charset-normalizer-2.0.11 idna-3.3 mwoauth-0.3.7 mwparserfromhell-0.6.3 oauthlib-3.2.0 pywikibot-7.0.0.dev0 requests-2.27.1 requests-oauthlib-1.3.1 six-1.16.0 urllib3-1.26.8
$ python3 t.py -log -pt:0
site._loginstatus=LoginStatus(-3); site.logged_in()=False
Logging in ...
site._loginstatus=LoginStatus(-2); site.logged_in()=True
Editing a page ...
Page [[Pywikibot test]] saved
site._loginstatus=LoginStatus(-2); site.logged_in()=True
t.py
import pywikibot

pywikibot.handle_args()

site = pywikibot.Site('test', 'wikipedia')
pywikibot.output(f'{site._loginstatus=}; {site.logged_in()=}')

pywikibot.output('Logging in ...')
site.login()
pywikibot.output(f'{site._loginstatus=}; {site.logged_in()=}')

pywikibot.output('Editing a page ...')
page = pywikibot.Page(site, 'Pywikibot test')
page.text = f'Test {site.server_time()}'
page.save(summary=page.text)
pywikibot.output(f'{site._loginstatus=}; {site.logged_in()=}')
log
2022-02-01 20:56:23             bot.py,  468 in     writelogheader: VERBOSE  === Pywikibot framework v7.0.0.dev0 -- Logging header ===
2022-02-01 20:56:23             bot.py,  472 in     writelogheader: VERBOSE  COMMAND: ['t.py', '-log', '-pt:0']
2022-02-01 20:56:23             bot.py,  475 in     writelogheader: VERBOSE  DATE: 2022-02-02 04:56:23.065527 UTC
2022-02-01 20:56:23             bot.py,  479 in     writelogheader: VERBOSE  VERSION: [ssh] pywikibot-core (5fbfc49, g15894, 2022/02/01, 19:06:30, n/a)
2022-02-01 20:56:23             bot.py,  486 in     writelogheader: VERBOSE  SYSTEM: posix.uname_result(sysname='Linux', nodename='DESKTOP-OVSD685', release='5.10.16.3-microsoft-standard-WSL2', version='#1 SMP Fri Apr 2 22:23:49 UTC 2021', machine='x86_64')
2022-02-01 20:56:23             bot.py,  489 in     writelogheader: VERBOSE  CONFIG FILE DIR: /home/jjmc89/.pywikibot
2022-02-01 20:56:23             bot.py,  503 in     writelogheader: VERBOSE  PACKAGES:
2022-02-01 20:56:23             bot.py,  513 in     writelogheader: VERBOSE    mwparserfromhell (/home/jjmc89/.pyenv/versions/pwb-39/lib/python3.9/site-packages/mwparserfromhell) = 0.6.3
2022-02-01 20:56:23             bot.py,  513 in     writelogheader: VERBOSE    requests (/home/jjmc89/.pyenv/versions/pwb-39/lib/python3.9/site-packages/requests) = 2.27.1
[snip]
2022-02-01 20:56:23               t.py,    6 in           <module>: INFO     site._loginstatus=LoginStatus(-3); site.logged_in()=False
2022-02-01 20:56:23               t.py,    8 in           <module>: INFO     Logging in ...
2022-02-01 20:56:23               t.py,   10 in           <module>: INFO     site._loginstatus=LoginStatus(-2); site.logged_in()=True
2022-02-01 20:56:23               t.py,   12 in           <module>: INFO     Editing a page ...
2022-02-01 20:56:24        __init__.py, 1241 in              _save: INFO     Page [[Pywikibot test]] saved
2022-02-01 20:56:24               t.py,   16 in           <module>: INFO     site._loginstatus=LoginStatus(-2); site.logged_in()=True
2022-02-01 20:56:24        __init__.py, 1333 in             _flush: VERBOSE  Dropped throttle(s).
2022-02-01 20:56:24            http.py,   86 in              flush: VERBOSE  Closing network session.
2022-02-01 20:56:24            http.py,   92 in              flush: VERBOSE  Network session closed.
Ribbot subscribed.Feb 19 2022, 4:24 AM
Rubin16 subscribed.Mar 29 2022, 6:24 AM
Xover subscribed.Apr 3 2022, 9:09 AM
JJMC89 mentioned this in T313571: Incorrect login status for users logged in with OAuth.Jul 22 2022, 6:09 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL