Page MenuHomePhabricator

Pywikibot bot password login failure
Closed, ResolvedPublic

Description

Steps to reproduce:

  1. register on https://wikispore.wmflabs.org/wiki/Main_Page and set up a bot password
  2. configure pywikibot:
# user-config.py
usernames['wikispore']['*'] = u'Tgr'
# user-password.py
('wikispore', 'Tgr', BotPassword('pywikibot', 'REDACTED'))
  1. run python3 pwb.py login -family:wikispore -lang:en
  2. run something that would write to the wiki

Login seems to work fine:

handle_args() completed.
Instantiated APISite object 'wikispore:en'
general siteinfo not loaded yet.
general siteinfo not loaded yet.
Load siteinfo properties 'namespaces', 'namespacealiases' along with 'general'
Load siteinfo properties 'namespaces', 'namespacealiases' along with 'general'
CachedRequest: cache hit (/home/tgr/Wikimedia/local/pywikibot/apicache-py3/6022c7a271bd7d1593607e5f74801ecacccc38654714d5fd477d5c1f6bb7b8f8) for API request: APISite("en", "wikispore")LoginStatus(-1)[('action', 'query'), ('continue', ''), ('format', 'json'), ('maxlag', '5'), ('meta', 'siteinfo|userinfo'), ('siprop', 'namespaces|namespacealiases|general'), ('uiprop', 'blockinfo|hasmsg')]
Checking multiplicity: pid = False
Checking multiplicity: pid = False
API request to wikispore:en (uses get: True):
Headers: {'Content-Type': 'application/x-www-form-urlencoded'}
URI: '/w/api.php?action=query&meta=userinfo&uiprop=blockinfo%7Cgroups%7Chasmsg%7Cratelimits%7Crights&rawcontinue=&maxlag=5&format=json'
Body: None
API response received from wikispore:en:
{"query":{"userinfo":{"id":0,"name":"10.0.3.1","anon":"","groups":["*"],"rights":["read","createpage","createtalk","writeapi","viewmywatchlist","editmywatchlist","viewmyprivateinfo","editmyprivateinfo","editmyoptions","abusefilter-log-detail","abusefilter-view","abusefilter-log","translate","autocreateaccount","runcargoqueries"],"ratelimits":{"edit":{"ip":{"hits":8,"seconds":60}},"upload":{"ip":{"hits":8,"seconds":60}},"mailpassword":{"ip":{"hits":5,"seconds":3600}},"emailuser":{"ip":{"hits":5,"seconds":86400}},"purge":{"ip":{"hits":30,"seconds":60}},"linkpurge":{"ip":{"hits":30,"seconds":60}},"renderfile":{"ip":{"hits":700,"seconds":30}},"renderfile-nonstandard":{"ip":{"hits":70,"seconds":30}},"stashedit":{"ip":{"hits":30,"seconds":60}},"changetag":{"ip":{"hits":8,"seconds":60}}}}}}
WARNING: No user is logged in on site wikispore:en
Logging in to wikispore:en as Tgr@pywikibot
API request to wikispore:en (uses get: False):
Headers: {'Content-Type': 'application/x-www-form-urlencoded'}
URI: '/w/api.php'
Body: 'action=query&meta=tokens&type=login&rawcontinue=&maxlag=5&format=json'
API response received from wikispore:en:
{"query":{"tokens":{"logintoken":"REDACTED+\\"}}}
API request to wikispore:en (uses get: False):
Headers: {'Content-Type': 'application/x-www-form-urlencoded'}
URI: '/w/api.php'
Body: 'action=login&lgname=Tgr%40pywikibot&lgpassword=REDACTED&maxlag=5&format=json&lgtoken=REDACTED%2B%5C'
API response received from wikispore:en:
{"login":{"result":"Success","lguserid":5,"lgusername":"Tgr"}}
API request to wikispore:en (uses get: True):
Headers: {'Content-Type': 'application/x-www-form-urlencoded'}
URI: '/w/api.php?action=query&meta=userinfo&uiprop=blockinfo%7Cgroups%7Chasmsg%7Cratelimits%7Crights&rawcontinue=&maxlag=5&format=json'
Body: None
API response received from wikispore:en:
{"query":{"userinfo":{"id":5,"name":"Tgr","groups":["bureaucrat","sysop","*","user","autoconfirmed"],"rights":["noratelimit","override-antispoof","block","createaccount","delete","bigdelete","deletedhistory","deletedtext","undelete","editinterface","editsitejson","edituserjson","move","move-subpages","move-rootuserpages","move-categorypages","patrol","autopatrol","protect","editprotected","rollback","upload","reupload","reupload-shared","autoconfirmed","editsemiprotected","ipblock-exempt","blockemail","markbotedits","apihighlimits","browsearchive","movefile","suppressredirect","mergehistory","abusefilter-log-detail","abusefilter-view-private","abusefilter-log-private","nuke","tboverride","titleblacklistlog","read","createpage","createtalk","writeapi","viewmywatchlist","editmywatchlist","viewmyprivateinfo","editmyoptions","abusefilter-view","abusefilter-log","translate","autocreateaccount","edit","minoredit","editmyusercss","editmyuserjson","editmyuserjs","purge","sendemail","applychangetags","changetags","spamblacklistlog"],"ratelimits":{}}}}
Logged in on wikispore:en as Tgr.
_flush() called

but pywikibot.lwp is empty. Manually logging the cookie jar just before it's saved shows it's correct:

<LWPCookieJar[<Cookie wiki_BPsession=REDACTED for wikispore.wmflabs.org/>, <Cookie wiki_session=REDACTED for wikispore.wmflabs.org/>]>

Subsequent edit attempts then fail with

WARNING: No user is logged in on site wikispore:en
ERROR: page [[FAQ]] not saved due to User "None" does not have required user right "edit"

Event Timeline

Xqt triaged this task as High priority.Aug 23 2020, 10:40 AM

Do you have another result if you give the site code explicitly?

usernames['wikispore']['en'] = 'Tgr'
usernames['wikispore']['test'] = 'Tgr'

@Xqt it doesn't change anything as far as I can tell.

Stepping the code through in a debugger reveals that the cookie jar calls made by Pywikibot do not use the ignore_discard flag, ie. do not save/load session cookies. Since bot password cookies are always session cookies (unlike traditional login where checking the "keep me logged in" box adds a non-session-cookie), such logins are never saved.

Change 626911 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[pywikibot/core@master] Use ignore_discard for login cookie container

https://gerrit.wikimedia.org/r/626911

This covers half of the issue (the bot is only logged in until the CLI command terminates). The other half is, if I run a command like add_text, and it runs into a notloggedin error, why doesn't it try to login right there?

Change 626911 merged by jenkins-bot:
[pywikibot/core@master] Use ignore_discard for login cookie container

https://gerrit.wikimedia.org/r/626911

Tgr claimed this task.

The other half is, if I run a command like add_text, and it runs into a notloggedin error, why doesn't it try to login right there?

This could be still looked into, although I might well misunderstand the expected behavior here.