Page MenuHomePhabricator
Create Task
Maniphest T304869

StrikerBot doing deprecated action=oathvalidate&totp= queries
Closed, ResolvedPublic
Actions

Description

Related to T304375: Remove runtime handling for "legacy" rows and codepaths and specifically https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/773918...

It seems StrikerBot (and StrikerTestBot) are doing deprecated queries like action=oathvalidate&totp=foo

These queries should be updated from doing action=oathvalidate&totp=foo to action=oathvalidate&data={"token":"foo"}

Seems this may come from 2 different User-Agents: Striker mwclient/0.10.1 (https://github.com/mwclient/mwclient) and Keystone mwclient/0.10.1 (https://github.com/mwclient/mwclient)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Update deprecated action=oathvalidate callslabs/strikermaster+4 -2
Keystone: Update deprecated action=oathvalidate callsoperations/puppetproduction+12 -6
Customize query in gerrit

Related Objects
Search...

Event Timeline

Reedy created this task.Mar 28 2022, 4:33 PM
Reedy added a parent task: T304870: Update usages of deprecated action=oathvalidate&totp=.Mar 28 2022, 4:35 PM
Reedy added a project: Horizon.
Reedy updated the task description. (Show Details)
Reedy edited projects, added Cloud-Services; removed Horizon, Striker.Mar 28 2022, 4:40 PM
gerritbot added a comment.Mar 28 2022, 4:44 PM

Change 774401 had a related patch set uploaded (by Reedy; author: Reedy):

[operations/puppet@production] Keystone: Update deprecated action=oathvalidate calls

https://gerrit.wikimedia.org/r/774401

gerritbot added a project: Patch-For-Review.Mar 28 2022, 4:44 PM
bd808 subscribed.Mar 28 2022, 4:51 PM

Seems this may come from 2 different User-Agents:

The code is remarkably similar because is was invented for Striker and then copied to Horizon where it replaced a more fragile prior implementation which required shared access to the 'labswiki' database owned by Wikitech (and suffered from replay attack vulnerabilities).

bd808 edited projects, added cloud-services-team (Kanban), Horizon, Striker; removed Cloud-Services.Mar 28 2022, 4:52 PM
gerritbot added a comment.Mar 28 2022, 4:53 PM

Change 774402 had a related patch set uploaded (by Reedy; author: Reedy):

[labs/striker@master] Update deprecated action=oathvalidate calls

https://gerrit.wikimedia.org/r/774402

gerritbot added a comment.Mar 28 2022, 10:47 PM

Change 774401 merged by Andrew Bogott:

[operations/puppet@production] Keystone: Update deprecated action=oathvalidate calls

https://gerrit.wikimedia.org/r/774401

taavi added a subtask: T304918: cloud: horizon login fails with invalid credentials.Mar 29 2022, 10:25 AM
dcaro updated the task description. (Show Details)Mar 29 2022, 10:30 AM
dcaro closed subtask T304918: cloud: horizon login fails with invalid credentials as Resolved.Mar 29 2022, 10:44 AM
gerritbot added a comment.Apr 11 2022, 8:43 AM

Change 774402 merged by jenkins-bot:

[labs/striker@master] Update deprecated action=oathvalidate calls

https://gerrit.wikimedia.org/r/774402

Maintenance_bot removed a project: Patch-For-Review.Apr 11 2022, 9:30 AM
bd808 moved this task from Backlog to Doing on the Striker board.Apr 19 2022, 3:53 PM
bd808 closed this task as Resolved.Aug 5 2022, 9:57 PM
bd808 assigned this task to Reedy.

Last call to the deprecated API was on 2022-07-19 per https://logstash.wikimedia.org/goto/7ce698170eeb7ea1debb1bad729c852c. This corresponds with a new deployment of Striker for T306469 which included @Reedy's patch.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits