Load token types needed for each API module from the API
Open, LowPublic
Actions

Assigned To

None

Authored By

	Ricordisamoa
	Dec 12 2014, 12:41 PM

Description

Instead of filling them manually, as it is now.

For example, the paraminfo for action=edit contains:

{
	"name": "token",
	"required": "",
	"tokentype": "csrf",
	"type": "string"
}

Details

	Subject	Repo	Branch	Lines +/-
	Dynamically add appropriate tokens	pywikibot/core	master	+102 -45

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T78390 Load volatile information at run-time from the API (tracking)
Open	None	T229364 CSRF token issues (tracking)
Open	None	T78393 Load token types needed for each API module from the API
Resolved	jayvdb	T85725 token methods should use the list of tokens in paraminfo

Event Timeline

Ricordisamoa created this task.Dec 12 2014, 12:41 PM

Ricordisamoa raised the priority of this task from to Needs Triage.

Ricordisamoa updated the task description. (Show Details)

Ricordisamoa added a project: Pywikibot-General.

Ricordisamoa changed Security from none to None.

Ricordisamoa updated the task description. (Show Details)

Ricordisamoa added subscribers: Aklapper, Unknown Object (MLST), Ricordisamoa.

jayvdb added a subtask: T85725: token methods should use the list of tokens in paraminfo.Jan 7 2015, 3:24 PM

jayvdb closed subtask T85725: token methods should use the list of tokens in paraminfo as Resolved.Apr 1 2015, 12:41 AM

@Ricordisamoa, @XZise, is there anything more to do here now that T85725 is merged?

In T78393#1169002, @jayvdb wrote:

@Ricordisamoa, @XZise, is there anything more to do here now that T85725 is merged?

T85725 covers the list of valid token types, while this one aims to have the correct token type automatically added to every request.
I'm not sure whether one of them blocks the other one.

Ricordisamoa updated the task description. (Show Details)Apr 1 2015, 9:10 AM

Okay I've written this comment before I saw Ricordisamoa's comment above… so this comment doesn't make sense anymore.

I'm not sure about which tokens @Ricordisamoa is talking. All tokens accessible via action=tokens, action=query&meta=tokens and action=query&prop=info&intoken=… are now loaded initially. So if an extension is using something else it won't load its tokens but I think that is not feasible. But already before it has been loading all/almost all tokens at once, at least for the WMF wikis I think so maybe I'm missing something. Or it was specifically about that TOKENS_[123] are outdated but then it'd be a duplicate of T85725: token methods should use the list of tokens in paraminfo.

@jayvdb more details in the task description.

XZise mentioned this in T85725: token methods should use the list of tokens in paraminfo.Apr 1 2015, 9:13 AM

Ricordisamoa edited projects, added Pywikibot, Pywikibot-network; removed Pywikibot-General.Apr 1 2015, 9:55 AM

Ah, so this task would be resolved if api.py automatically added the necessary token, using paraminfo. Then site.py wouldnt need to specify which token to use, and this may even mean site.py adapts better to older versions where the token name is different from the new simplified token system.

Well unfortunately it was added after 1.21.1: http://wiki.kerbalspaceprogram.com/w/api.php?action=paraminfo&modules=edit&format=jsonfm

Change 201159 had a related patch set uploaded (by Ricordisamoa):
Detect and add the appropriate tokens to API requests

https://gerrit.wikimedia.org/r/201159

gerritbot added a project: Patch-For-Review.Apr 1 2015, 10:38 AM

I figured out that this is much easier than I thought.

That patch might demonstrate it is easy to do 1.21+, but the hard part (pre 1.21) is ignored. If we remove the token related code from site.py , that patch only supports 1.21. If we leave token related code in site.py API calls, then what benefit is there in this patch?

In T78393#1169904, @jayvdb wrote:

That patch might demonstrate it is easy to do 1.21+, but the hard part (pre 1.21) is ignored. If we remove the token related code from site.py , that patch only supports 1.21. If we leave token related code in site.py API calls, then what benefit is there in this patch?

We could remove the token-related code from site.py and add a fallback dict (API module, token types) for pre 1.21.

In T78393#1174600, @Ricordisamoa wrote:

In T78393#1169904, @jayvdb wrote:

That patch might demonstrate it is easy to do 1.21+, but the hard part (pre 1.21) is ignored. If we remove the token related code from site.py , that patch only supports 1.21. If we leave token related code in site.py API calls, then what benefit is there in this patch?

We could remove the token-related code from site.py and add a fallback dict (API module, token types) for pre 1.21.