Page MenuHomePhabricator

Load token types needed for each API module from the API
Open, LowPublic

Description

Instead of filling them manually, as it is now.

For example, the paraminfo for action=edit contains:

{
	"name": "token",
	"required": "",
	"tokentype": "csrf",
	"type": "string"
}

Event Timeline

Ricordisamoa raised the priority of this task from to Needs Triage.
Ricordisamoa updated the task description. (Show Details)
Ricordisamoa changed Security from none to None.
Ricordisamoa updated the task description. (Show Details)
Ricordisamoa added subscribers: Aklapper, Unknown Object (MLST), Ricordisamoa.

@Ricordisamoa, @XZise, is there anything more to do here now that T85725 is merged?

@Ricordisamoa, @XZise, is there anything more to do here now that T85725 is merged?

T85725 covers the list of valid token types, while this one aims to have the correct token type automatically added to every request.
I'm not sure whether one of them blocks the other one.

Ricordisamoa updated the task description. (Show Details)Apr 1 2015, 9:10 AM
XZise added a comment.EditedApr 1 2015, 9:10 AM

Okay I've written this comment before I saw Ricordisamoa's comment above… so this comment doesn't make sense anymore.

I'm not sure about which tokens @Ricordisamoa is talking. All tokens accessible via action=tokens, action=query&meta=tokens and action=query&prop=info&intoken=… are now loaded initially. So if an extension is using something else it won't load its tokens but I think that is not feasible. But already before it has been loading all/almost all tokens at once, at least for the WMF wikis I think so maybe I'm missing something. Or it was specifically about that TOKENS_[123] are outdated but then it'd be a duplicate of T85725: token methods should use the list of tokens in paraminfo.

@jayvdb more details in the task description.

jayvdb added a comment.Apr 1 2015, 9:58 AM

Ah, so this task would be resolved if api.py automatically added the necessary token, using paraminfo. Then site.py wouldnt need to specify which token to use, and this may even mean site.py adapts better to older versions where the token name is different from the new simplified token system.

Change 201159 had a related patch set uploaded (by Ricordisamoa):
Detect and add the appropriate tokens to API requests

https://gerrit.wikimedia.org/r/201159

I figured out that this is much easier than I thought.

That patch might demonstrate it is easy to do 1.21+, but the hard part (pre 1.21) is ignored. If we remove the token related code from site.py , that patch only supports 1.21. If we leave token related code in site.py API calls, then what benefit is there in this patch?

That patch might demonstrate it is easy to do 1.21+, but the hard part (pre 1.21) is ignored. If we remove the token related code from site.py , that patch only supports 1.21. If we leave token related code in site.py API calls, then what benefit is there in this patch?

We could remove the token-related code from site.py and add a fallback dict (API module, token types) for pre 1.21.

jayvdb added a comment.Apr 3 2015, 3:37 AM

That patch might demonstrate it is easy to do 1.21+, but the hard part (pre 1.21) is ignored. If we remove the token related code from site.py , that patch only supports 1.21. If we leave token related code in site.py API calls, then what benefit is there in this patch?

We could remove the token-related code from site.py and add a fallback dict (API module, token types) for pre 1.21.

Sounds good.

Ricordisamoa triaged this task as Low priority.Apr 3 2015, 2:30 PM
jayvdb moved this task from Backlog to MediaWiki on the Pywikibot-network board.Aug 28 2015, 4:16 AM
D3r1ck01 moved this task from Backlog to Needs Review on the Pywikibot board.Nov 5 2018, 11:37 AM
Ricordisamoa removed Ricordisamoa as the assignee of this task.May 21 2020, 2:39 PM

Not going to work on this in the near future