jenkins-bot has submitted this change and it was merged.
Change subject: [FIX] Tokens: Return the csrf token and request correct site
......................................................................
[FIX] Tokens: Return the csrf token and request correct site
This fixes two major problems:
- When a token with the old name is requested (e.g. 'edit') it
uses the new 'csrf' token instead and saves it as an 'csrf' token
in the cache. So the request afterwards must return the 'csrf'
and not 'edit' token (which doesn't exist)
- It must request with the current site and not the default site,
otherwise the default site might return an invalid token or will
emit warnings because it doesn't understand the new API (and the
version check was with the intended and not the default site)
Instead of a warning, it only returns '+\' if the user has not enough
rights with the new token system, so this is dropping all tokens
which only consist of those two letters.
Bug: 70760
Bug: 70766
Change-Id: I38e326c0f5382a585fba11bc6cbfba1a3dffaca5
---
M pywikibot/site.py
1 file changed, 11 insertions(+), 7 deletions(-)
Approvals:
Mpaa: Looks good to me, approved
jenkins-bot: Verified
diff --git a/pywikibot/site.py b/pywikibot/site.py
index eb7cf93..4fb586f 100644
--- a/pywikibot/site.py
+++ b/pywikibot/site.py
@@ -1185,9 +1185,16 @@
def __init__(self, site):
self.site = site
self.site._tokens = {}
+ # TODO: Fetch that from the API with paraminfo
+ self.special_names = set(['deleteglobalaccount', 'patrol', 'rollback',
+ 'setglobalaccountstatus', 'userrights',
+ 'watch'])
def __getitem__(self, key):
storage = self.site._tokens.setdefault(self.site.user(), {})
+ if (LV(self.site.version()) >= LV('1.24wmf19')
+ and key not in self.special_names):
+ key = 'csrf'
if key not in storage:
self.site.preload_tokens([key])
return storage[key]
@@ -2295,20 +2302,17 @@
data = api.Request(site=self, action='tokens',
type='|'.join(types)).submit()
else:
- # TODO: Fetch that from the API with paraminfo
- special_names = set(['deleteglobalaccount', 'patrol',
'rollback',
- 'setglobalaccountstatus', 'userrights',
- 'watch'])
- new_tokens = [token if token in special_names else 'csrf'
+ new_tokens = [token if token in self.tokens.special_names else
'csrf'
for token in types]
- data = api.Request(action='query', meta='tokens',
+ data = api.Request(site=self, action='query', meta='tokens',
type='|'.join(new_tokens)).submit()
if 'query' in data:
data = data['query']
if 'tokens' in data and data['tokens']:
storage.update(dict((key[:-5], val)
- for key, val in data['tokens'].items()))
+ for key, val in data['tokens'].items()
+ if val != '+\\'))
@deprecated("the 'tokens' property")
def token(self, page, tokentype):
--
To view, visit https://gerrit.wikimedia.org/r/159991
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I38e326c0f5382a585fba11bc6cbfba1a3dffaca5
Gerrit-PatchSet: 3
Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-Owner: XZise <[email protected]>
Gerrit-Reviewer: Ladsgroup <[email protected]>
Gerrit-Reviewer: Merlijn van Deen <[email protected]>
Gerrit-Reviewer: Mpaa <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
