Zache created this task. Zache added projects: Pywikibot, PendingChangesBot, superset.wikimedia.org. Restricted Application added a subscriber: pywikibot-bugs-list.
TASK DESCRIPTION Pywikibot authentication with username and password works as expected when users need to authenticate to third-party sites such as `superset.toolforge.org` and `commons-query.wikimedia.org`. However, when OAuth or BotPassword authentication methods are used, the login to these third-party sites fails. This issue is not Pywikibot-specific and also affects other tools like PAWS <https://wikitech.wikimedia.org/wiki/PAWS>. The root cause is likely related to how OAuth and BotPassword logins are implemented. Ie. followup Superset and Commons-query would require active web login session to make 3rd party Oauth login work. **Steps to Reproduce:** **Working scenario (username/password):** 1. User logs into https://meta.wikimedia.org using web browser 2. User logs into https://superset.toolforge.org using web browser 3. User configures Pywikibot with plain username/password: `user-config.py`: usernames["meta"]["meta"] = "WIKIMEDIA_USERNAME" 4. User runs the following script: `superset_test.py`: import pywikibot from pywikibot.data.superset import SupersetQuery sql_query = "SELECT page_title FROM page LIMIT 1" site = pywikibot.Site('meta', 'meta') site.login() superset = SupersetQuery(site=site) pages = superset.query(sql_query) print(pages) **Expected output:** [{'page_title': '!vote'}] **Failing scenario example (BotPassword):** 1. User logs into https://meta.wikimedia.org using web browser 2. User logs into https://superset.toolforge.org using web browser 3. Register the Botpassword credentials on https://meta.wikimedia.org/wiki/Special:BotPasswords 4. Configure user-config.py with "WIKIMEDIA_USERNAME@BOTPASSWORD_TOKEN` format 5. User runs `superset_test.py` `user-config.py`: usernames["meta"]["meta"] = "WIKIMEDIA_USERNAME@BOTPASSWORD_TOKEN" **Actual Result:** - Script enters an HTTP redirect loop - When opening the redirect URL in a browser, it shows a login form with the message: "The request to sign in was denied" (see screenshot) ***Error log*** ERROR: An error occurred for uri https://meta.wikimedia.org/w/index.php?title=Special:OAuth/approve&returnto=%2Fw%2Frest.php%2Foauth2%2Fauthorize&returntoquery=client_id%3D__ID_REMOVED__%26redirect_uri%3Dhttps%253A%252F%252Fsuperset.wmcloud.org%252Foauth-authorized%252Fmediawiki%26response_type%3Dcode%26scope%3Dmwoauth-authonlyprivate%26state%3D__STATE_REMOVED__&client_id=__CLIENT_ID_REMOVED__&oauth_version=2&scope=mwoauth-authonlyprivate Traceback (most recent call last): File "/Users/wiki/79/PendingChangesBot-ng/app/../foo.py", line 16, in <module> superset.login() File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/pywikibot/data/superset.py", line 88, in login self.last_response = http.fetch(url) File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/pywikibot/comms/http.py", line 460, in fetch callback(response) File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/pywikibot/comms/http.py", line 346, in error_handling_callback raise response from None File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/pywikibot/comms/http.py", line 451, in fetch response = session.request(method, uri, File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/requests/sessions.py", line 589, in request resp = self.send(prep, **send_kwargs) File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/requests/sessions.py", line 724, in send history = [resp for resp in gen] File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/requests/sessions.py", line 724, in <listcomp> history = [resp for resp in gen] File "/Users/wiki/79/PendingChangesBot-ng/venv/lib/python3.9/site-packages/requests/sessions.py", line 191, in resolve_redirects raise TooManyRedirects( requests.exceptions.TooManyRedirects: Exceeded 30 redirects. CRITICAL: Exiting due to uncaught exception TooManyRedirects: Exceeded 30 redirects. **Expected Result:** Third-party site authentication should work with OAuth and BotPassword the same way it works with username/password authentication. **Environment:** - Pywikibot version: 10.6.0 - Python version: Python 3.9.6 - Authentication methods tested: Username+Password, OAuth, BotPassword - Affected third-party sites: superset.toolforge.org, commons-query.wikimedia.org TASK DETAIL https://phabricator.wikimedia.org/T408286 WORKBOARD https://phabricator.wikimedia.org/project/board/87/ EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/
_______________________________________________ pywikibot-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
