https://bugzilla.wikimedia.org/show_bug.cgi?id=60407
Web browser: --- Bug ID: 60407 Summary: API edit token in betalabs is always an anonymous edit token Product: Wikimedia Labs Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: Unprioritized Component: deployment-prep (beta) Assignee: wikibugs-l@lists.wikimedia.org Reporter: jh...@wikimedia.org CC: benap...@gmail.com, cmcma...@wikimedia.org, has...@free.fr, mhershber...@wikimedia.org, platoni...@gmail.com Classification: Unclassified Mobile Platform: --- In developing some test setup/teardown methods via the Mediawiki API, we have noticed that en.wikipedia.beta.wmflabs.org (beta labs) always returns an anonymous edit token, even following a successful login. This does not happen in other environments - in other environments, the edit API action is authenticated as expected. Repro workflow: 1) Request login token: curl -c cookies.txt -X POST 'http://en.wikipedia.beta.wmflabs.org/w/api.php?action=login&format=json&lgname=<username>&lgpassword=<password>&lgtoken=' 2) Submit login token: curl -b cookies.txt -X POST 'http://en.wikipedia.beta.wmflabs.org/w/api.php?action=login&format=json&lgname=<username>&lgpassword=<password>&lgtoken=<token obtained in previous step>' 3) Request edit token, reusing the same cookie obtained above: curl -b cookies.txt -X POST "http://en.wikipedia.beta.wmflabs.org/w/api.php?action=tokens&type=edit&format=json" Response to step #3 is an anonymous edit token: {"tokens":{"edittoken":"+\\"}} In other environments, such as test2.wikipedia.org, the response in step #3 is something like the following, which is the expected behavior (a valid edit token is returned): {"tokens":{"edittoken":"5d75e6ca92d6de881921f068ebd7b695+\\"}} -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l