https://bugzilla.wikimedia.org/show_bug.cgi?id=60407

--- Comment #4 from Chris Steipp <cste...@wikimedia.org> ---
(In reply to comment #0)
> In developing some test setup/teardown methods via the Mediawiki API, we have
> noticed that en.wikipedia.beta.wmflabs.org (beta labs) always returns an
> anonymous edit token, even following a successful login.  This does not
> happen
> in other environments - in other environments, the edit API action is
> authenticated as expected.
> 
> Repro workflow:
> 
> 1) Request login token: curl -c cookies.txt -X POST
> 'http://en.wikipedia.beta.wmflabs.org/w/api.
> php?action=login&format=json&lgname=<username>&lgpassword=<password>&lgtoken=
> '
> 
> 2) Submit login token: curl -b cookies.txt -X POST
> 'http://en.wikipedia.beta.wmflabs.org/w/api.
> php?action=login&format=json&lgname=<username>&lgpassword=<password>&lgtoken=
> <token
> obtained in previous step>'

Here, you need to keep writing new cookies into cookies.txt. If the account is
global, you'll get a centralauth_Session cookie with your new session id. If
the account is local only, the session id is changed on login to prevent
session fixation.

> 
> 3) Request edit token, reusing the same cookie obtained above: curl -b
> cookies.txt -X POST
> "http://en.wikipedia.beta.wmflabs.org/w/api.
> php?action=tokens&type=edit&format=json"

When I call this, returning the CentralAuth session cookie that I got on step
#2, I get a valid user edit token.

> 
> Response to step #3 is an anonymous edit token:
> {"tokens":{"edittoken":"+\\"}}
> 
> 
> In other environments, such as test2.wikipedia.org, the response in step #3
> is
> something like the following, which is the expected behavior (a valid edit
> token is returned):
> {"tokens":{"edittoken":"5d75e6ca92d6de881921f068ebd7b695+\\"}}

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to