Last modified: 2014-08-15 17:40:58 UTC
I get a userrights token /w/api.php?action=query&list=users&format=json&usprop=rights&ususers=SeleniumEchoUser&ustoken=userrights Using the token in the response I try to change user rights /w/api.php?action=userrights&format=json With post data user=SeleniumEchoUser&add=bot&token={TOKEN} I get an invalid token error. What gives?
Works fine when I try it, both on my local test wiki and on test.wikipedia.org. My first guess would be something wrong with your token handling.
Steps to reproduce... As a user with Account creators, Autochecked users, Confirmed users and Administrators permissions. Go to http://en.wikipedia.beta.wmflabs.org/w/index.php?title=Special:ApiSandbox#action=query&list=users&format=json&ususers=Selenium%20user&ustoken=userrights Run the query. Copy the value of user rights token Go to http://en.wikipedia.beta.wmflabs.org/w/index.php?title=Special:ApiSandbox#action=userrights&format=json&user=Selenium%20user&add=confirmed&token=<token value> Run the query. Get response: { "servedby": "deployment-mediawiki02", "error": { "code": "badtoken", "info": "Invalid token" } } This doesn't work for me.
Now that you specified Beta Labs, I can check the logs and see for certain that you are handling the token incorrectly. 2014-08-08 17:03:54 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=2ms format=jsonfm action=userrights user=SeleniumEchoUser add=confirmed 2014-08-08 17:04:52 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=111ms format=jsonfm action=userrights user=SeleniumEchoUser add=confirmed token=...REDACTED...441d2d%2B%5C%5C 2014-08-08 17:05:35 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=78ms format=jsonfm action=userrights user=SeleniumEchoUser add=confirmed token=...REDACTED...2fbfe3%2B%5C%5C 2014-08-08 17:06:05 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=54ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...2fbfe3%2B%5C%5C 2014-08-08 17:06:23 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=64ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...441d2d%2B%5C%5C 2014-08-08 17:06:26 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=63ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...441d2d 2014-08-08 17:07:00 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=101ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...441d2d%2B%5C%5C 2014-08-08 21:29:52 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=77ms format=jsonfm action=userrights user=Selenium%20user add=confirmed token=...REDACTED...5b3334%2B%5C%5C 2014-08-08 21:30:16 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=39ms format=jsonfm action=userrights user=Selenium%20user add=confirmed token=...REDACTED...5b3334%2B%5C%5C reason=test All userrights tokens end with "+\", which encodes to "%2B%5C". On most of those you have an extra "%5C" at the end of your token.
Well why does http://en.wikipedia.beta.wmflabs.org/w/api.php?action=query&list=users&format=json&&ususers=Selenium%20user&ustoken=userrights give me a user rights token which ends with +\\ ? Sample response: {"query":{"users":[{"userid":820,"name":"Selenium user","userrightstoken":"7f3fb265db7450273d266aae2f17b91e+\\"}]}}
It's not giving you a user rights token which ends with "+\\". In JSON a backslash is encoded as "\\".
Okay so that was a red herring. It seems to be a bug with the mediawiki ruby api. on(APIPage).client.query('userrights', token_type: false, token: @token, add: "bot", user: @username) fails with a bad token error. but on(APIPage).client.query(action: 'userrights', token: @token, add: "bot", user: @username) doesn't fail. Any ideas?
adding Dan.. not sure what right component is for https://git.wikimedia.org/blob/mediawiki%2Fruby%2Fapi/8632e89c7a2b632ea6739989700358157c60031b/lib%2Fmediawiki_api%2Fclient.rb
Moving under Quality Assurance. The ruby API is managed by Zeljkof / Dan.
This seems to be working now.