Last modified: 2014-08-15 17:40:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T71305, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 69305 - mediawiki ruby api doesn't encode userrights token properly
mediawiki ruby api doesn't encode userrights token properly
Status: RESOLVED WORKSFORME
Product: Wikimedia
Classification: Unclassified
Quality Assurance (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-08-08 17:08 UTC by Jon
Modified: 2014-08-15 17:40 UTC (History)
13 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jon 2014-08-08 17:08:49 UTC 
I get a userrights token

/w/api.php?action=query&list=users&format=json&usprop=rights&ususers=SeleniumEchoUser&ustoken=userrights


Using the token in the response I try to change user rights
/w/api.php?action=userrights&format=json
With post data
user=SeleniumEchoUser&add=bot&token={TOKEN}

I get an invalid token error.
What gives?
Comment 1 Brad Jorsch 2014-08-08 20:18:11 UTC 
Works fine when I try it, both on my local test wiki and on test.wikipedia.org.

My first guess would be something wrong with your token handling.
Comment 2 Jon 2014-08-08 21:30:42 UTC 
Steps to reproduce...

As a user with  Account creators, Autochecked users, Confirmed users and Administrators permissions.

Go to 
http://en.wikipedia.beta.wmflabs.org/w/index.php?title=Special:ApiSandbox#action=query&list=users&format=json&ususers=Selenium%20user&ustoken=userrights

Run the query.
Copy the value of user rights token

Go to
http://en.wikipedia.beta.wmflabs.org/w/index.php?title=Special:ApiSandbox#action=userrights&format=json&user=Selenium%20user&add=confirmed&token=<token value>
Run the query.

Get response:
{
    "servedby": "deployment-mediawiki02",
    "error": {
        "code": "badtoken",
        "info": "Invalid token"
    }
}

This doesn't work for me.
Comment 3 Brad Jorsch 2014-08-08 22:43:05 UTC 
Now that you specified Beta Labs, I can check the logs and see for certain that you are handling the token incorrectly.

  2014-08-08 17:03:54 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=2ms format=jsonfm action=userrights user=SeleniumEchoUser add=confirmed
  2014-08-08 17:04:52 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=111ms format=jsonfm action=userrights user=SeleniumEchoUser add=confirmed token=...REDACTED...441d2d%2B%5C%5C
  2014-08-08 17:05:35 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=78ms format=jsonfm action=userrights user=SeleniumEchoUser add=confirmed token=...REDACTED...2fbfe3%2B%5C%5C
  2014-08-08 17:06:05 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=54ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...2fbfe3%2B%5C%5C
  2014-08-08 17:06:23 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=64ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...441d2d%2B%5C%5C
  2014-08-08 17:06:26 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=63ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...441d2d
  2014-08-08 17:07:00 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=101ms format=jsonfm action=userrights user=SeleniumEchoUser add=bot%7Csysop%7Cbureaucrat%7Creviewer%7Cautoreview%7Csteward%7Caccountcreator%7Cimport%7Ctranswiki%7Cipblock-exempt%7Coversight%7Cfounder%7Crollbacker%7Cautoreviewer%7Cresearcher%7Cfilemover%7Ccheckuser%7Ctemplateeditor%7Cmassmessage-sender%7Cabusefilter%7Cepcoordinator%7Ceponline%7Cepcampus%7Cepinstruc[...] token=...REDACTED...441d2d%2B%5C%5C
  2014-08-08 21:29:52 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=77ms format=jsonfm action=userrights user=Selenium%20user add=confirmed token=...REDACTED...5b3334%2B%5C%5C
  2014-08-08 21:30:16 deployment-mediawiki02 enwiki: API POST Jdlrobson RE.DA.CT.ED T=39ms format=jsonfm action=userrights user=Selenium%20user add=confirmed token=...REDACTED...5b3334%2B%5C%5C reason=test

All userrights tokens end with "+\", which encodes to "%2B%5C". On most of those you have an extra "%5C" at the end of your token.
Comment 4 Jon 2014-08-08 22:57:57 UTC 
Well why does

http://en.wikipedia.beta.wmflabs.org/w/api.php?action=query&list=users&format=json&&ususers=Selenium%20user&ustoken=userrights

give me a user rights token which ends with +\\ ?


Sample response:
{"query":{"users":[{"userid":820,"name":"Selenium user","userrightstoken":"7f3fb265db7450273d266aae2f17b91e+\\"}]}}
Comment 5 Brad Jorsch 2014-08-08 23:02:28 UTC 
It's not giving you a user rights token which ends with "+\\". In JSON a backslash is encoded as "\\".
Comment 6 Jon 2014-08-08 23:49:10 UTC 
Okay so that was a red herring.

It seems to be a bug with the mediawiki ruby api.

on(APIPage).client.query('userrights', token_type: false, token: @token, add: "bot", user: @username)
fails with a bad token error.

but

on(APIPage).client.query(action: 'userrights', token: @token, add: "bot", user: @username)
doesn't fail.

Any ideas?
Comment 8 Antoine "hashar" Musso (WMF) 2014-08-09 19:06:43 UTC 
Moving under Quality Assurance. The ruby API is managed by Zeljkof / Dan.
Comment 9 Jon 2014-08-15 17:40:58 UTC 
This seems to be working now.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links