Last modified: 2014-11-18 23:42:46 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T74500, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 72500 - Flow: clicking watch star in topic titlebar doesn't handle badtoken timeout


Summary:	Flow: clicking watch star in topic titlebar doesn't handle badtoken timeout

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	Flow (Other open bugs)
Version:	master
Hardware:	All All

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Matthew Flaschen

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-10-24 22:39 UTC by spage
Modified:	2014-11-18 23:42 UTC (History)
CC List:	7 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description spage 2014-10-24 22:39:47 UTC

Comment 1 spage 2014-10-24 22:58:03 UTC

I returned to a Flow board in my browser after an hour or so of inactivity. Clicking the watch star in any topic titlebar failed with "Invalid token" in a pink errorbox, and in the browser console Net tab the API post returns error.code='badtoken'.

My understanding is the API postWithToken() call should automatically request a new token. I clicked the skin's watch star at the top of the Flow board and its initial request also failed with badtoken, but as expected it issued a get for token, retried, and succeeded.

Clicking Reply on a post did the same fail, get token, retry dance ending in success.  The API response included warnings below, but it worked.
  "warnings": {
    "main":{
      "*":"Unrecognized parameter: '_'"},
     "tokens":{"*":"action=tokens has been deprecated. Please use action=query&meta=tokens instead."}
   },

Even after these successfully API requests, clicking a titlebar watch star continues to fail with "Invalid token" because Flow continues to make API post requests with the old wrong watch token.

The workaround for a user is to reload the Flow board.

Comment 2 spage 2014-10-24 23:48:17 UTC

The problem is FlowBoardComponentApiEventsMixin.UI.events.apiPreHandlers.watchItem() sets the request up with
   token: mw.user.tokens.get( 'watchToken' );
This is a static assignment, it doesn't check if the token is still good.

as a result flowApiCall does a plain mwApi.post with this token, rather than a mwApi.postWithToken( 'watch', params ) which would correctly fetch a new token.

The logic needs to be changed. E.g. the apiPreHandler can supply a tokenName: 'watch' rather than the static value of a token, and flowApiCall() always invokes mwApi.postWithToken passing tokenName or the default 'edit'.  Or perhaps Flow could invoke mediawiki.api.watch's watch()/unwatch() instead of calling the API itself.

Comment 3 Danny Horn 2014-10-28 23:06:15 UTC

added to backlog: https://trello.com/c/WZibCplx

Comment 4 Gerrit Notification Bot 2014-11-12 05:18:38 UTC

Change 172668 had a related patch set uploaded by Mattflaschen:
Use core's postWithToken for watching, which handles badtoken

https://gerrit.wikimedia.org/r/172668

Comment 5 Gerrit Notification Bot 2014-11-18 00:13:26 UTC

Change 172668 merged by jenkins-bot:
Use core's postWithToken for watching, which handles badtoken

https://gerrit.wikimedia.org/r/172668

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links