jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/583711 )
Change subject: [IMPR] Don't trust token from NeedToken response
......................................................................
[IMPR] Don't trust token from NeedToken response
It can stop working any time soon and it can also be invalid
if multiple login attempts because of endless loops.
- generate fresh login token on every login attempt
- copy _logged_in() from api.Request
- keep track of such issues
Bug: T224712
Change-Id: I55e14bb68f9558a27188d23913a6d321911d7e96
---
M pywikibot/data/api.py
1 file changed, 9 insertions(+), 8 deletions(-)
Approvals:
Xqt: Looks good to me, approved
jenkins-bot: Verified
diff --git a/pywikibot/data/api.py b/pywikibot/data/api.py
index 57a76ee..164d8f0 100644
--- a/pywikibot/data/api.py
+++ b/pywikibot/data/api.py
@@ -3140,12 +3140,12 @@
if self.site.family.ldapDomain:
login_request[self.keyword('ldap')] = self.site.family.ldapDomain
- # get token using meta=tokens if supported
- if not below_mw_1_27:
- login_request[self.keyword('token')] = self.get_login_token()
-
self.site._loginstatus = -2 # IN_PROGRESS
while True:
+ # get token using meta=tokens if supported
+ if not below_mw_1_27:
+ login_request[self.keyword('token')] = self.get_login_token()
+
# try to login
login_result = login_request.submit()
@@ -3163,10 +3163,11 @@
fail_reason = response.get(self.keyword('reason'), '')
if status == self.keyword('success'):
return ''
- elif status == 'NeedToken':
- # Kept for backwards compatibility
- token = response['token']
- login_request['lgtoken'] = token
+ elif status in ('NeedToken', 'WrongToken') and not
below_mw_1_27:
+ # if incorrect login token was used,
+ # force relogin and generate fresh one
+ pywikibot.error('Received incorrect login token. '
+ 'Forcing re-login.')
continue
elif (status == 'Throttled' or status == 'FAIL'
and response['messagecode'] == 'login-throttled'
--
To view, visit
https://gerrit.wikimedia.org/r/583711
To unsubscribe, or for help writing mail filters, visit
https://gerrit.wikimedia.org/r/settings
Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I55e14bb68f9558a27188d23913a6d321911d7e96
Gerrit-Change-Number: 583711
Gerrit-PatchSet: 13
Gerrit-Owner: Dvorapa <dvorapa(a)seznam.cz>
Gerrit-Reviewer: D3r1ck <alangiderick(a)gmail.com>
Gerrit-Reviewer: D3r1ck01 <xsavitar.wiki(a)aol.com>
Gerrit-Reviewer: Dalba <dalba.wiki(a)gmail.com>
Gerrit-Reviewer: Dvorapa <dvorapa(a)seznam.cz>
Gerrit-Reviewer: Framawiki <framawiki(a)tools.wmflabs.org>
Gerrit-Reviewer: Huji <huji.huji(a)gmail.com>
Gerrit-Reviewer: JJMC89 <JJMC89.Wikimedia(a)gmail.com>
Gerrit-Reviewer: Ladsgroup <Ladsgroup(a)gmail.com>
Gerrit-Reviewer: Legoktm <legoktm(a)member.fsf.org>
Gerrit-Reviewer: Mpaa <mpaa.wiki(a)gmail.com>
Gerrit-Reviewer: XZise <CommodoreFabianus(a)gmx.de>
Gerrit-Reviewer: Xqt <info(a)gno.de>
Gerrit-Reviewer: Zhuyifei1999 <zhuyifei1999(a)gmail.com>
Gerrit-Reviewer: jenkins-bot (75)