Last modified: 2014-05-09 16:19:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T53505, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 51505 - SF AutoEdit API doesn't require edit token


Summary:	SF AutoEdit API doesn't require edit token

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	SemanticForms (Other open bugs)
Version:	master
Hardware:	All All

Importance:	Unprioritized major (vote)
Target Milestone:	---
Assigned To:	s7eph4n

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	hackathon2014
	Show dependency tree / graph

Reported:	2013-07-17 04:32 UTC by Jamie Thingelstad
Modified:	2014-05-09 16:19 UTC (History)
CC List:	2 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jamie Thingelstad 2013-07-17 04:32:18 UTC

I noticed that when I pass an edit token to the SF AutoEdit API it gives a warning:

… 'warnings': {'main': {'*': "Unrecognized parameters: 'Team', 'token'"}}

(Ignore the Team one, that's my issue).

It seems that this API probably should handle, and even better, require and edit token given the function.

Comment 1 Yaron Koren 2013-07-18 02:49:10 UTC

Re-assigning to f.trott.

Comment 2 Aditya Chaturvedi 2014-03-05 23:45:44 UTC

Please tell how to reproduce this bug. I wasn't able to build the exact api url... Please share the URL if possible.

Comment 3 Aditya Chaturvedi 2014-03-07 17:36:05 UTC

Got it. 
Example URL:
http://127.0.0.1:8080/w/api.php?form=form_new&target=Capitalss&action=sfautoedit&token=sfsdfsqe2sd&format=json

Comment 4 Jamie Thingelstad 2014-03-08 22:30:56 UTC

Sorry for not getting that to you, but you figured it out. In essence, that edit should NOT work without the token, but it does.

Comment 5 Gerrit Notification Bot 2014-03-28 17:47:33 UTC

Change 121698 had a related patch set uploaded by Pawanseerwani:
Add token parameter to SF Autoedit API

https://gerrit.wikimedia.org/r/121698

Comment 6 Pawan Seerwani 2014-03-28 22:47:32 UTC

Hi,
I have submitted a patch which solves the issue. It takes the hash string in token parameter and checks it at backend and throws an exception if its incorrect token.

But my concern is how does the mediawiki user generate this token?

Comment 7 s7eph4n 2014-03-29 12:34:00 UTC

@Jamie Thingelstad: Do you have the possibility to test the patch? I think it should work, but I am not too much into API stuff, so I'd really like somebody else to have a look. (Be aware that this patch right now will cause SF to reject it's own forms, since they do not contain the token yet. This means editing is only possible using the API.)

Comment 8 Gerrit Notification Bot 2014-05-09 16:16:06 UTC

Change 121698 merged by Foxtrott:
Add token parameter to SF Autoedit API

https://gerrit.wikimedia.org/r/121698

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links