Last modified: 2014-05-09 16:19:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T53505, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 51505 - SF AutoEdit API doesn't require edit token
SF AutoEdit API doesn't require edit token
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
SemanticForms (Other open bugs)
master
All All
: Unprioritized major (vote)
: ---
Assigned To: s7eph4n
:
Depends on:
Blocks: hackathon2014
  Show dependency treegraph
 
Reported: 2013-07-17 04:32 UTC by Jamie Thingelstad
Modified: 2014-05-09 16:19 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jamie Thingelstad 2013-07-17 04:32:18 UTC 
I noticed that when I pass an edit token to the SF AutoEdit API it gives a warning:

… 'warnings': {'main': {'*': "Unrecognized parameters: 'Team', 'token'"}}

(Ignore the Team one, that's my issue).

It seems that this API probably should handle, and even better, require and edit token given the function.
Comment 1 Yaron Koren 2013-07-18 02:49:10 UTC 
Re-assigning to f.trott.
Comment 2 Aditya Chaturvedi 2014-03-05 23:45:44 UTC 
Please tell how to reproduce this bug. I wasn't able to build the exact api url... Please share the URL if possible.
Comment 4 Jamie Thingelstad 2014-03-08 22:30:56 UTC 
Sorry for not getting that to you, but you figured it out. In essence, that edit should NOT work without the token, but it does.
Comment 5 Gerrit Notification Bot 2014-03-28 17:47:33 UTC 
Change 121698 had a related patch set uploaded by Pawanseerwani:
Add token parameter to SF Autoedit API

https://gerrit.wikimedia.org/r/121698
Comment 6 Pawan Seerwani 2014-03-28 22:47:32 UTC 
Hi,
I have submitted a patch which solves the issue. It takes the hash string in token parameter and checks it at backend and throws an exception if its incorrect token.

But my concern is how does the mediawiki user generate this token?
Comment 7 s7eph4n 2014-03-29 12:34:00 UTC 
@Jamie Thingelstad: Do you have the possibility to test the patch? I think it should work, but I am not too much into API stuff, so I'd really like somebody else to have a look. (Be aware that this patch right now will cause SF to reject it's own forms, since they do not contain the token yet. This means editing is only possible using the API.)
Comment 8 Gerrit Notification Bot 2014-05-09 16:16:06 UTC 
Change 121698 merged by Foxtrott:
Add token parameter to SF Autoedit API

https://gerrit.wikimedia.org/r/121698
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links