-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
morebits: Modernize token handling #615
Labels
Module: morebits
The morebits.js library
Comments
Amorymeltzer
added a commit
to Amorymeltzer/twinkle
that referenced
this issue
May 3, 2019
Basically just copy the stuff for deletePage, less following redirects. deletePage was added in 4b92869 along with move, but unlike protect (68132e5) delete and undelete are one-way streets. Uses a dumb kludge to get around the lack of a proper token until we can rewrite the token handling stuff in `morebits` (wikimedia-gadgets#615).
Amorymeltzer
added a commit
to Amorymeltzer/twinkle
that referenced
this issue
May 4, 2019
Basically just copy the stuff for deletePage, less following redirects. deletePage was added in 4b92869 along with move, but unlike protect (68132e5) delete and undelete are one-way streets. Uses a dumb kludge to get around the lack of a proper token until we can rewrite the token handling stuff in `morebits` (wikimedia-gadgets#615).
Amorymeltzer
added a commit
to Amorymeltzer/twinkle
that referenced
this issue
May 4, 2019
Basically just copy the stuff for deletePage, less following redirects. deletePage was added in 4b92869 along with move, but unlike protect (68132e5) delete and undelete are one-way streets. Uses a dumb kludge to get around the lack of a proper token until we can rewrite the token handling stuff in `morebits` (wikimedia-gadgets#615).
Amorymeltzer
added a commit
to Amorymeltzer/twinkle
that referenced
this issue
Sep 26, 2019
We need to migrate our token usage properly (wikimedia-gadgets#615, noted in wikimedia-gadgets#616) but one simple step is moving from `mw.user.tokens.get('editToken')` to `mw.user.tokens.get('csrfToken')`. Using `csrfToken` in favor of `editToken` was done back in 2015/2016 with the move away from `action=tokens` to `meta=tokens`. Both `editToken` and `csrfToken` have been provided in the `mw.user.tokens` object for quite some time, and the former is finally being deprecated (see [T233442](https://phabricator.wikimedia.org/T233442)). The presence of the `edittoken` attribute in xml responses is unchanged.
Amorymeltzer
added a commit
to Amorymeltzer/twinkle
that referenced
this issue
Mar 14, 2020
…tokens Deprecated ages ago (see https://www.mediawiki.org/wiki/MediaWiki_1.24#API_changes and https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/153110/). Closes wikimedia-gadgets#615. Use `curtimestamp` on `.load` calls now that we no longer use `intoken`. As noted in wikimedia-gadgets#741, `starttimestamp` was only available because we were still using the outdated `intoken` method. With that gone, we need to explicitly provide `query.curtimestamp`, thus replicating the loading timestamp that we can feed it into `starttimestamp` and avoid edit conflicts. Also replaced `intoken` in `twinklefluff.js` and removed the undelete kludge from wikimedia-gadgets#616. Some references to token names in error messages are kept for ease of debugging.
wiki-ST47
pushed a commit
to wiki-ST47/twinkle
that referenced
this issue
Sep 2, 2020
…tokens Deprecated ages ago (see https://www.mediawiki.org/wiki/MediaWiki_1.24#API_changes and https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/153110/). Closes wikimedia-gadgets#615. Use `curtimestamp` on `.load` calls now that we no longer use `intoken`. As noted in wikimedia-gadgets#741, `starttimestamp` was only available because we were still using the outdated `intoken` method. With that gone, we need to explicitly provide `query.curtimestamp`, thus replicating the loading timestamp that we can feed it into `starttimestamp` and avoid edit conflicts. Also replaced `intoken` in `twinklefluff.js` and removed the undelete kludge from wikimedia-gadgets#616. Some references to token names in error messages are kept for ease of debugging.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: