Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

morebits: Modernize token handling #615

Closed
Amorymeltzer opened this issue May 3, 2019 · 0 comments · Fixed by #888
Closed

morebits: Modernize token handling #615

Amorymeltzer opened this issue May 3, 2019 · 0 comments · Fixed by #888
Assignees
@Amorymeltzer
Labels
Module: morebits The morebits.js library

Comments

@Amorymeltzer
Copy link
Collaborator

No description provided.

@Amorymeltzer Amorymeltzer added the Module: morebits The morebits.js library label May 3, 2019
Amorymeltzer added a commit to Amorymeltzer/twinkle that referenced this issue May 3, 2019
@Amorymeltzer
morebits: Add undeletePage to morebits.wiki.page
228943a 
Basically just copy the stuff for deletePage, less following redirects.  deletePage was added in 4b92869 along with move, but unlike protect (68132e5) delete and undelete are one-way streets.  Uses a dumb kludge to get around the lack of a proper token until we can rewrite the token handling stuff in `morebits` (wikimedia-gadgets#615).
@Amorymeltzer Amorymeltzer mentioned this issue May 3, 2019
Merged
Amorymeltzer added a commit to Amorymeltzer/twinkle that referenced this issue May 4, 2019
@Amorymeltzer
morebits: Add undeletePage to morebits.wiki.page
47c9cf9 
Basically just copy the stuff for deletePage, less following redirects.  deletePage was added in 4b92869 along with move, but unlike protect (68132e5) delete and undelete are one-way streets.  Uses a dumb kludge to get around the lack of a proper token until we can rewrite the token handling stuff in `morebits` (wikimedia-gadgets#615).
Amorymeltzer added a commit to Amorymeltzer/twinkle that referenced this issue May 4, 2019
@Amorymeltzer
morebits: Add undeletePage to morebits.wiki.page
3b0f12e 
Basically just copy the stuff for deletePage, less following redirects.  deletePage was added in 4b92869 along with move, but unlike protect (68132e5) delete and undelete are one-way streets.  Uses a dumb kludge to get around the lack of a proper token until we can rewrite the token handling stuff in `morebits` (wikimedia-gadgets#615).
Amorymeltzer added a commit to Amorymeltzer/twinkle that referenced this issue Sep 26, 2019
@Amorymeltzer
morebits: Use csrfToken in mw.user.tokens
327e053 
We need to migrate our token usage properly (wikimedia-gadgets#615, noted in wikimedia-gadgets#616) but one simple step is moving from `mw.user.tokens.get('editToken')` to `mw.user.tokens.get('csrfToken')`.  Using `csrfToken` in favor of `editToken` was done back in 2015/2016 with the move away from `action=tokens` to `meta=tokens`.  Both `editToken` and `csrfToken` have been provided in the `mw.user.tokens` object for quite some time, and the former is finally being deprecated (see [T233442](https://phabricator.wikimedia.org/T233442)).  The presence of the `edittoken` attribute in xml responses is unchanged.
@Amorymeltzer Amorymeltzer mentioned this issue Sep 26, 2019
Merged
@Amorymeltzer Amorymeltzer mentioned this issue Dec 23, 2019
Merged
@Amorymeltzer Amorymeltzer self-assigned this Feb 24, 2020
Amorymeltzer added a commit to Amorymeltzer/twinkle that referenced this issue Mar 14, 2020
@Amorymeltzer
morebits: Replace intoken/edittoken with csrftoken obtained via meta=…
e2cf8ef 
…tokens

Deprecated ages ago (see https://www.mediawiki.org/wiki/MediaWiki_1.24#API_changes and https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/153110/).  Closes wikimedia-gadgets#615.

Use `curtimestamp` on `.load` calls now that we no longer use `intoken`.  As noted in wikimedia-gadgets#741, `starttimestamp` was only available because we were still using the outdated `intoken` method.  With that gone, we need to explicitly provide `query.curtimestamp`, thus replicating the loading timestamp that we can feed it into `starttimestamp` and avoid edit conflicts.  Also replaced `intoken` in `twinklefluff.js` and removed the undelete kludge from wikimedia-gadgets#616.  Some references to token names in error messages are kept for ease of debugging.
@Amorymeltzer Amorymeltzer mentioned this issue Mar 14, 2020
Merged
wiki-ST47 pushed a commit to wiki-ST47/twinkle that referenced this issue Sep 2, 2020
@Amorymeltzer @wiki-ST47
morebits: Replace intoken/edittoken with csrftoken obtained via meta=…
ad803a2 
…tokens

Deprecated ages ago (see https://www.mediawiki.org/wiki/MediaWiki_1.24#API_changes and https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/153110/).  Closes wikimedia-gadgets#615.

Use `curtimestamp` on `.load` calls now that we no longer use `intoken`.  As noted in wikimedia-gadgets#741, `starttimestamp` was only available because we were still using the outdated `intoken` method.  With that gone, we need to explicitly provide `query.curtimestamp`, thus replicating the loading timestamp that we can feed it into `starttimestamp` and avoid edit conflicts.  Also replaced `intoken` in `twinklefluff.js` and removed the undelete kludge from wikimedia-gadgets#616.  Some references to token names in error messages are kept for ease of debugging.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Amorymeltzer Amorymeltzer

Labels
Module: morebits The morebits.js library
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

morebits: Use csrftoken obtained via meta=tokens Amorymeltzer/twinkle
1 participant
@Amorymeltzer