When one of the fedora-messaging consumers I have running on openqa-stg01.qa.fedoraproject.org tries to edit the wiki, to file a result or create a validation event, it fails. The problem seems to be this:
DEBUG:urllib3.connectionpool:https://stg.fedoraproject.org:443 "POST /w/api.php HTTP/1.1" 200 226 Unhandled error writing pages! Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/mwclient/page.py", line 218, in save result = do_edit() File "/usr/lib/python3.7/site-packages/mwclient/page.py", line 213, in do_edit **data) File "/usr/lib/python3.7/site-packages/mwclient/client.py", line 244, in post return self.api(action, 'POST', *args, **kwargs) File "/usr/lib/python3.7/site-packages/mwclient/client.py", line 287, in api if self.handle_api_result(info, sleeper=sleeper): File "/usr/lib/python3.7/site-packages/mwclient/client.py", line 328, in handle_api_result info['error']['info'], info['error']['*']) mwclient.errors.APIError: ('badtoken', 'Invalid CSRF token.', 'See https://stg.fedoraproject.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes.') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/relval", line 11, in <module> load_entry_point('relval==2.4.2', 'console_scripts', 'relval')() File "/usr/lib/python3.7/site-packages/relval/cli.py", line 523, in main args.func(args, site) File "/usr/lib/python3.7/site-packages/relval/cli.py", line 320, in create_compose testtypes=testtypes, force=args.force, current=current) File "/usr/lib/python3.7/site-packages/wikitcms/event.py", line 249, in create _handle_existing(err) File "/usr/lib/python3.7/site-packages/wikitcms/event.py", line 241, in _handle_existing raise err File "/usr/lib/python3.7/site-packages/wikitcms/event.py", line 247, in create pag.write(createonly=createonly) File "/usr/lib/python3.7/site-packages/wikitcms/page.py", line 121, in write self.save(seedtext, summary, createonly=createonly) File "/usr/lib/python3.7/site-packages/wikitcms/page.py", line 140, in save ret = super(Page, self).save(*args, **kwargs) File "/usr/lib/python3.7/site-packages/mwclient/page.py", line 226, in save self.handle_edit_error(e, summary) File "/usr/lib/python3.7/site-packages/mwclient/page.py", line 250, in handle_edit_error raise e File "/usr/lib/python3.7/site-packages/mwclient/page.py", line 224, in save result = do_edit() File "/usr/lib/python3.7/site-packages/mwclient/page.py", line 213, in do_edit **data) File "/usr/lib/python3.7/site-packages/mwclient/client.py", line 244, in post return self.api(action, 'POST', *args, **kwargs) File "/usr/lib/python3.7/site-packages/mwclient/client.py", line 287, in api if self.handle_api_result(info, sleeper=sleeper): File "/usr/lib/python3.7/site-packages/mwclient/client.py", line 328, in handle_api_result info['error']['info'], info['error']['*']) mwclient.errors.APIError: ('badtoken', 'Invalid CSRF token.', 'See https://stg.fedoraproject.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes.')
basically mediawiki is returning a 'badtoken' error. mwclient is set to retry once when this happens, and if it fails again, it just dies. That's what happens here (the first traceback is the initial attempt, the second is the retry).
@puiterwijk says:
<puiterwijk> So, that means the API auth extension no longer matches the mediawiki code. <puiterwijk> It's using some... hacky internals in order to make sure the CSRF tokens aren't an issue <puiterwijk> adamw: could you open an infra ticket on that one? I'll ask Alan to look at it
Metadata Update from @kevin: - Issue priority set to: Waiting on Assignee (was: Needs Review)
Ugh. For some reason I misread this and didn't think it was as serious as it is... and I went and updated production mediawiki. Sorry. ;(
So, we will need to figure this out sooner rather than later...
Oh. Ah. Now I see what you were saying. Yes, this is a serious problem. The whole release validation process relies on automated wiki edits.
Metadata Update from @puiterwijk: - Issue assigned to puiterwijk
Turns out this was hotfixed in the previous setup, and the package never got updated to mediawiki-OpenIDConnectAPI v0.3, which had the fix for this.
Metadata Update from @puiterwijk: - Assignee reset
ok. I have updated to that version on all wikis.
@adamwill can you please test and confirm it's fixed?
Metadata Update from @kevin: - Issue assigned to kevin - Issue tagged with: authentication
Our savior coconut is posting again, so I think this is all fixed..
Please re-open if it's not.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
yeah, if coconut is posting that means this is fixed.
Login to comment on this ticket.