[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dalba added a comment. Could you give BotParsswords or OAuth a try, please, and see if the same `Invalid CSRF token` error occurs or not? TASK DETAIL https://phabricator.

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. Sure, I will give OAuth a try. But first, I need someone to add my bot to the "confirmed" group on Meta . TASK DETAIL https://phabricator.wikimedia.org/T22

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. Alright, I tried OAuth and when I was creating the consumer on meta, I made sure to check "Block and unblock users". However, when the bot gets to the point that it tries to block an IP I get this error message: ... Checking 109.169.72.36 Traceback (most r

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. With BotPasswords, the CSRF error is not shown. TASK DETAIL https://phabricator.wikimedia.org/T229293 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Huji Cc: Dalba, Framawiki, Aklapper, Huji, pywikibot-bugs-list, Viztor, Dan

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dalba added a comment. In T229293#5418675 , @Huji wrote: > With BotPasswords, the CSRF error was not shown when the first block was done. When a second block was attempted, I got a Login failed error. Here are some relevant portions of

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dvorapa added a comment. > I wonder why you're being prompted for typing your password again, maybe your `user-config.py`/`password_file` is not configured properly? You should delete pywikibot.lwp file or download/clone Pywikibot freshly to the new folder TASK DETAIL https://phabrica

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. @Dalba I just ran this simplified bot on fawiki and ran into the same issue (of it asking me to login again): import pywikibot from pywikibot import Site proxies = ('198.16.74.205', '204.14.73.69', '185.217.117.2') class FindProxyBot():

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dalba added a comment. @Huji, are having multiple pywikibot processes running on the same machine? Maybe this is a the result of a race condition between them. If so, try it with a single processes at a time. TASK DETAIL https://phabricator.wikimedia.org/T229293 EMAIL PREFERENCES https:

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. No. Only one instance, run in solitude. TASK DETAIL https://phabricator.wikimedia.org/T229293 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Huji Cc: Dvorapa, Dalba, Framawiki, Aklapper, Huji, pywikibot-bugs-list, Viztor, D

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dalba added a comment. In T229293#5423342 , @Huji wrote: > Mine is like this: > > ('HujiBot', BotPassword('HujiBot', 'REDACTED')) Unless your wiki's family name is `HujiBot`, it should be rewritten like this: ('wikipedia

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. Correct. Here is how I have it now: ('fa', 'wikipedia', 'HujiBot', BotPassword('HujiBot', 'REDACTED')) I verified that `login.py` can be run with this configuration without any issues. I have also updated the bot script so that it explicitly says when it is t

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dalba added a comment. I'm curious to know if `e.info` contains any more details. Adding the following print statement to `login.py` should print it: pywikibot-core[master] $ git diff diff --git a/pywikibot/login.py b/pywikibot/login.py index 3bc76619..b9bee2b2 100644 --

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. First of all, I found out something really interesting: when I run the bot against test.wikipedia.org it works without any issues. When I run it against fa.wikipedia.org I get that Login Failed error followed by the script asking for my password. This made me remem

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. And here is a comparison of the rights of the "sysop" group to those my bot holds by being in both "bot" and "botdamin" groups: | right | sysop | bot or botadmin | | - | | | | abusefilter-l

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

gerritbot added a comment. Change 531589 had a related patch set uploaded (by Huji; owner: Huji): [pywikibot/core@master] Check a user's rights, not groups, to ascertain permissions https://gerrit.wikimedia.org/r/531589 TASK DETAIL https://phabricator.wikimedia.org/T229293 EMAIL PRE

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. I just confirmed that the patch above fixes the issue both using the traditional username and password based user configuration, as well as using the BotPasswords configuration. The OAuth approach does not work, but that is not due to the issue discussed in this ta

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. In T229293#5430073 , @JJMC89 wrote: > In T229293#5430001 , @Huji wrote: > >> First of all, I found out something really interesting: when I run the bot against

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Ciencia_Al_Poder added a comment. I think the bot shouldn't check user rights neither. Do what the bot owner has instructed it to do, and if you can't by permissions, the api will return a relevant error. TASK DETAIL https://phabricator.wikimedia.org/T229293 EMAIL PREFERENCES https://ph

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Huji added a comment. @Ciencia_Al_Poder I agree with you in essence. All of these checks are a side effect of the fact that we have historically allowed a user to run *one* bot script with a configuration that includes *more than one* user account (one normal account, one sysop account). Th

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

Dvorapa added a comment. Yes, the functionality is archaic and for todays needs of sysops (one sysop account, one bot account) it does not work well anyway (Pywikibot should support some //easy// switching between two accounts in the future). Also I think the functionality to set different a

[Pywikipedia-bugs] [Maniphest] [Commented On] T229293: invalid CSRF token error shown with each block

gerritbot added a comment. Change 531589 **merged** by jenkins-bot: [pywikibot/core@master] Check a user's rights before checking its group memberships https://gerrit.wikimedia.org/r/531589 TASK DETAIL https://phabricator.wikimedia.org/T229293 EMAIL PREFERENCES https://phabricator