DotNetWikiBot Framework / Bugs / #110 Token returned during login ist longer than 32 chararcters

#110 Token returned during login ist longer than 32 chararcters

Status: closed-invalid

Owner: nobody

Labels: None

Updated: 2016-02-14

Created: 2016-02-14

Creator: JER

Private: No

At least for dewiki the token returend by api.php?action=login ist longer than 32 char. I've detected this problem with version 2.101 but it looks like the current version has the same issue. Btw. "api.php?action=login" seems to be deprecated, "api.php?action=query&meta=tokens&type=login" should by used. I saw this in the returned XML-string.

Nevertheless: I use your framework for long and it's great to have it! Thank you!

Discussion

CodeDriller - 2016-02-14

Getting login security token via "?action=query&meta=tokens&type=login" was implemented in version 3.15.

As for older versions, does 32-char security token prevent successful login?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- JER - 2016-02-14
  
  Yes, I think all current version will fail, also 3.15
  This doesn't work any more:
  
  loginToken = respStr.Substring(tokenPos + 7, 32);
  
  The token is longer than 32, instead you must look for terminating Quote like this:
  
  int tokenPos = respStr.IndexOf("token=\""); if (tokenPos < 1) throw new WikiBotException( "\n\n" + Bot.Msg("Login failed. Check your username and password.") + "\n"); tokenPos += 7; // skip token=" int tokenPosEnd = respStr.IndexOf("\"", tokenPos); string loginToken = respStr.Substring(tokenPos, tokenPosEnd-tokenPos);
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CodeDriller - 2016-02-14

status: open --> closed-invalid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CodeDriller - 2016-02-14

No, version 3.15 doesn't rely on the Substring(), it gets the token using XElement:

loginToken = tokenXml.Element("query").Element("tokens").Attribute("logintoken").Value;

3.15 works properly, I tested it thoroughly before release.

Older versions can't login via API now because security token is no longer supplied via "api.php?action=login" at all. It's not because of 32-char token.

Please, either re-implement "api.php?action=query&meta=tokens&type=login" in your version or upgrade to 3.15 (I advise the latter).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- JER - 2016-02-14
  
  For Version 2.101 login via API works with my suggestion. On Friday I tried 3.14 (3.15 was not released at this moment), it didn't work for dewiki ("invalid token"). Perhaps I will try 3.15 this week.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CodeDriller - 2016-02-14

Ok, I see. Anyway it's too late to fix Substring(), the whole routine was replaced in v3.15.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.