Recover from lost sessions instead of failing writes#999
Merged
Conversation
Uses the target instance's own wbcheckconstraints API action (from the WikibaseQualityConstraints extension) instead of a hardcoded, Wikidata-specific rule set, so it works against any Wikibase instance with the extension installed. Closes #154 Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
The 3-legged OAuth1 handshake (Special:OAuth/initiate, authenticate, token) is reimplemented with requests_oauthlib.OAuth1 and requests, mirroring what mwoauth did internally, removing the extra dependency. Also fixes continue_oauth(), which previously crashed with an AttributeError because mediawiki_api_url/instantiation_time were never initialized after completing the handshake. Fixes #318 Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Renewing the CSRF token only re-reads it off the current session
cookies, so it cannot resurrect a session the server has already
invalidated: writes then fail with assertuserfailed/assertbotfailed
("You are no longer logged in..."), no matter how often the token is
refreshed. Login and Clientlogin now keep their credentials so they
can redo a full login, and mediawiki_api_call transparently
re-authenticates and retries once when the API reports the session is
gone.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
generate_edit_credentials()) only re-reads a CSRF token off the current session cookies. If the server has already invalidated the underlying session (server-side session store eviction/expiry), no amount of token renewal can recover it — the next write fails withassertuserfailed/assertbotfailed, with no retry and no re-login attempt anywhere in the call chain.LoginandClientloginnow retain their credentials and can redo a full login (reauthenticate()), andmediawiki_api_call()automatically calls it and retries once when the API reportsassertuserfailed/assertbotfailed/notloggedin, instead of raising immediately.OAuth2.reauthenticate()(inherited default) already re-fetches its access token viagenerate_edit_credentials(), so it's covered too. OAuth1 is per-request-signed rather than session/cookie based, so it isn't affected by this failure mode.Test plan
test/test_wbi_login.py(TestBotPasswordLogin/TestClientLogin):reauthenticate()redoes the full login flow; a simulated session loss duringedit_entity()recovers transparently.test/test_wbi_helpers.py(TestSessionRecovery):assertuserfailed/assertbotfailed/notloggedintrigger re-authentication + retry when a login object is available, and still raiseMWApiErrorwhen it isn't.python -m pytest test/ -m "not integration"→ 203 passed.mypyclean on the modified modules.🤖 Generated with Claude Code