⚓ T293543 Unable to login via API key with Pattypan, Commonist, and VicuñaUploader

⚓ T293543 Unable to login via API key with Pattypan, Commonist, and VicuñaUploader
Page Menu
Phabricator
Create Task
Maniphest
T293543
Unable to login via API key with Pattypan, Commonist, and VicuñaUploader
Closed, Declined
Public
BUG REPORT
Actions
Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Mute Notifications
Protect as security issue
Assigned To
None
Authored By
King_of_Hearts
Oct 16 2021, 2:47 AM
2021-10-16 02:47:15 (UTC+0)
Tags
Commons
(Incoming)
MediaWiki-Action-API
(Unsorted)
Referenced Files
F34737989: Screenshot 2021-11-08 at 12.12.09.png
Nov 8 2021, 12:18 PM
2021-11-08 12:18:21 (UTC+0)
F34737988: Screenshot 2021-11-08 at 12.12.31.png
Nov 8 2021, 12:18 PM
2021-11-08 12:18:21 (UTC+0)
Subscribers
Abbe98
Agathoclea
Aklapper
Alicia_Fagerving_WMSE
AntiCompositeNumber
Ato_01
DerHexer
View All 30 Subscribers
Description
Multiple users have reported being unable to log in to various Commons upload tools such as Pattypan, Commonist, and VicunaUploader. I have tried Pattypan and can confirm that it works normally until the login stage, where it comes back with "Login failed". As I have 2FA enabled on my account, I am using an API password, as described in these instructions:
Since multiple independent tools are failing, this appears to be a problem with the Wikimedia API rather than with any individual tool.
Related Objects
Search...
Task Graph
Mentions
Duplicates
Status
Subtype
Assigned
Task
Declined
BUG REPORT
None
T293543
Unable to login via API key with Pattypan, Commonist, and VicuñaUploader
Open
None
T295382
Update PattyPan documentation
Mentioned In
T298340: Java-Tools (Commonist,Imker) not working any more
T295215: Several Wikimedia Commons upload tools authentication mechanism broken recently
Mentioned Here
T280806: Remove old action api token parameters
Duplicates Merged Here
T298340: Java-Tools (Commonist,Imker) not working any more
T295215: Several Wikimedia Commons upload tools authentication mechanism broken recently
Event Timeline
King_of_Hearts
created this task.
Oct 16 2021, 2:47 AM
2021-10-16 02:47:15 (UTC+0)
Restricted Application
added a subscriber:
Aklapper
View Herald Transcript
Oct 16 2021, 2:47 AM
2021-10-16 02:47:16 (UTC+0)
Peachey88
edited projects, added
MediaWiki-Action-API
; removed
API Platform
Oct 16 2021, 8:06 AM
2021-10-16 08:06:30 (UTC+0)
taavi
closed this task as
Declined
Oct 16 2021, 8:34 AM
2021-10-16 08:34:10 (UTC+0)
taavi
subscribed.
Comment Actions
There's recently been two major API-affecting changes:
An older Let's Encrypt root expired
, which causes issues with old operating systems / runtimes and misbehaving TLS implementations which don't recognize the alternative valid chain
We removed some API methods deprecated since 2014
after multiple warnings to authors of affected bots / tools.
Doing quick searches on the issue trackers of the tools you mentioned suggests (for example:
commonist
pattypan
vicuña
) that those two issues are causing the breakage you're seeing. I'm closing this task because we don't plan on doing anything to them on the MediaWiki side.
Aklapper
renamed this task from
Unable to login via API key
to
Unable to login via API key with Pattypan, Commonist, and VicunaUploader
Oct 16 2021, 11:40 AM
2021-10-16 11:40:07 (UTC+0)
Tacsipacsi
renamed this task from
Unable to login via API key with Pattypan, Commonist, and VicunaUploader
to
Unable to login via API key with Pattypan, Commonist, and VicuñaUploader
Oct 16 2021, 2:51 PM
2021-10-16 14:51:41 (UTC+0)
Tacsipacsi
subscribed.
DerHexer
subscribed.
Oct 17 2021, 8:35 PM
2021-10-17 20:35:49 (UTC+0)
Legoktm
mentioned this in
T295215: Several Wikimedia Commons upload tools authentication mechanism broken recently
Nov 6 2021, 7:26 PM
2021-11-06 19:26:55 (UTC+0)
JeanFred
merged a task:
T295215: Several Wikimedia Commons upload tools authentication mechanism broken recently
Nov 6 2021, 9:42 PM
2021-11-06 21:42:50 (UTC+0)
JeanFred
added subscribers:
JeanFred
Legoktm
Abbe98
subscribed.
Nov 7 2021, 2:14 PM
2021-11-07 14:14:01 (UTC+0)
Comment Actions
These tools are all affected by
T280806
, and the outreach seems to have targeted bots and user scripts. I personally never caught any of the outreach through the normal channels as the framing has been "these things we deprecated back in 2014"(although these API calls have been widely used after the 2014 change) nor have any "warnings" reached me even though Pattypan is one of the most popular batch upload tools to Commons used by many chapters and GLAMs.
Nor is this a quick change of "just replacing a few API queries", as many of these tools are affected through dependencies of various kinds.
VIGNERON
subscribed.
Nov 7 2021, 2:48 PM
2021-11-07 14:48:35 (UTC+0)
Legoktm
added a comment.
Nov 8 2021, 12:00 AM
2021-11-08 00:00:25 (UTC+0)
Comment Actions
In
T293543#7487889
@Abbe98
wrote:
These tools are all affected by
T280806
, and the outreach seems to have targeted bots and user scripts. I personally never caught any of the outreach through the normal channels as the framing has been "these things we deprecated back in 2014"(although these API calls have been widely used after the 2014 change) nor have any "warnings" reached me even though Pattypan is one of the most popular batch upload tools to Commons used by many chapters and GLAMs.
General questions:
Do you (or another pattypan developer) subscribe to the mediawiki-api-announce mailing list? Or Tech News? What "normal channels" are you typically following?
Does pattypan use a distinct user-agent that makes it easy to identify in server logs? (
Does pattypan log warnings that the API emits when you use deprecated functionality? (
Abbe98
added a comment.
Nov 8 2021, 1:11 AM
2021-11-08 01:11:42 (UTC+0)
Comment Actions
Do you (or another pattypan developer) subscribe to the mediawiki-api-announce mailing list? Or Tech News? What "normal channels" are you typically following?
I'm personally only actively follows Tech News, where I have seen this announced twice shortly before the deprecation. I did however not investigate this as it in both cases was described as the removal of features since long deprecated(before I maintained popular tools and before Pattypan was even created) rather than the removal of widely used features.
Does pattypan use a distinct user-agent that makes it easy to identify in server logs? (
Yes in using the following format: "pattypan/(
Does pattypan log warnings that the API emits when you use deprecated functionality? (
No, nor does Pattypan has any type of centralized logging or telemetry tracking.
JeanFred
added a subscriber:
Reedy
Nov 8 2021, 8:30 AM
2021-11-08 08:30:14 (UTC+0)
Comment Actions
There was direct outreach to Commonist by
@Reedy
with
August 24th (7 days before the days before the deadline) − which the volunteer maintainer acknowledged on September 12th. As far as I can tell, there was no such outreach to Pattypan and Vicuna.
(Even assuming that the maintainers had been / would have been super reactive to the warning and put out a release right away − these are desktop applications − it’s not over the minute a release is out. It could have taken several more weeks to get the upgrade through)
Reedy
added a comment.
Nov 8 2021, 12:18 PM
2021-11-08 12:18:21 (UTC+0)
Comment Actions
In
T293543#7488401
@JeanFred
wrote:
There was direct outreach to Commonist by
@Reedy
with
August 24th (7 days before the days before the deadline) − which the volunteer maintainer acknowledged on September 12th. As far as I can tell, there was no such outreach to Pattypan and Vicuna.
(Even assuming that the maintainers had been / would have been super reactive to the warning and put out a release right away − these are desktop applications − it’s not over the minute a release is out. It could have taken several more weeks to get the upgrade through)
I filed
back in July.
There was outreach to the projects (on and off wiki) where I could see significant/numerous deprecated API calls where it was clear what program it was (from the User Agent). And out to various individual bot owners/maintainers starting back in July. And various ignored that too, repeatedly.
I had a look since the start of July in logstash... It's another yarl repo, and uses Wiki.java...
There's numerous Wiki.java useragents with nothing more than the version of Wiki.java in it, no supplemental information.
This is the reason we have
, and more specifically an example like:
User-Agent: CoolTool/0.0 (
; cool-tool@example.org) generic-library/0.0
The generic format is / () / [/ ...]. Parts that are not applicable can be omitted.
Vicuna has
. And Pattypan looks to have
(and other wiring of course) but when there's 0 results in logstash since July, I'm a little suspicious that this latter one is actually working properly.
I just filed
for them to confirm they're actually setting the useragent that they're trying to do so.
If it doesn't appear in the logs, it's a little hard to know who to reach out to.
And as per
T280806#7305738
and
T280806#7399684
... The number of deprecated API calls (relating to this issue) that were stopped was massive.
JeanFred
added a comment.
Nov 8 2021, 2:40 PM
2021-11-08 14:40:08 (UTC+0)
Comment Actions
In
T293543#7488987
@Reedy
wrote:
In
T293543#7488401
@JeanFred
wrote:
As far as I can tell, there was no such outreach to Pattypan and Vicuna.
I filed
back in July.
I stand corrected! Thanks for having reached out :)
Fuzheado
subscribed.
Nov 11 2021, 10:25 AM
2021-11-11 10:25:30 (UTC+0)
Fuzheado
claimed this task.
Nov 11 2021, 10:31 AM
2021-11-11 10:31:50 (UTC+0)
Fuzheado
removed
Fuzheado
as the assignee of this task.
John_Cummings
subscribed.
Edited
Nov 16 2021, 5:08 PM
2021-11-16 17:08:02 (UTC+0)
Comment Actions
Just to give people an idea of the size of the issue this is causing, Pattypan has been used to upload over 1.1 million images to Commons. Most of the people I know who are working with external organisations to share their content on Commons use this tool so all these projects are currently stopped until this issue is fixed. The only other option for mass uploads while this is down is using scripts which is way beyond the technical ability of most pople who work on partnerships. I'm personally working on a project which will upload up 50,000 to 100,000 images from a museum, without Pattypan I can't do it.
Thanks
Reedy
added a comment.
Nov 16 2021, 5:13 PM
2021-11-16 17:13:59 (UTC+0)
Comment Actions
Just to point out... There's two issues being bundled into one here in some ways.
If the issue is mostly due to the LetsEncrypt issues, there's nothing on the Wikimedia side to "fix". If it requires updates to Java versions etc, that's very much on the downstream developers of pattypan.
John_Cummings
added a comment.
Nov 16 2021, 5:20 PM
2021-11-16 17:20:36 (UTC+0)
Comment Actions
In
T293543#7507232
@Reedy
wrote:
Just to point out... There's two issues being bundled into one here in some ways.
If the issue is mostly due to the LetsEncrypt issues, there's nothing on the Wikimedia side to "fix". If it requires updates to Java versions etc, that's very much on the downstream developers of pattypan.
Thanks, is there a way to check which it is, and if it is the issue on the Wikimedia side who can fix it?
Reedy
added a comment.
Nov 16 2021, 5:22 PM
2021-11-16 17:22:34 (UTC+0)
Comment Actions
Based on
, it's related to the LetsEncrypt certs. Following that task is probably helpful.
SaraThomasWMUK
subscribed.
Nov 16 2021, 5:25 PM
2021-11-16 17:25:12 (UTC+0)
Comment Actions
Just wanted to +1 that Pattypan in particular being broken is a huge headache - it's the tool that we've been recommending to small (& indeed larger) GLAMs and Universities for the last few years, and I have one partnership whose engagement has now been completely interrupted until this is fixed. (They've been looking to do a test upload, and use that to train staff so that it can be implemented into their ongoing workflow, project was funded by an external body.)
Aklapper
added a comment.
Nov 16 2021, 6:14 PM
2021-11-16 18:14:29 (UTC+0)
Comment Actions
I'm afraid we all know that, and maintainers need to fix issues in those code bases, as pointed out already... :)
Legoktm
added a comment.
Nov 16 2021, 7:22 PM
2021-11-16 19:22:19 (UTC+0)
Comment Actions
Given how valuable/important Pattypan seems to be, I think it would benefit from some of
- whether it's more maintainers or better docs on how others can contribute to fix these kinds of issues.
Rubin16
subscribed.
Nov 17 2021, 6:14 AM
2021-11-17 06:14:45 (UTC+0)
John_Cummings
added a comment.
Nov 17 2021, 10:08 AM
2021-11-17 10:08:03 (UTC+0)
Comment Actions
@Legoktm
This would be very much appreciated, this is really a big issue for most people working with partner organisations because there isn't a workaround or alternative and do not have any technical skills to maintain the tools.
Alicia_Fagerving_WMSE
subscribed.
Nov 23 2021, 8:05 AM
2021-11-23 08:05:10 (UTC+0)
John_Cummings
added a subtask:
T295382: Update PattyPan documentation
Dec 14 2021, 1:09 PM
2021-12-14 13:09:05 (UTC+0)
Peachey88
mentioned this in
T298340: Java-Tools (Commonist,Imker) not working any more
Dec 27 2021, 11:51 PM
2021-12-27 23:51:27 (UTC+0)
JoKalliauer
merged a task:
T298340: Java-Tools (Commonist,Imker) not working any more
Dec 28 2021, 8:41 AM
2021-12-28 08:41:14 (UTC+0)
JoKalliauer
added subscribers:
JoKalliauer
Peachey88
RhinosF1
and
9 others
Don-vip
awarded a token.
Jan 11 2022, 3:38 PM
2022-01-11 15:38:40 (UTC+0)
Don-vip
subscribed.
DonTrung
subscribed.
Mar 22 2022, 7:20 PM
2022-03-22 19:20:43 (UTC+0)
Ato_01
subscribed.
Mar 15 2023, 7:49 PM
2023-03-15 19:49:58 (UTC+0)
Log In to Comment
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct.
Wikimedia Foundation
Code of Conduct
Disclaimer
CC-BY-SA
GPL
Credits