Page MenuHomePhorge
Create Task
Maniphest T16006

"(Exception) No such token ""!" when directly accessing token giving URI
Open, Needs TriagePublic
Actions

Description

Upstreaming from our downstream error logs:

  1. In a web browser while logged in, go to https://we.phorge.it/token/give/PHID-TASK-25bdxr3orhn2odv2f5f5/ (optionally, pretend that you are a bot accessing strange URIs like this one)
  2. Click one of the available Tokens.
[2025-03-04 17:04:48] EXCEPTION: (Exception) No such token ""! at [<phorge>/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php:153]
arcanist(head=master, ref.master=ec68f53ba2d6), phorge(head=master, ref.master=38e359cb13cf)
  #0 <#2> PhabricatorTokenGivenEditor::validateToken(NULL) called at [<phorge>/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php:38]
  #1 <#2> PhabricatorTokenGivenEditor::addToken(string, NULL) called at [<phorge>/src/applications/tokens/controller/PhabricatorTokenGiveController.php:60]
  #2 <#2> PhabricatorTokenGiveController::handleRequest(AphrontRequest) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:284]
  #3 phlog(Exception) called at [<phorge>/src/aphront/handler/PhabricatorDefaultRequestExceptionHandler.php:41]
  #4 PhabricatorDefaultRequestExceptionHandler::handleRequestThrowable(AphrontRequest, Exception) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:753]
  #5 AphrontApplicationConfiguration::handleThrowable(Exception) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:296]
  #6 AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:203]
  #7 AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phorge>/webroot/index.php:35]

Revisions and Commits

rP Phorge
Needs ReviewD25903 Avoid "No such token" exception going to /token/give/ directly

Related Objects

Event Timeline

aklapper created this task.Tue, Mar 4, 17:06
Herald added subscribers: Cigaryno, Matthew, chris, tobiaswiese. · View Herald TranscriptTue, Mar 4, 17:06
aklapper added a revision: D25903: Avoid "No such token" exception going to /token/give/ directly.Tue, Mar 4, 17:31
aklapper mentioned this in D25903: Avoid "No such token" exception going to /token/give/ directly.
mainframe98 subscribed.Tue, Mar 4, 18:29

Did some digging using the Network monitor. When using the dialog, Phorge sends this:

__csrf__: B@jqccc7335f3e341bab747f2a
__form__: 1
__dialog__: 1
tokenPHID: PHID-TOKN-emoji-7
__wflow__: true
__ajax__: true
__metablock__: 4

but using the direct URL, it sends this:

__csrf__: B@2rdakjrtaeed9a29351d9a9c
__form__: 1
__dialog__: 1

Unfortunately, all I can gleam is that the JavaScript doesn't trigger correctly when clicking on a token, and never sends the tokenPHID key-value pair as a result. It's clearly not handling the separate form correctly, because disabling JavaScript results in a proper experience.

As for reproducing; when viewing a task, right-click on the Award Token button and open it in a new tab.

valerio.bozzolan subscribed.Wed, Mar 5, 07:14

I think this is the upstream bug report lol

https://phabricator.wikimedia.org/T326025

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0