Jump to content

Topic on Project:Support desk

MediaWiki 1.34: Is it possible to use 'api.php?action=query&meta=tokens' with private wiki?

5 comments • 18:35, 23 February 2020 4 years ago
5
Spas.Z.Spasov (talkcontribs)

First I'm talking about a private wiki, where:

$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;

With MediaWiki 1.33, in order to login by an external PHP script as it is described in the article API:Login, I was able to get login token via GET request as:

https://wiki.example.com/api.php?action=query&meta=tokens&type=login&format=json

That returns:

{
    "batchcomplete": "",
    "query": {
        "tokens": {
            "logintoken": "805eca0316bd944f81ed7813557202f15e063924+\\"
        }
    }
}

Today I upgraded from MW 1.33 to MW 1.34. Now, I'm no longer able to get login tokens as anonymous user. I'm able to get login tokens (as the above) only when I'm already logged-in. Otherwise the response is:

{
    "error": {
        "code": "readapidenied",
        "info": "You need read permission to use this module.",
        "*": "See https://wiki.example.com/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."
    }
}

I found the following temporal solution: I'm able to get login token via the depreciated API action login. So on MW 1.34 the following POST request works:

https://wiki.example.com/api.php?action=login&format=json

It returns a warring message, but the provided token works for the further steps of the authentication:

{
    "warnings": {
        "main": {
            "*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."
        },
        "login": {
            "*": "Fetching a token via \"action=login\" is deprecated. Use \"action=query&meta=tokens&type=login\" instead."
        }
    },
    "login": {
        "result": "NeedToken",
        "token": "e9abae0b2a513b50182d541ff652797f5e06380c+\\"
    }
}

So my general question is: How do I Login via API on Private MediaWiki 1.34 by using external PHP script? Is there any up-to-date documentation? Is it possible at all or is it a bug?


Best regards. Cheerful welcome and happy new year!

Reply 17:45, 27 December 2019 4 years ago
Bawolff (talkcontribs)

hmm. That does sound like a bug. It seems like you should be able to login without having readapi

Reply 01:50, 28 December 2019 4 years ago
Spas.Z.Spasov (talkcontribs)

Thank you for the replay, @Bawolff. Could you point me which is the most appropriate place to add a bug report about this issue?

Reply 11:15, 5 January 2020 4 years ago
Bawolff (talkcontribs)
Reply 23:25, 5 January 2020 4 years ago
109.136.129.199 (talkcontribs)
Reply 18:35, 23 February 2020 4 years ago
Reply to "MediaWiki 1.34: Is it possible to use 'api.php?action=query&meta=tokens' with private wiki?"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Vdrava0likcnvy6a"