[MediaWiki-commits] [Gerrit] Client side write API assert and warning - change (pywikibot/core)

Wed, 21 Jan 2015 02:33:07 -0800 

John Vandenberg has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/186152

Change subject: Client side write API assert and warning
......................................................................

Client side write API assert and warning

If the username is not present or is a IP address, raise
an error without sending a request to the server.

Warn if the site user is not a config specified username.

Change-Id: I5074bdb14c1cdc37e2ac2b5a71887c1b699f95b4
---
M pywikibot/data/api.py
1 file changed, 16 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/pywikibot/core 
refs/changes/52/186152/1

diff --git a/pywikibot/data/api.py b/pywikibot/data/api.py
index f979b81..bbaee80 100644
--- a/pywikibot/data/api.py
+++ b/pywikibot/data/api.py
@@ -790,6 +790,22 @@
             "wbcreateclaim", "wbremoveclaims", "wbsetclaimvalue",
             "wbsetreference", "wbremovereferences"
         )
+        # Client side verification that the request is being performed
+        # by a logged in user, and warn if it isnt a config username.
+        if self.write:
+            if not hasattr(self.site, "_userinfo"):
+                raise Error(u"API write action attempted without userinfo")
+            assert('name' in self.site._userinfo)
+
+            if http.is_IP(self.site._userinfo['name']):
+                raise Error(u"API write action attempted as IP %r"
+                            % self.site._userinfo['name'])
+
+            if not self.site.user():
+                pywikibot.warning(
+                    u"API write action by unexpected username commenced.\n"
+                    u"userinfo: %r" % self.site._userinfo)
+
         # MediaWiki 1.23 allows assertion for any action,
         # whereas earlier WMF wikis and others used an extension which
         # could only allow assert for action=edit.

-- 
To view, visit https://gerrit.wikimedia.org/r/186152
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5074bdb14c1cdc37e2ac2b5a71887c1b699f95b4
Gerrit-PatchSet: 1
Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-Owner: John Vandenberg <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to