jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/324637 )
Change subject: Add support for authenticated Action API use ...................................................................... Add support for authenticated Action API use Upgrade to mwoauth >= 0.8.2 and add configuration for authenticating to the MediaWiki Action API using OAuth. A method for getting an anonymous client is also provided and used when checking for username availability so that on wiki rights do not accidentally allow usernames that would otherwise be blocked. When this is deployed to production there will be private Puppet changes needed to add configuration settings for the StrikerBot wikitech user. Bug: T144712 Change-Id: Ibfc4b35498e59bf02da3c8562fea802a573f139c --- M requirements.txt M striker/mediawiki.py M striker/register/utils.py M striker/settings.py M striker/striker.ini 5 files changed, 55 insertions(+), 9 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/requirements.txt b/requirements.txt index e786a18..a2820f4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ django-parsley>=0.6 # BSD django-ratelimit-backend>=1.0 # BSD idna>=2.1 # BSD -mwclient>=0.8.1 # MIT +mwclient>=0.8.2 # MIT mwoauth>=0.2.7 # MIT mysqlclient>=1.3.7 # GPLv2 oauthlib>=1.1.2 # BSD diff --git a/striker/mediawiki.py b/striker/mediawiki.py index a306ad9..2439750 100644 --- a/striker/mediawiki.py +++ b/striker/mediawiki.py @@ -32,27 +32,59 @@ class Client(object): """MediaWiki client""" _default_instance = None + _anon_instance = None @classmethod def default_client(cls): """Get a MediaWiki client using the default credentials.""" if cls._default_instance is None: logger.debug('Creating default instance') - cls._default_instance = cls(settings.WIKITECH_URL) + cls._default_instance = cls( + settings.WIKITECH_URL, + consumer_token=settings.WIKITECH_CONSUMER_TOKEN, + consumer_secret=settings.WIKITECH_CONSUMER_SECRET, + access_token=settings.WIKITECH_ACCESS_TOKEN, + access_secret=settings.WIKITECH_ACCESS_SECRET + ) return cls._default_instance - def __init__(self, url): + @classmethod + def anon_client(cls): + """Get a MediaWiki client that is not authenticated.""" + if cls._anon_instance is None: + logger.debug('Creating anon instance') + cls._anon_instance = cls(settings.WIKITECH_URL) + return cls._anon_instance + + def __init__( + self, url, + consumer_token=None, consumer_secret=None, + access_token=None, access_secret=None + ): self.url = url - self.site = self._site_for_url(url) - self.site.force_login = False + self.site = self._site_for_url( + url, consumer_token, consumer_secret, access_token, access_secret) @classmethod - def _site_for_url(cls, url): + def _site_for_url( + cls, url, + consumer_token=None, consumer_secret=None, + access_token=None, access_secret=None + ): parts = urllib.parse.urlparse(url) host = parts.netloc if parts.scheme != 'https': host = (parts.scheme, parts.netloc) - return mwclient.Site(host, clients_useragent='Striker') + force_login = consumer_token is not None + return mwclient.Site( + host, + consumer_token=consumer_token, + consumer_secret=consumer_secret, + access_token=access_token, + access_secret=access_secret, + clients_useragent='Striker', + force_login=force_login + ) def query_users_cancreate(self, *users): """Check to see if the given usernames could be created or not. diff --git a/striker/register/utils.py b/striker/register/utils.py index cd411e2..2cacc45 100644 --- a/striker/register/utils.py +++ b/striker/register/utils.py @@ -31,7 +31,6 @@ logger = logging.getLogger(__name__) -mwapi = mediawiki.Client.default_client() def sul_available(name): @@ -109,6 +108,9 @@ - name : Canonicalized version of the given name - error : Error message if ok is False; None otherwise """ + # Make sure to use the anon client here because on-wiki rights can affect + # the result of the cancreate check. + mwapi = mediawiki.Client.anon_client() user = mwapi.query_users_cancreate(name)[0] # Example response: # [{'missing': True, 'name': 'Puppet', @@ -141,6 +143,7 @@ Returns a block reason or False if not blocked. """ + mwapi = mediawiki.Client.default_client() res = mwapi.query_blocks_ip(ip) for block in res: if block['nocreate']: diff --git a/striker/settings.py b/striker/settings.py index 3e0152b..87c6589 100644 --- a/striker/settings.py +++ b/striker/settings.py @@ -366,6 +366,11 @@ # == Wikitech settings == WIKITECH_URL = ini.get('wikitech', 'SERVER_URL') +WIKITECH_USER = ini.get('wikitech', 'USER') +WIKITECH_CONSUMER_TOKEN = ini.get('wikitech', 'CONSUMER_TOKEN') +WIKITECH_CONSUMER_SECRET = ini.get('wikitech', 'CONSUMER_SECRET') +WIKITECH_ACCESS_TOKEN = ini.get('wikitech', 'ACCESS_TOKEN') +WIKITECH_ACCESS_SECRET = ini.get('wikitech', 'ACCESS_SECRET') # == Tools settings == TOOLS_MAINTAINER_BASE_DN = ini.get('ldap', 'TOOLS_MAINTAINER_BASE_DN') diff --git a/striker/striker.ini b/striker/striker.ini index fea3725..f2d13f8 100644 --- a/striker/striker.ini +++ b/striker/striker.ini @@ -21,7 +21,7 @@ # /etc/striker/striker.ini. [secrets] -# The should *ALWAYS* be overriden in a local config file +# This should *ALWAYS* be overriden in a local config file SECRET_KEY = 000000000000000000000000000000000000000000000000000000 [debug] @@ -112,3 +112,9 @@ [wikitech] SERVER_URL = https://wikitech.wikimedia.org +USER = StrikerBot +# These should *ALWAYS* be overriden in a local config file +CONSUMER_TOKEN = +CONSUMER_SECRET = +ACCESS_TOKEN = +ACCESS_SECRET = -- To view, visit https://gerrit.wikimedia.org/r/324637 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ibfc4b35498e59bf02da3c8562fea802a573f139c Gerrit-PatchSet: 1 Gerrit-Project: labs/striker Gerrit-Branch: master Gerrit-Owner: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: Alex Monk <a...@wikimedia.org> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Madhuvishy <mviswanat...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits