Re: [Mediawiki-api] API login (and edit) with BotPassword not possible

[Gergo Tisza]

On Thu, Apr 13, 2017 at 8:40 AM, Kai Sommer  wrote:

> Making the 2nd request I have to send "lgname", "lgpassword" and "lgtoken"
> in the body and the cookie in the header. − But then I get the API warning:
>   "Fetching a token via action=login is deprecated. Use
> action=query=tokens=login instead."
> The response includes the result ("NeedToken") and "token",
> "cookieprefix", "sessionid".
>
> If I use the body-parameters as URL-parameters I get the API warning:
>   "The following parameters were found in the query string, but must be in
> the POST body: lgpassword, lgtoken".
>

That means you lost the session. The API thinks you are using the old
method of doing to action=login POSTs (the first to fetch a token).

You should probably use some cookie handling library. Set-Cookie and Cookie
have different syntax, and in general cookie handling is tricky to get
right.
___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

[Mediawiki-api] API login (and edit) with BotPassword not possible

[Kai Sommer]

Dear list members,

yesterday I fiddled around with my MW-API (v1.27.2) and a registered 
bot-user (Special:BotPassword) using the Httpful PHP client library [0].

My goal is to edit and create pages with my bot.

[0] 

Making GET queries is working very well but I can’t login. − So I need 
some advices from you, please.


Like I understood I have to make 4 requests:
1. = GET to "api.php?action=query=tokens=login"
2. = POST to "api.php?action=login".
3. = POST to "api.php?action=query=tokens=csrf"
4. = POST to "api.php?action=edit&[…]"

I made a small code sample that you can find here [1].

[1] 

With the 1st request I save the login-token and the cookie (from the 
header). − This is working well.


Making the 2nd request I have to send "lgname", "lgpassword" and 
"lgtoken" in the body and the cookie in the header. − But then I get the 
API warning:
  "Fetching a token via action=login is deprecated. Use 
action=query=tokens=login instead."
The response includes the result ("NeedToken") and "token", 
"cookieprefix", "sessionid".


If I use the body-parameters as URL-parameters I get the API warning:
  "The following parameters were found in the query string, but must be 
in the POST body: lgpassword, lgtoken".


So I think I need to know:
  Which steps/requests I have to do − with which: HTTP method, URL and 
parameters, body data.

(Step 3 and 4 aren’t possible for me

Excuse me if that question(s) are more noobish …! − I read the 
documentation and some mailinglist posts. But I couldn’t find any hint 
of the ‚big picture‘ (of the process).


Thanks a lot (in advance for a solution) and best regards
Kai

___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] API login

[Brad Jorsch (Anomie)]

On Fri, Aug 5, 2016 at 5:41 PM, John  wrote:

> Why in the hell has basic API logins stopped working?
>

To close the loop, this was presumably T142155. More detail is in <
https://phabricator.wikimedia.org/T142155#2529503>.


-- 
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] API login

[Bartosz Dziewoński]

API login stills works for me on Wikimedia sites.

--
Bartosz Dziewoński

___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

[Mediawiki-api] API login

[John]

Why in the hell has basic API logins stopped working? I now need to either
set up an Oauth provider/client or use Special:Botpassword.

Having a standard login option should be available, otherwise anyone who
codes for using the API is going to get screwed. Apparently it will require
setting up special permissions and login processes depending on what
version of MW the wiki is using... Why cant we just keep a standard process
and allow for more options?
___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api