Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread geoffreydebelie 
  On do, 19 jan 2017 16:25:03 +0100 Brad Jorsch (Anomie) 
 wrote  
 > On Thu, Jan 19, 2017 at 9:43 AM, geoffreydebelie  
 > wrote:
 >  However, I wonder why
 >  
 > https://nl.wikipedia.org/w/api.php?action=query=tokens=login=json
 >  
 >  returns
 >"logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\\"
 >  
 >  instead of +\ at the end.
 > 
 > Because backslash is the escape character in JSON strings, and so needs to 
 > be escaped to represent an actual backslash. If your JSON decoder is not 
 > properly transforming that token into a native string ending with a single 
 > backslash then your JSON decoder is fundamentally broken and should probably 
 > be replaced.
 > 
 > If you're parsing the JSON with custom regular expressions or the like, you 
 > should really start using a proper JSON decoder.
 >

I was just copy pasting it into Postman :) Thanks for the information.


___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread Brad Jorsch (Anomie) 
On Thu, Jan 19, 2017 at 4:01 PM, Gergo Tisza  wrote:

> On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie) <
> bjor...@wikimedia.org> wrote:
>
>> Because backslash is the escape character in JSON strings, and so needs
>> to be escaped to represent an actual backslash. If your JSON decoder is not
>> properly transforming that token into a native string ending with a single
>> backslash then your JSON decoder is fundamentally broken and should
>> probably be replaced.
>>
>
> I wonder if it would be worth for the API to issue a more specific warning
> when a token has been submitted but it does not have the format that tokens
> normally do. Something like "you submitted the token abc1234 \ but you
> were expected to submit the token abc1234+\ which in the raw request
> should look like abc1234%2B%5C" might make it easier for people to figure
> out on their own what they are doing wrong.
>

OTOH, every check of this sort we add is more code complexity. And I note
if you're using multipart/form-data, it shouldn't look like "abc1234%2B%5C".


-- 
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread Gergo Tisza 
On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie)  wrote:

> Because backslash is the escape character in JSON strings, and so needs to
> be escaped to represent an actual backslash. If your JSON decoder is not
> properly transforming that token into a native string ending with a single
> backslash then your JSON decoder is fundamentally broken and should
> probably be replaced.
>

I wonder if it would be worth for the API to issue a more specific warning
when a token has been submitted but it does not have the format that tokens
normally do. Something like "you submitted the token abc1234 \ but you were
expected to submit the token abc1234+\ which in the raw request should look
like abc1234%2B%5C" might make it easier for people to figure out on their
own what they are doing wrong.
___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread geoffreydebelie 
  On do, 19 jan 2017 15:40:06 +0100 Bartosz Dziewoński 
 wrote  
 > You are sending it with two backslashes at the end, while the token 
 > should only have one.
 > 
 
That's right, thanks!

{
  "clientlogin": {
"status": "PASS",
"username": "Smile4ever"
  }
}

However, I wonder why
https://nl.wikipedia.org/w/api.php?action=query=tokens=login=json

returns
  "logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\\"

instead of +\ at the end.

Kind regards,
Geoffrey De Belie


___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread Bartosz Dziewoński 

On 2017-01-19 15:27, geoffreydebelie wrote:

Hi.

logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782%2b%5c%5c=Smile4ever=***=1
has the same result (I even tried with a newly requested login token):

{
  "error": {
"code": "badtoken",
"info": "Invalid CSRF token.",
"*": "See https://nl.wikipedia.org/w/api.php for API usage."
  },
  "servedby": "mw1285"
}


You are sending it with two backslashes at the end, while the token 
should only have one.


--
Bartosz Dziewoński

___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread geoffreydebelie 
 On do, 19 jan 2017 15:22:11 +0100 Bartosz Dziewoński  
wrote 

 > On 2017-01-19 15:15, geoffreydebelie wrote:
 > > Input (text/plain):
 > > logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\\=Smile4ever=***=1
 > >
 > > Output:
 > > {
 > >   "error": {
 > > "code": "badtoken",
 > > "info": "Invalid CSRF token.",
 > > "*": "See https://nl.wikipedia.org/w/api.php for API usage."
 > >   },
 > >   "servedby": "mw1288"
 > > }
 > 
 > You are not URL-encoding the token. Make sure to URL-encode 
 > (percent-encode) all of the parameter values.
 > 
Hi.

logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782%2b%5c%5c=Smile4ever=***=1
has the same result (I even tried with a newly requested login token):

{
  "error": {
"code": "badtoken",
"info": "Invalid CSRF token.",
"*": "See https://nl.wikipedia.org/w/api.php for API usage."
  },
  "servedby": "mw1285"
}

Kind regards,
Geoffrey De Belie


___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api

Re: [Mediawiki-api] Client-login attemps unsuccesful

2017-01-19 Thread Bartosz Dziewoński 

On 2017-01-19 15:15, geoffreydebelie wrote:

Input (text/plain):
logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\\=Smile4ever=***=1

Output:
{
  "error": {
"code": "badtoken",
"info": "Invalid CSRF token.",
"*": "See https://nl.wikipedia.org/w/api.php for API usage."
  },
  "servedby": "mw1288"
}


You are not URL-encoding the token. Make sure to URL-encode 
(percent-encode) all of the parameter values.


--
Bartosz Dziewoński

___
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api