Re: [Mediawiki-api] Client-login attemps unsuccesful
On do, 19 jan 2017 16:25:03 +0100 Brad Jorsch (Anomie)wrote > On Thu, Jan 19, 2017 at 9:43 AM, geoffreydebelie > wrote: > However, I wonder why > > https://nl.wikipedia.org/w/api.php?action=query=tokens=login=json > > returns >"logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\\" > > instead of +\ at the end. > > Because backslash is the escape character in JSON strings, and so needs to > be escaped to represent an actual backslash. If your JSON decoder is not > properly transforming that token into a native string ending with a single > backslash then your JSON decoder is fundamentally broken and should probably > be replaced. > > If you're parsing the JSON with custom regular expressions or the like, you > should really start using a proper JSON decoder. > I was just copy pasting it into Postman :) Thanks for the information. ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Re: [Mediawiki-api] Client-login attemps unsuccesful
On Thu, Jan 19, 2017 at 4:01 PM, Gergo Tiszawrote: > On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie) < > bjor...@wikimedia.org> wrote: > >> Because backslash is the escape character in JSON strings, and so needs >> to be escaped to represent an actual backslash. If your JSON decoder is not >> properly transforming that token into a native string ending with a single >> backslash then your JSON decoder is fundamentally broken and should >> probably be replaced. >> > > I wonder if it would be worth for the API to issue a more specific warning > when a token has been submitted but it does not have the format that tokens > normally do. Something like "you submitted the token abc1234 \ but you > were expected to submit the token abc1234+\ which in the raw request > should look like abc1234%2B%5C" might make it easier for people to figure > out on their own what they are doing wrong. > OTOH, every check of this sort we add is more code complexity. And I note if you're using multipart/form-data, it shouldn't look like "abc1234%2B%5C". -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Re: [Mediawiki-api] Client-login attemps unsuccesful
On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie)wrote: > Because backslash is the escape character in JSON strings, and so needs to > be escaped to represent an actual backslash. If your JSON decoder is not > properly transforming that token into a native string ending with a single > backslash then your JSON decoder is fundamentally broken and should > probably be replaced. > I wonder if it would be worth for the API to issue a more specific warning when a token has been submitted but it does not have the format that tokens normally do. Something like "you submitted the token abc1234 \ but you were expected to submit the token abc1234+\ which in the raw request should look like abc1234%2B%5C" might make it easier for people to figure out on their own what they are doing wrong. ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Re: [Mediawiki-api] Client-login attemps unsuccesful
On do, 19 jan 2017 15:40:06 +0100 Bartosz Dziewońskiwrote > You are sending it with two backslashes at the end, while the token > should only have one. > That's right, thanks! { "clientlogin": { "status": "PASS", "username": "Smile4ever" } } However, I wonder why https://nl.wikipedia.org/w/api.php?action=query=tokens=login=json returns "logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\\" instead of +\ at the end. Kind regards, Geoffrey De Belie ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Re: [Mediawiki-api] Client-login attemps unsuccesful
On 2017-01-19 15:27, geoffreydebelie wrote: Hi. logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782%2b%5c%5c=Smile4ever=***=1 has the same result (I even tried with a newly requested login token): { "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1285" } You are sending it with two backslashes at the end, while the token should only have one. -- Bartosz Dziewoński ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Re: [Mediawiki-api] Client-login attemps unsuccesful
On do, 19 jan 2017 15:22:11 +0100 Bartosz Dziewońskiwrote > On 2017-01-19 15:15, geoffreydebelie wrote: > > Input (text/plain): > > logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\\=Smile4ever=***=1 > > > > Output: > > { > > "error": { > > "code": "badtoken", > > "info": "Invalid CSRF token.", > > "*": "See https://nl.wikipedia.org/w/api.php for API usage." > > }, > > "servedby": "mw1288" > > } > > You are not URL-encoding the token. Make sure to URL-encode > (percent-encode) all of the parameter values. > Hi. logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782%2b%5c%5c=Smile4ever=***=1 has the same result (I even tried with a newly requested login token): { "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1285" } Kind regards, Geoffrey De Belie ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Re: [Mediawiki-api] Client-login attemps unsuccesful
On 2017-01-19 15:15, geoffreydebelie wrote: Input (text/plain): logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\\=Smile4ever=***=1 Output: { "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1288" } You are not URL-encoding the token. Make sure to URL-encode (percent-encode) all of the parameter values. -- Bartosz Dziewoński ___ Mediawiki-api mailing list Mediawiki-api@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-api