Quantcast

API login (and edit) with BotPassword not possible

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

API login (and edit) with BotPassword not possible

Kai Sommer
Dear list members,

yesterday I fiddled around with my MW-API (v1.27.2) and a registered
bot-user (Special:BotPassword) using the Httpful PHP client library [0].
My goal is to edit and create pages with my bot.

[0] <https://github.com/nategood/httpful/>

Making GET queries is working very well but I can’t login. − So I need
some advices from you, please.

Like I understood I have to make 4 requests:
1. = GET to "api.php?action=query&meta=tokens&type=login"
2. = POST to "api.php?action=login".
3. = POST to "api.php?action=query&meta=tokens&type=csrf"
4. = POST to "api.php?action=edit&[…]"

I made a small code sample that you can find here [1].

[1] <https://pastebin.com/AX9fuxRX>

With the 1st request I save the login-token and the cookie (from the
header). − This is working well.

Making the 2nd request I have to send "lgname", "lgpassword" and
"lgtoken" in the body and the cookie in the header. − But then I get the
API warning:
   "Fetching a token via action=login is deprecated. Use
action=query&meta=tokens&type=login instead."
The response includes the result ("NeedToken") and "token",
"cookieprefix", "sessionid".

If I use the body-parameters as URL-parameters I get the API warning:
   "The following parameters were found in the query string, but must be
in the POST body: lgpassword, lgtoken".

So I think I need to know:
   Which steps/requests I have to do − with which: HTTP method, URL and
parameters, body data.
(Step 3 and 4 aren’t possible for me

Excuse me if that question(s) are more noobish …! − I read the
documentation and some mailinglist posts. But I couldn’t find any hint
of the ‚big picture‘ (of the process).

Thanks a lot (in advance for a solution) and best regards
Kai

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: API login (and edit) with BotPassword not possible

Gergo Tisza
On Thu, Apr 13, 2017 at 8:40 AM, Kai Sommer <[hidden email]> wrote:
Making the 2nd request I have to send "lgname", "lgpassword" and "lgtoken" in the body and the cookie in the header. − But then I get the API warning:
  "Fetching a token via action=login is deprecated. Use action=query&meta=tokens&type=login instead."
The response includes the result ("NeedToken") and "token", "cookieprefix", "sessionid".

If I use the body-parameters as URL-parameters I get the API warning:
  "The following parameters were found in the query string, but must be in the POST body: lgpassword, lgtoken".

That means you lost the session. The API thinks you are using the old method of doing to action=login POSTs (the first to fetch a token).

You should probably use some cookie handling library. Set-Cookie and Cookie have different syntax, and in general cookie handling is tricky to get right.

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Loading...