ReadingLists setup command and editmyprivateinfo

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

ReadingLists setup command and editmyprivateinfo

Christopher Brooks

I posted the topic below at and was hoping for some feedback

I'm trying to use the readinglists setup command and running in to a permission denied message.

I think the problem is that my bot does not have editmyprivateinfo enabled.

Now that I think about it, it looks like Special:BotPasswords requires editmyprivateinfo be set by the user before a bot password is created.  If a bot had this permission, then it could set its own password, which might be bad.  This suggests that perhaps the ReadingList functionality should use a different permission?

Below are the details.

This is a bit of a newbie question as I'm just starting out with the api. Please forgive me if this is not the right place to start this discussion. I considered adding something to Phabricator, but this issue is more of a user problem then a problem with the software.


I have a test program where I get a login token, login, get a csrf token and then call setup.



    Invoke the readinglists setup command

    MIT License


import requests

URL = ""
#URL = ""

S = requests.Session()

# Retrieve login token first

R = S.get(url=URL, params=PARAMS_LOGIN_TOKEN)
DATA = R.json()

LOGIN_TOKEN = DATA['query']['tokens']['logintoken']

print("Got logintoken")

# Send a post request to login. Using the main account for login is not
# supported. Obtain credentials via Special:BotPasswords
# ( for lgname & lgpassword

    'lgname': BOT_NAME_HERE,
    'lgpassword': BOT_PASSWORD_HERE,

DATA = R.json()

print("After login")

# GET the CSRF Token
    "action": "query",
    "meta": "tokens",
    "format": "json"

R = S.get(url=URL, params=PARAMS_CSRF)
DATA = R.json()

CSRF_TOKEN = DATA['query']['tokens']['csrftoken']

# Call setup
    "action": "readinglists",
    "command": "setup",
    "format": "json",
    "token": CSRF_TOKEN

print("About to setup")
print("After attempting to call setup")

The message I get is:

bash-3.2$ ./
Got logintoken
After login
{'login': {'result': 'Success', 'lguserid': 208882, 'lgusername': 'Cxbrx'}}
About to setup
After attempting to call setup
<Response [200]>
{"error":{"code":"permissiondenied","info":"You don't have permission to edit your private information.","*":"See for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;; for notice of API deprecations and breaking changes."},"servedby":"mw1316"}

In a separate script, I'm able to retrieve my readinglists, so I know that logging in is working.

I think the problem is that my bot does not have editmyprivateinfo enabled.

Looking at the code, I can see ApiReadingLists.php at checks for editmyprivateinfo

Does anyone know if editmyprivateinfo is the problem? If so, is it possible to enable it for a bot?

Mediawiki-api mailing list
[hidden email]