Quantcast

provisioning new user with API

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

provisioning new user with API

Scott Koranda
Hello,

I am using MediaWiki 1.28.0.

I want to provision new users (create new accounts) in MediaWiki using the API. The provisioning will be driven by a callout from another service (a registry that enrolls and manages users in a project using the wiki). Users do not participate directly in the provisioning.

I have set up my client as an OAuth Owner-only consumer as detailed at


I am able to request an account creation token using this code:

$oauth = new OAuth( $consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION );
$oauth->setToken( $accessToken, $accessSecret );


$response = json_decode($oauth->getLastResponse(), true);

When I execute that code the $response is, for example,

Array
(
    [batchcomplete] => 
    [query] => Array
        (
            [tokens] => Array
                (
                    [createaccounttoken] => 8f9c1c7c2b38918cb5caac5c87dd2084585bf6c3+\
                )

        )

)

Note the end of the token include +\

First question: Is that form of the token, specifically having +\ at the end, correct and expected?

If I then take that token and execute

$createAccountToken = $response['query']['tokens']['createaccounttoken'];


I receive

{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}

Second question: What am I doing wrong when invoking the createaccount action?

I am following documentation at


but it is not clear to me which parts of that page may be deprecated and precisely how I should provision a new account.

I appreciate any insights.

Thanks,

Scott K



_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Brad Jorsch (Anomie)
On Thu, Dec 22, 2016 at 11:16 AM, Scott Koranda <[hidden email]> wrote:
First question: Is that form of the token, specifically having +\ at the end, correct and expected?

Yes. They were included years ago, I believe to help catch data corruption introduced by broken proxies.
 
If I then take that token and execute

$createAccountToken = $response['query']['tokens']['createaccounttoken'];


I receive

{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}

Second question: What am I doing wrong when invoking the createaccount action?

Two things:

1. The parameter is named "createtoken", not "token".
2. You're not urlencoding it.
 
I am following documentation at


but it is not clear to me which parts of that page may be deprecated and precisely how I should provision a new account.

I should update that page for AuthManager. In the mean time, account creation in 1.27 and later works much like action=clientlogin, as documented at https://www.mediawiki.org/wiki/API:Login#The_clientlogin_action. See also https://www.mediawiki.org/w/api.php?modules=createaccount for the auto-generated documentation.


--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Scott Koranda

$createAccountToken = $response['query']['tokens']['createaccounttoken'];


I receive

{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}

Second question: What am I doing wrong when invoking the createaccount action?

Two things:

1. The parameter is named "createtoken", not "token".
2. You're not urlencoding it.

Thank you.

I am now sending this:

$createAccountToken = $response['query']['tokens']['createaccounttoken'];

$createAccountTokenEncoded = urlencode($createAccountToken);


But I see this error:

{"error":{"code":"createmustpostparams","info":"The following parameters were found in the query string, but must be in the POST body: createtoken","*":"See https://myserver/w/api.php for API usage"}}

I then try

$parameters = array('createtoken', $createAccountTokenEncoded);


but I see this error:

{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}


Should the createtoken be passed as part of the query string or in the POST body?

 
I am following documentation at


but it is not clear to me which parts of that page may be deprecated and precisely how I should provision a new account.

I should update that page for AuthManager. In the mean time, account creation in 1.27 and later works much like action=clientlogin, as documented at https://www.mediawiki.org/wiki/API:Login#The_clientlogin_action. See also https://www.mediawiki.org/w/api.php?modules=createaccount for the auto-generated documentation.

Thanks. I confess, however, that I am having difficulty understanding the auto-generated documentation. 

If you have time and could point me to the source code for the createaccount action I will examine it and see if I can discern what I should be passing in.

Thanks,

Scott K


_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Scott Koranda

I then try

$parameters = array('createtoken', $createAccountTokenEncoded);

Sorry. This should be 

$parameters = arrary('createtoken' => $createAccountToken);

I then see

{"error":{"code":"createcreatemissingparam","info":"At least one of the parameters createcontinue, createreturnurl is required","*":"See https://myserver/w/api.php for API usage"}}

I will continue to work to understand the details for how to invoke the createaccount action.

Thanks,

Scott K
 


_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Gergo Tisza
Have you tried using the API sandbox? It's a less painful way of exploring the API.

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Brad Jorsch (Anomie)
In reply to this post by Scott Koranda
On Thu, Dec 22, 2016 at 4:33 PM, Scott Koranda <[hidden email]> wrote:
Should the createtoken be passed as part of the query string or in the POST body?

POST body.
 
If you have time and could point me to the source code for the createaccount action I will examine it and see if I can discern what I should be passing in.

https://phabricator.wikimedia.org/diffusion/MW/browse/master/includes/api/ApiAMCreateAccount.php, although you'll probably quickly find your way to other files.

BTW, I updated https://www.mediawiki.org/wiki/API:Account_creation for MediaWiki 1.27 and later.

--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Scott Koranda
> On Thu, Dec 22, 2016 at 4:33 PM, Scott Koranda <[hidden email]> wrote:
> BTW, I updated https://www.mediawiki.org/wiki/API:Account_creation for
> MediaWiki 1.27 and later.
>

Thank you. That is quite helpful. I appreciate your time.

I am now able to provision new accounts in the way that I need
to in order to support my use case.

I did notice that new documentation does not call out that one
may need to send the password (and retype) in the POST body
rather than in the query string. Is that an oversight? If so,
may I edit the page and add that level of detail? (I appear to
have the necessary editing rights but since I am new to the
community I am unclear on the style and level of detail you
want to maintain).

For the archives, here is some example working code. Again, I
am using the MediaWiki OAuth extension with an "Owner-only"
consumer for authentication for this client:

$consumerKey    = 'ffffd455ba9fb5fe8ad152e71045f3e8';
$consumerSecret = 'ffff674c4e75a8ba6bfcc77c564e81e929199e';
$accessToken    = 'ffff6e60f77c7ad9dcfd11fd996b86';
$accessSecret   = 'ffff70c9a21c6a1609a1c3715014012be56e292';

$base = "https://myserver/w/api.php";

$oauth = new OAuth( $consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION );
$oauth->setToken( $accessToken, $accessSecret );

$queryData = array();
$queryData['action'] = 'query';
$queryData['meta']   = 'tokens';
$queryData['type']   = 'createaccount';
$queryData['format'] = 'json';

$url = $base . "?" . http_build_query($queryData);

$oauth->fetch($url, null, OAUTH_HTTP_METHOD_POST);

$response = json_decode($oauth->getLastResponse(), true);

$createAccountToken = $response['query']['tokens']['createaccounttoken'];

$parameters = array();
$parameters['createtoken'] = $createAccountToken;
$parameters['password']    = "CsmfeVCSaKK4gzOUYgpD";
$parameters['retype']      = $parameters['password'];

$queryData = array();
$queryData['action']          = 'createaccount';
$queryData['format']          = 'json';
$queryData['createreturnurl'] = "https://myserver.com";
$queryData['username']        = "Foo Bar";
$queryData['email']           = "[hidden email]";
$queryData['realname']        = "Ms Foo Bar";
$queryData['reason']          = "provisioning";

$url = $base . "?" . http_build_query($queryData);

$oauth->fetch($url, $parameters, OAUTH_HTTP_METHOD_POST);

$response = $oauth->getLastResponse();

This returns

{"createaccount":{"status":"PASS","username":"Foo Bar"}}

Thanks,

Scott K

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Scott Koranda
In reply to this post by Gergo Tisza
> Have you tried using the API sandbox? It's a less painful way of exploring the
> API.
> https://en.wikipedia.org/wiki/Special:ApiSandbox

Thank you Gergo. I agree that it is an elegant and helpful tool.

Cheers,

Scott K

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: provisioning new user with API

Brad Jorsch (Anomie)
In reply to this post by Scott Koranda
On Fri, Dec 23, 2016 at 9:56 AM, Scott Koranda <[hidden email]> wrote:
> On Thu, Dec 22, 2016 at 4:33 PM, Scott Koranda <[hidden email]> wrote:
> BTW, I updated https://www.mediawiki.org/wiki/API:Account_creation for
> MediaWiki 1.27 and later.
>

Thank you. That is quite helpful. I appreciate your time.

I am now able to provision new accounts in the way that I need
to in order to support my use case.

I did notice that new documentation does not call out that one
may need to send the password (and retype) in the POST body
rather than in the query string. Is that an oversight? If so,
may I edit the page and add that level of detail? (I appear to
have the necessary editing rights but since I am new to the
community I am unclear on the style and level of detail you
want to maintain).

Feel free.


--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
Loading...