I posted the topic below at
https://www.mediawiki.org/wiki/Extension_talk:ReadingLists and was
hoping for some feedback
I'm trying to use the readinglists setup command and running in to a
permission denied message.
I think the problem is that my bot does not have editmyprivateinfo
enabled.
Now that I think about it, it looks like Special:BotPasswords requires
editmyprivateinfo be set by the user before a bot password is created.
If a bot had this permission, then it could set its own password, which
might be bad. This suggests that perhaps the ReadingList functionality
should use a different permission?
Below are the details.
This is a bit of a newbie question as I'm just starting out with the
api. Please forgive me if this is not the right place to start this
discussion. I considered adding something to Phabricator, but this
issue is more of a user problem then a problem with the software.
Anyway...
I have a test program where I get a login token, login, get a csrf
token and then call setup.
#!/opt/local/bin/python3
"""
setup.py
Invoke the readinglists setup command
MIT License
"""
import requests
URL = "https://en.wikipedia.org/w/api.php"
#URL = "https://www.mediawiki.org/w/api.php"
S = requests.Session()
# Retrieve login token first
PARAMS_LOGIN_TOKEN = {
'action':"query",
'meta':"tokens",
'type':"login",
'format':"json"
}
R = S.get(url=URL, params=PARAMS_LOGIN_TOKEN)
DATA = R.json()
LOGIN_TOKEN = DATA['query']['tokens']['logintoken']
print("Got logintoken")
# Send a post request to login. Using the main account for login is not
# supported. Obtain credentials via Special:BotPasswords
# (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname &
lgpassword
PARAMS_LOGIN = {
'action':"login",
'lgname': BOT_NAME_HERE,
'lgpassword': BOT_PASSWORD_HERE,
'lgtoken':LOGIN_TOKEN,
'format':"json"
}
R = S.post(URL, data=PARAMS_LOGIN)
DATA = R.json()
print("After login")
print(DATA)
# GET the CSRF Token
PARAMS_CSRF = {
"action": "query",
"meta": "tokens",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_CSRF)
DATA = R.json()
CSRF_TOKEN = DATA['query']['tokens']['csrftoken']
# Call setup
PARAMS_SETUP = {
"action": "readinglists",
"command": "setup",
"format": "json",
"token": CSRF_TOKEN
}
print("About to setup")
R = S.post(URL, data=PARAMS_SETUP)
print("After attempting to call setup")
print(R)
print(R.text)
The message I get is:
|bash-3.2$ ./setup.py
Got logintoken
After login
{'login': {'result': 'Success', 'lguserid': 208882, 'lgusername':
'Cxbrx'}}
About to setup
After attempting to call setup
<Response [200]>
{"error":{"code":"permissiondenied","info":"You don't have permission
to edit your private information.","*":"See
https://en.wikipedia.org/w/api.php for API usage. Subscribe to the
mediawiki-api-announce mailing list at
<https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce>
for notice of API deprecations and breaking
changes."},"servedby":"mw1316"}
bash-3.2$ |
In a separate script, I'm able to retrieve my readinglists, so I know
that logging in is working.
I think the problem is that my bot does not have editmyprivateinfo
enabled.
Looking at the code, I can see ApiReadingLists.php at
https://github.com/wikimedia/mediawiki-extensions-ReadingLists/blob/869ffc5462fd33303ea8a822040704ef4489bec0/src/Api/ApiReadingLists.php
checks for editmyprivateinfo
Does anyone know if editmyprivateinfo is the problem? If so, is it
possible to enable it for a bot?
_Christopher
_______________________________________________
Mediawiki-api mailing list
Mediawiki-api@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api