Open lucaswerkmeister opened 5 years ago
Note on this workaround: the login
API doesn’t return a standard error when login fails, so this call will appear to “succeed” (i.e., it won’t throw an mwapi.errors.APIError
) even if the login didn’t actually work. You’ll want to check that the response’s .login.result == 'Success'
. If you use assert='user'
on subsequent requests, then that should at least prevent you from leaking your IP address. (Cf. lucaswerkmeister/m3api-botpassword#1.)
Currently,
mwapi.Session
supports login with credentials viaaction=clientlogin
, which only supports the user’s real password (and may require an interactive flow, continuing the login in another step). It would be nice to also support bot passwords – by automatically detecting them inlogin()
(username contains “@”), by adding a new method foraction=login
instead ofaction=clientlogin
, or at least by documenting the following workaround: