search

ritschwumm / commonist

A file upload tool for mediawiki using its api.php interface
13 stars 4 forks source link

Deprecated token API queries #25

Open reedy opened 3 years ago

reedy commented 3 years ago

In support of https://phabricator.wikimedia.org/T280806....

It seems commonist is doing action=query&prop=info&intoken queries. Can you update them please?

ritschwumm commented 2 years ago

thanks for the notification! i haven't looked in to the commonist's code for a long time, but i hope it's an easy change.

Rodomonte-wp commented 2 years ago

The new MediaWiki version seems to be active now. Therefore Commonist does not work anymore:

API.scala:341 {"code":"missingparam","info":"The \"token\" parameter must be set.","*":"See https://commons.wikimedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/ for notice of API deprecations and breaking changes."}

AntiCompositeNumber commented 2 years ago

The changes are not very difficult. Basically, requests like this:

ISeq(
    "action"    -> "query",
    "format"    -> "json",
    "prop"      -> "info|revisions",
    "intoken"   -> "edit",  // provides edittoken and starttimestamp
    "rvprop"    -> "timestamp",
    "titles"    -> title
)

need to become something like

ISeq(
    "action" -> "query",
    "format" -> "json",
    "curtimestamp"-> 1,
    "prop" -> "info|revisions",
    "meta" -> "tokens",
    "titles" -> title,
    "rvprop" -> "timestamp"
)

The JSON response will change slightly (starttimestamp is now curtimestamp, the token is in query["tokens"]["csrftoken"]). See https://commons.wikimedia.org/wiki/Special:ApiSandbox#action=query&format=json&curtimestamp=1&prop=info%7Crevisions&meta=tokens&titles=Commons%3ASandbox&rvprop=timestamp for an example. The calls that use the tokens don't have to change.

You should also get your login tokens from action=query&meta=tokens&type=login.

See https://www.mediawiki.org/wiki/API:Tokens and https://www.mediawiki.org/wiki/MediaWiki_1.37/Deprecation_of_legacy_API_token_parameters for more details.

ritschwumm commented 2 years ago

yeah, it seems i have to use a different api to get the tokens, that's what was delaying me when i first tried. and the way all this is currently implemented sucks, of course. past me was not that good as a scala programmer :/

ritschwumm commented 2 years ago

it seems i should use a bot password for the commonist - a bit mor work for the users, but probably worth the added security. what do you think?

JoKalliauer commented 2 years ago

Since several Java-Programs are affected. I reported it upstream: https://phabricator.wikimedia.org/T298340

ritschwumm commented 2 years ago

sigh i actually have the code ready, i just can't bring my self to try it out and see whether it works :/

aaronliu0130 commented 1 year ago

What’s the status for the code? Could it be committed to let us test it out?