Closed thomas-crowe closed 3 years ago
thomas-crowe
commented
3 years ago I have also tried cookies authentication as well as use_http_auth with http_auth_login and http_auth_pasword set to valid entries.
Another observation, if i intentionally set my credentials to invalid ones, I receive the same errors above.
9strands
commented
3 years ago I manage that Mediawiki instance and have been in communication with @thomas-crowe on this - we use Kerberos for Mediawiki authentication for these instances via the remoteauth plugin in Mediawiki (Apache GSSAPI config). In testing, if I use mwclient directly, I can connect without issue using the http-auth function of the mwclient, but attempting to connect via mediawiker returns an error making an HTTP connection as "Unknown Realm".
Connecting to "https://wiki.wdc.infra.opentlc.com" .. >>> HTTP connection failed: Unknown realm.
>>> failed.
>>> ConnectionFailed exception for get_page: No valid connection available```
Please see the connection output from the python3 CLI client (usernames and passwords changed to protect the guilty)But using the same config as I have in the Mediawiker settings, and putting it directly into mwclient, I see the following that works.
>>> import mwclient
>>> import requests
>>> site = mwclient.Site(('https','wiki.wdc.infra.opentlc.com'), path='/', httpauth=('mywikiuser','MYWIKIPASSWORD'))
/usr/lib/python3.9/site-packages/mwclient/client.py:378: DeprecationWarning: Specifying host as a tuple is deprecated as of mwclient 0.10.1. Please use the new scheme argument instead.
warnings.warn(
>>> page = site.pages['Main_Page']
/usr/lib/python3.9/site-packages/mwclient/client.py:378: DeprecationWarning: Specifying host as a tuple is deprecated as of mwclient 0.10.1. Please use the new scheme argument instead.
warnings.warn(
>>> page.exists
True
>>> page.text()
/usr/lib/python3.9/site-packages/mwclient/client.py:378: DeprecationWarning: Specifying host as a tuple is deprecated as of mwclient 0.10.1. Please use the new scheme argument instead.
warnings.warn(
"* [[:Category:Accounts]]\n* [[:Category:Architecture]]\n* [[:Category:CloudSandboxes]]\n* [[:Category:CloudForms]]\n* [[:Category:ContentDevelopment]]\n* [[:Category:DailyOps]]\n* [[:Category:Events]]\n* [[:Category:Governance]]\n* [[:Category:Infra]]\n* [[:Category:InstructorLedTraining]]\n* [[:Category:Onboarding]]\n* [[:Category:OperationsManual]]\n* [[:Category:Reporting]]\n* [[:Category:Support]]\n* [[:Category:Team]]\n* [[:Category:Troubleshooting]] \n\n\nConsult the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide] for information on using the wiki software."
>>>
I think from trawling the code, that the error we're hitting is from mw_utils.py around line mw_utils.py L993, and is possibly complaining about the WW-Authenticate header? But the headers are standard for Basic authentication from what I can see via curl:
$ curl -vvv https://wiki.wdc.infra.opentlc.com 2>&1 | grep Authent
< WWW-Authenticate: Negotiate
< WWW-Authenticate: Basic realm="OPEN SSO"
$Anyway, this is as far as I've been able to get in my troubleshooting. Accessing the same wiki via any standard browser? No issues on Firefox, Chrome, Brave, M$ Edge, or KDE's Konqueror - they all ask for Basic Auth up-front in a popup on accessing the site, I enter the same credentials I use above for Mediawiker and mwclient - and I'm in.
tosher
commented
3 years ago Thanks for the extended info, i'll check it as soon as possible.
tosher
commented
3 years ago Please, set in config:
"debug": trueand try to open any page with site settings:
{
"authorization_type": "login",
"use_http_auth": true,
"http_auth_login": "tcrowe-redhat.com",
"http_auth_password": "XXXXXXXX",
"host": "wiki.wdc.infra.opentlc.com",
"https": true,
"is_ssl_cert_verify": false,
"pagepath": "/index.php?title=",
"path": "/"
}and attach the result from panel/console to issue.
thomas-crowe
commented
3 years ago Panel Output
''Site configuration is changed, setup new connection to "OpenTLC Wiki".. '''
Connecting to "https://wiki.wdc.infra.opentlc.com" .. >>> HTTP connection failed: Unknown realm.
>>> failed.
>>> '''DEBUG''' Get connection from connection manager.
>>> '''DEBUG''' HTTP response: 401 Client Error: Unauthorized for url: https://wiki.wdc.infra.opentlc.com/api.php
>>> ConnectionFailed exception for get_page: No valid connection availableConsole Output
reloading settings Packages/User/Preferences.sublime-settings
/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/requests/all/requests/packages/urllib3/connectionpool.py:852: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
Traceback (most recent call last):
File "/Applications/Sublime Text.app/Contents/MacOS/Lib/python33/sublime_plugin.py", line 1488, in run_
return self.run(edit, **args)
File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mediawiker.py", line 134, in run
panel.get_title(title)
File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mwcommands/mw_utils.py", line 1062, in get_title
self.on_done(title)
File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mwcommands/mw_utils.py", line 1072, in on_done
set_timeout_async(self.callback(title), 0)
File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mediawiker.py", line 148, in get_section_number
return self.page_open(self.title)
File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mediawiker.py", line 177, in page_open
if utils.api.page_can_edit(page):
File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mwcommands/mw_utils.py", line 538, in page_can_edit
return page.can('edit')
AttributeError: 'NoneType' object has no attribute 'can'Site Config per your recommendations above
"site":
{
"OpenTLC Wiki":
{
"authorization_type": "login",
"use_http_auth": true,
"http_auth_login": "tcrowe-redhat.com",
"http_auth_password": "XXXXXXXXX",
"host": "wiki.wdc.infra.opentlc.com",
"https": true,
"is_ssl_cert_verify": false,
"pagepath": "/index.php?title=",
"path": "/"
}
},Please, try to extract and replace mwcommands\mw_utils.py with this version - it's a temporary fix - send me a panel output after open some page.
thomas-crowe
commented
3 years ago Here is the panel output as requested;
'''Setup new connection to "OpenTLC Wiki".'''
Connecting to "https://wiki.wdc.infra.opentlc.com" .. done.
Login in with authorization type login.. done, without authorization.
>>> '''DEBUG''' Get connection from connection manager.
>>> '''DEBUG''' HTTP response: 401 Client Error: Unauthorized for url: https://wiki.wdc.infra.opentlc.com/api.php
>>> '''DEBUG''' www-authenticate header: Negotiate, Basic realm="OPEN SSO"
>>> '''DEBUG''' Connection: <requests.sessions.Session object at 0x7f9b4a061210>
Page [[TAC-Notes]] was opened successfully from "OpenTLC Wiki".
>>> '''DEBUG''' Get connection from connection manager.
>>> '''DEBUG''' Cached connection: TrueThank you, it's the expected result, the plugin will be updated soon.
tosher
commented
3 years ago https://github.com/tosher/Mediawiker/releases/tag/v3.6.10
The new version with updated authorization.
I have lost the ability to connect to our internal MediaWiki server. When I attempt to connect the following is logged;
Connecting to "https://wiki.wdc.infra.opentlc.com" .. >>> '''DEBUG''' Get connection from connection manager.
Looking at the console i see the following;
/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/requests/all/requests/packages/urllib3/connectionpool.py:852: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) Traceback (most recent call last): File "/Applications/Sublime Text.app/Contents/MacOS/Lib/python33/sublimeplugin.py", line 1488, in run return self.run(edit, **args) File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mediawiker.py", line 134, in run panel.get_title(title) File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mwcommands/mw_utils.py", line 1062, in get_title self.on_done(title) File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mwcommands/mw_utils.py", line 1072, in on_done set_timeout_async(self.callback(title), 0) File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mediawiker.py", line 148, in get_section_number return self.page_open(self.title) File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mediawiker.py", line 177, in page_open if utils.api.page_can_edit(page): File "/Users/tcrowe/Library/Application Support/Sublime Text 3/Packages/Mediawiker/mwcommands/mw_utils.py", line 538, in page_can_edit return page.can('edit') AttributeError: 'NoneType' object has no attribute 'can'
I am able to authenticate to the wiki in my browser, as well as using curl.
Here is my site configuration;
"site": { "OpenTLC Wiki": { "authorization_type": "login", "cookies_browser": "chrome", "username": "tcrowe-redhat.com", "password": "XXXXXXXX", "host": "wiki.wdc.infra.opentlc.com", "https": true, "is_ssl_cert_verify": false, "is_wikia": false, "pagepath": "/index.php?title=", "path": "/", "preview_custom_head": [ ], "preview_sandbox": "", "proxy_host": "", "retry_timeout": 30, "search_namespaces": "", "show_red_links": true, "summary_fail_buf": "", "use_http_auth": false, }, },
The wiki has GSSAPI configured using kerberos, and does with with basic authentication, here is an example with curl;
➜ ~ curl --user tcrowe-redhat.com:"XXXXXXXX" -v https://wiki.wdc.infra.opentlc.com/api.php
Happy to provide any other output that would be beneficial in getting this working.
Thanks; Thomas Crowe