Topic on Extension talk:ReadingLists/Flow

Invoking setup from Python

2
Summary by Cxbrx

To update a list, it is necessary to use clientlogin. Logging in as a bot won't work because bots don't have editmyprivateinfo.

Cxbrx (talkcontribs)

I'm trying to use the readinglists setup command and running in to a permission denied message.

I think the problem is that my bot does not have editmyprivateinfo enabled.

Below are the details.

This is a bit of a newbie question as I'm just starting out with the api. Please forgive me if this is not the right place to start this discussion. I considered adding something to Phabricator, but this issue is more of a user problem then a problem with the software.

Anyway...

I have a test program where I get a login token, login, get a csrf token and then call setup.

#!/opt/local/bin/python3

"""  

setup.py

   Invoke the readinglists setup command  

   MIT License

"""

import requests

URL = "https://en.wikipedia.org/w/api.php"

#URL = "https://www.mediawiki.org/w/api.php"    

S = requests.Session()

# Retrieve login token first

PARAMS_LOGIN_TOKEN = {

   'action':"query",

   'meta':"tokens",

   'type':"login",

   'format':"json"

}

R = S.get(url=URL, params=PARAMS_LOGIN_TOKEN)

DATA = R.json()

LOGIN_TOKEN = DATA['query']['tokens']['logintoken']

print("Got logintoken")

# Send a post request to login. Using the main account for login is not

# supported. Obtain credentials via Special:BotPasswords

# (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword

PARAMS_LOGIN = {

   'action':"login",

   'lgname':YOUR_BOT_LOGIN_NAME_HERE,

   'lgpassword':YOUR_BOT_PASSWORD_HERE,

   'lgtoken':LOGIN_TOKEN,

   'format':"json"

}

R = S.post(URL, data=PARAMS_LOGIN)

DATA = R.json()

print("After login")

print(DATA)

# GET the CSRF Token

PARAMS_CSRF = {

   "action": "query",

   "meta": "tokens",

   "format": "json"

}

R = S.get(url=URL, params=PARAMS_CSRF)

DATA = R.json()

CSRF_TOKEN = DATA['query']['tokens']['csrftoken']

# Call setup

PARAMS_SETUP = {

   "action": "readinglists",

   "command": "setup",

   "format": "json",

   "token": CSRF_TOKEN

}

print("About to setup")

R = S.post(URL, data=PARAMS_SETUP)

print("After attempting to call setup")

print(R)

print(R.text)


The message I get is:

bash-3.2$ ./setup.py

  ./setup.py

  Got logintoken

  After login

  {'login': {'result': 'Success', 'lguserid': 208882, 'lgusername': 'Cxbrx'}}

  About to setup

  After attempting to call setup

  <Response [200]>

  {"error":{"code":"permissiondenied","info":"You don't have permission to edit your private information.","*":"See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; for notice of API deprecations and breaking changes."},"servedby":"mw1282"}

In a separate script, I'm able to retrieve my readinglists, so I know that logging in is working.

I think the problem is that my bot does not have editmyprivateinfo enabled.

Looking at the code, I can see ApiReadingLists.php checks for editmyprivateinfo

      /**

        * Entry point for executing the module

        * @inheritDoc

        */

   public function execute() {

       if ( $this->getUser()->isAnon() ) {

           $this->dieWithError( [ 'apierror-mustbeloggedin',

               $this->msg( 'action-editmyprivateinfo' ) ], 'notloggedin' );

       }

               $this->checkUserRightsAny( 'editmyprivateinfo' );

               $command = $this->getParameter( 'command' );

               $module = $this->moduleManager->getModule( $command, 'command' );

               $module->extractRequestParams();

               try {

                       $module->execute();

                       $module->getResult()->addValue( null, $module->getModuleName(), [ 'result' => 'Success' ] );

               } catch ( ReadingListRepositoryException $e ) {

                       $module->getResult()->addValue( null, $module->getModuleName(), [ 'result' => 'Failure' ] );

                       $this->dieWithException( $e );

               }

       }


Does anyone know if editmyprivateinfo is the problem? If so, is it possible to enable it for a bot?

Cxbrx (talkcontribs)

The workaround is to clientlogin and login as the user. Modifying a reading list is not supported for a bot.