According to the requirement of OAuth implementation, some changes and update are needed:
- pywikibot/comms/http.py: Load OAuth identity from config and send it with requests if config enables OAuth.
- pywikibot/config2.py: Must contain options to switch between OAuth and cookies. Also need to declare vars to store tokens and keys.
- pywikibot/login.py: The authentication process of OAuth is different from username-password authentication. I’d like to break the original implementation: use BaseLoginManager as base class, LoginManager acts for username-password authentication and OauthLoginManager for OAuth.
- pywikibot/site.py: OAuth extension of MediaWiki has a distinct way of fetching user info and rights. So associated methods need to change. Also, OAuth-login uses “index.php” instead of MediaWiki’s api page. A login method should be added and Site object should choose the right one based on config.
- pywikibot/exception.py: This contains exceptions might be throwed. Exceptions which inform users about what's wrong during OAuth authentication need to be added.
For OAuth support, we should test that Pywikibot could achieve the right user identity through OAuth authentication and use the identity obtained to perform proper actions.
My opinion is to add an individual test like pywikibot/test/oauth_tests.py, under pywikibot/test, so the two mandatory tests or more related tests could go there. Also, to support these tests, something may be needed:
- pywikibot/test/aspects.py: This module provides some building blocks for tests. The RequireUserMixin provides user login checking. The MetaTestCaseClass provides metadata for configuration. The corresponding code may be added to these class. Also, we should provide something like OAuthSiteTestCase other than DefaultSiteTestCase to distinct two authentication methods. And it'll be used in our tests
- pywikibot/test/http_tests.py: This is for pywikibot/comms. So all tests should be passed and additional tests may be needed here if we choose to migrating to requests library from httplib2.
This part may include comments in code, documentation in Pywikibot's manual and documentation for developers.
The comments in code should be meaningful and concise.
The How-to documentation for the usage of OAuth authentication could be added to Manual:Pywikibot/Basic use
The documentation for developers should describe the idea of design and the basic structure for convenience of bug fixing and improvement.
- Need to check the existence of OAuth extension first: use APISite's has_extension method (but need MediaWiki’s version >= 1.14)
- mwoauth should be a mandatory dependency of pywikibot?
By default, OAuth’s validity period is 30 days. It’s longer than cookies’ validity period.(Deleted because of misunderstanding) Also the authentication process is complicated, which need to access urls via browser. Do we need an individual script for authentication? So when token expired, bot just raise exceptions other than prompt to re-authenticate. Also this script may help plain save or serialize access token fetched for us.
- OAuth app's rights may differ from its owner’s. If so, Site.has_right may not work as expected. Or we just use it as an alternative for username-password authentication and this case won’t happen?