Page MenuHomePhabricator

Overall Plan of Pywikibot OAuth Support
Closed, ResolvedPublic

Description

OAuth implementation

According to the requirement of OAuth implementation, some changes and update are needed:

  1. pywikibot/comms/http.py: Load OAuth identity from config and send it with requests if config enables OAuth.
  1. pywikibot/config2.py: Must contain options to switch between OAuth and cookies. Also need to declare vars to store tokens and keys.
  1. pywikibot/login.py: The authentication process of OAuth is different from username-password authentication. I’d like to break the original implementation: use BaseLoginManager as base class, LoginManager acts for username-password authentication and OauthLoginManager for OAuth.
  1. pywikibot/site.py: OAuth extension of MediaWiki has a distinct way of fetching user info and rights. So associated methods need to change. Also, OAuth-login uses “index.php” instead of MediaWiki’s api page. A login method should be added and Site object should choose the right one based on config.
  1. pywikibot/exception.py: This contains exceptions might be throwed. Exceptions which inform users about what's wrong during OAuth authentication need to be added.

Unit tests

For OAuth support, we should test that Pywikibot could achieve the right user identity through OAuth authentication and use the identity obtained to perform proper actions.

My opinion is to add an individual test like pywikibot/test/oauth_tests.py, under pywikibot/test, so the two mandatory tests or more related tests could go there. Also, to support these tests, something may be needed:

  1. pywikibot/test/aspects.py: This module provides some building blocks for tests. The RequireUserMixin provides user login checking. The MetaTestCaseClass provides metadata for configuration. The corresponding code may be added to these class. Also, we should provide something like OAuthSiteTestCase other than DefaultSiteTestCase to distinct two authentication methods. And it'll be used in our tests
  1. pywikibot/test/http_tests.py: This is for pywikibot/comms. So all tests should be passed and additional tests may be needed here if we choose to migrating to requests library from httplib2.

Documentation

This part may include comments in code, documentation in Pywikibot's manual and documentation for developers.

The comments in code should be meaningful and concise.

The How-to documentation for the usage of OAuth authentication could be added to Manual:Pywikibot/Basic use

The documentation for developers should describe the idea of design and the basic structure for convenience of bug fixing and improvement.

Some consideration

  1. Need to check the existence of OAuth extension first: use APISite's has_extension method (but need MediaWiki’s version >= 1.14)
  1. mwoauth should be a mandatory dependency of pywikibot?
  1. By default, OAuth’s validity period is 30 days. It’s longer than cookies’ validity period.(Deleted because of misunderstanding) Also the authentication process is complicated, which need to access urls via browser. Do we need an individual script for authentication? So when token expired, bot just raise exceptions other than prompt to re-authenticate. Also this script may help plain save or serialize access token fetched for us.
  1. OAuth app's rights may differ from its owner’s. If so, Site.has_right may not work as expected. Or we just use it as an alternative for username-password authentication and this case won’t happen?

Event Timeline

VcamX claimed this task.
VcamX raised the priority of this task from to Needs Triage.
VcamX updated the task description. (Show Details)
VcamX added a project: Pywikibot-OAuth.
VcamX added subscribers: VcamX, jayvdb, Halfak.

I like the overall plan. The next task is break it into milestones and set due dates for the milestones, so we can track how the project is going. Ideally we should have some part of the code written by the mid-way evaluation. Let's talk about milestone dates in our next meeting.

mwoauth (T101226) should be introduced as an optional dependency. See tests for pydot and mwparserfromhell for examples of how to test an optional dependency.

The easiest place to start is creating OauthLoginManager with basic tests designed only to confirm the logic has succeeded. Maybe it can only override one of the two existing LoginManager classes (one in login.py and another in api.py).

Then we can merge that first patch without having fixed all of the 'rights' related problems that will exist after login. https://gerrit.wikimedia.org/r/#/c/209503/ (need_right) will hopefully make it easier to solve the 'rights' related problems that OAuth introduces.

VcamX set Security to None.

@jayvdb thx for your comments. I'll update milestones and due dates in this task. Work about OauthLoginManager will be in a new task.

[Please set a more descriptive task summary. Seeing "Draft Plan" in the list of new tasks does not tell me much. Thanks!]

VcamX renamed this task from Draft Plan to Overall Plan of Pywikibot OAuth Support.Jun 24 2015, 11:47 PM