Page MenuHomePhabricator

Remove the ability to disable the API with $wgEnableAPI
Closed, ResolvedPublic

Assigned To
Authored By
MaxSem
Oct 13 2015, 10:03 PM
Referenced Files
None
Tokens
"Orange Medal" token, awarded by Krinkle."Like" token, awarded by Addshore."Yellow Medal" token, awarded by Jdforrester-WMF."Like" token, awarded by jayvdb."Like" token, awarded by Smalyshev."The World Burns" token, awarded by Ricordisamoa."Like" token, awarded by Krenair.

Description

By now, MediaWiki is severely crippled without the API, with most of interesting extensions relying on the API, it becomes more and more problematic to disable it. Now it's probably fair to say that wikis that do that are just shooting their own feet off for no good reason. Therefore, I propose to officially declare that MW does not support working without the API and remove this very setting.

I'm gonna start a wikitech-l discussion, opening this bug for tracking.

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
MaxSem raised the priority of this task from to Low.Oct 13 2015, 10:03 PM
MaxSem added a project: MediaWiki-Action-API.
MaxSem subscribed.

My experience is that functionality-disabling switches make writing third-party modules much harder, so unless there's a clear reason why one needs to disable API, we are probably better off without such switch.

It made some sense a lot time ago, when the API was green and was generally less stable and safe that web UI. Nowadays, I see no sense in this.

If we do this, $wgEnableWriteAPI should probably go too.

As for actually doing it, we should probably mark the settings deprecated for 1.27 with wfDeprecated() warnings when they're false, and plan to remove them entirely in 1.28 or later. Unless we backport the deprecation to 1.26 and remove in 1.27, although that seems like it might be a bit fast.

To answer the question on the abandoned change of how crazy people could disable the API after we remove the setting, they could:

  • Block access to api.php at the webserver level.
  • Die inside the 'ApiBeforeMain' hook.
  • Throw an exception from the 'ApiBeforeMain' hook.
  • Use the 'ApiBeforeMain' hook to replace ApiMain with a custom subclass that doesn't do anything.

These would also work, but they would also break stuff that internally calls ApiMain with a FauxRequest:

  • Use the 'ApiMain::moduleManager' hook to replace all actions with ApiDisabled.
  • Use the 'ApiCheckCanExecute' hook to prevent any module from executing.

As someone who has used the API on tens of thousands wikis (not counting Wikia wikis), I think this is probably pointless. People will just delete the api.php file when they don't find an easy setting. (To clarify, this is what really happens on a non-trivial amount of wikis right now.)

As someone who develops extensions, I think the setting is pointless. If the API obeys the privacy settings of closed wikis, the setting can be removed.

People will just delete the api.php file when they don't find an easy setting. (To clarify, this is what really happens on a non-trivial amount of wikis right now.)

So no harm done removing the unused setting then when people are already using other means?

It seems most reasonable to me to treat api.php the same as index.php (and thumb.php, for that matter) in terms of read and write access permissions. This seems to be the best match with user expectations.

I agree with Anomie about killing $wgEnableWriteAPI in addition to $wgEnableAPI. I just think we should concurrently make a guarantee to MediaWiki users that all of the entry points will be treated similarly/consistently with regard to read and write access.

If the API obeys the privacy settings of closed wikis,

Is there any evidence that it doesn't, keeping in mind https://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions?

I suspect there isn't, or else we wouldn't have the API enabled on WMF-managed private wikis.

I've changed my mind since that previous patch. Go for it.

I don't think it's too late to backport the deprecating to 1.26, either.

Change 246449 had a related patch set uploaded (by MaxSem):
Remove support for running without API

https://gerrit.wikimedia.org/r/246449

Change 246453 had a related patch set uploaded (by MaxSem):
Remove support for $wgEnableAPI

https://gerrit.wikimedia.org/r/246453

Change 246454 had a related patch set uploaded (by MaxSem):
Remove $wgEnableAPI support

https://gerrit.wikimedia.org/r/246454

Change 246449 had a related patch set uploaded (by MaxSem):
Remove support for running without API

https://gerrit.wikimedia.org/r/246449

The change to RELEASE-NOTES-1.26 implies that there has been no deprecation period at all.
My interpretation of https://www.mediawiki.org/wiki/Requests_for_comment/API_roadmap is that a deprecation takes place (in 1.26?) before removing (in 1.27?)? Or does that not apply here because it's not about changes to the API but about disabling the API itself?

The change to RELEASE-NOTES-1.26 implies that there has been no deprecation period at all.
My interpretation of https://www.mediawiki.org/wiki/Requests_for_comment/API_roadmap is that a deprecation takes place (in 1.26?) before removing (in 1.27?)?

I think that's what we should do here.

Change 246453 merged by jenkins-bot:
Remove support for $wgEnableAPI

https://gerrit.wikimedia.org/r/246453

Change 246454 merged by jenkins-bot:
Remove $wgEnableAPI support

https://gerrit.wikimedia.org/r/246454

Aklapper set Security to None.

What is left to do here, as this task is still open?

What is left to do here, as this task is still open?

The main patch, https://gerrit.wikimedia.org/r/#/c/246449/, is still open and has -1s. The merged patches were for two extensions.

Change 246449 abandoned by MaxSem:
Remove support for running without API

https://gerrit.wikimedia.org/r/246449

Change 383726 had a related patch set uploaded (by Tim Starling; owner: Tim Starling):
[mediawiki/core@master] Deprecate $wgEnableAPI and $wgEnableWriteAPI

https://gerrit.wikimedia.org/r/383726

Change 383726 merged by jenkins-bot:
[mediawiki/core@master] Deprecate $wgEnableAPI and $wgEnableWriteAPI

https://gerrit.wikimedia.org/r/383726

Change 392542 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/core@master] [DNM] Drop deprecated EnableAPI and EnableWriteAPI settings

https://gerrit.wikimedia.org/r/392542

Krinkle moved this task from Needs Code to Blocked on the MediaWiki-Action-API board.

Blocked per comments on https://gerrit.wikimedia.org/r/#/c/392542/, on:

  • Remove use from tarball-bundled and WMF-maintained extensions.
  • Wait until the next release cycle (MW 1.32), given we added deprecation in current master (for MW 1.31)

Change 427289 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[operations/mediawiki-config@master] Drop old wgEnableAPI and wgEnableWriteAPI, no longer used in MW

https://gerrit.wikimedia.org/r/427289

Change 392542 merged by jenkins-bot:
[mediawiki/core@master] Drop deprecated EnableAPI and EnableWriteAPI settings

https://gerrit.wikimedia.org/r/392542

Change 427293 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/Configure@master] Drop references to EnableAPI and EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427293

Change 427294 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/GWToolset@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427294

Change 427295 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/MsUpload@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427295

Change 427293 merged by jenkins-bot:
[mediawiki/extensions/Configure@master] Drop references to EnableAPI and EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427293

Change 427296 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/TopLists@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427296

Change 427297 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/Html2Wiki@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427297

Change 427297 merged by jenkins-bot:
[mediawiki/extensions/Html2Wiki@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427297

Change 427294 merged by jenkins-bot:
[mediawiki/extensions/GWToolset@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427294

Change 427296 merged by jenkins-bot:
[mediawiki/extensions/TopLists@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427296

Change 427295 merged by jenkins-bot:
[mediawiki/extensions/MsUpload@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427295

Change 427289 merged by jenkins-bot:
[operations/mediawiki-config@master] Drop old wgEnableAPI and wgEnableWriteAPI, no longer used in MW

https://gerrit.wikimedia.org/r/427289

Change #1058585 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/core@master] Drop writeapi flag from siteinfo API

https://gerrit.wikimedia.org/r/1058585

Change #1058585 merged by jenkins-bot:

[mediawiki/core@master] Drop writeapi flag from siteinfo API

https://gerrit.wikimedia.org/r/1058585

Change #1060454 had a related patch set uploaded (by Lucas Werkmeister; author: Lucas Werkmeister):

[mediawiki/core@master] Revert "Drop writeapi flag from siteinfo API"

https://gerrit.wikimedia.org/r/1060454

Change #1060468 had a related patch set uploaded (by BryanDavis; author: Lucas Werkmeister):

[mediawiki/core@wmf/1.43.0-wmf.17] Revert "Drop writeapi flag from siteinfo API"

https://gerrit.wikimedia.org/r/1060468

Change #1060454 merged by jenkins-bot:

[mediawiki/core@master] Revert "Drop writeapi flag from siteinfo API"

https://gerrit.wikimedia.org/r/1060454

Change #1060468 merged by jenkins-bot:

[mediawiki/core@wmf/1.43.0-wmf.17] Revert "Drop writeapi flag from siteinfo API"

https://gerrit.wikimedia.org/r/1060468

Mentioned in SAL (#wikimedia-operations) [2024-08-07T17:27:31Z] <brennen@deploy1003> Started scap sync-world: Backport for [[gerrit:1060468|Revert "Drop writeapi flag from siteinfo API" (T115414 T294397 T371977)]]

Mentioned in SAL (#wikimedia-operations) [2024-08-07T17:29:44Z] <brennen@deploy1003> brennen, bd808: Backport for [[gerrit:1060468|Revert "Drop writeapi flag from siteinfo API" (T115414 T294397 T371977)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2024-08-07T17:35:37Z] <brennen@deploy1003> Finished scap: Backport for [[gerrit:1060468|Revert "Drop writeapi flag from siteinfo API" (T115414 T294397 T371977)]] (duration: 08m 06s)