Remove the ability to disable the API with $wgEnableAPI
Closed, ResolvedPublic

Tokens
"Orange Medal" token, awarded by Krinkle."Like" token, awarded by Addshore."Yellow Medal" token, awarded by Jdforrester-WMF."Like" token, awarded by jayvdb."Like" token, awarded by Smalyshev."The World Burns" token, awarded by Ricordisamoa."Like" token, awarded by Krenair.
Assigned To
Authored By
MaxSem, Oct 13 2015

Description

By now, MediaWiki is severely crippled without the API, with most of interesting extensions relying on the API, it becomes more and more problematic to disable it. Now it's probably fair to say that wikis that do that are just shooting their own feet off for no good reason. Therefore, I propose to officially declare that MW does not support working without the API and remove this very setting.

I'm gonna start a wikitech-l discussion, opening this bug for tracking.

MaxSem created this task.Oct 13 2015, 10:03 PM
MaxSem updated the task description. (Show Details)
MaxSem raised the priority of this task from to Low.
MaxSem added a project: MediaWiki-API.
MaxSem added a subscriber: MaxSem.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 13 2015, 10:03 PM
Krenair added a subscriber: Krenair.
Ricordisamoa added a subscriber: Ricordisamoa.

My experience is that functionality-disabling switches make writing third-party modules much harder, so unless there's a clear reason why one needs to disable API, we are probably better off without such switch.

It made some sense a lot time ago, when the API was green and was generally less stable and safe that web UI. Nowadays, I see no sense in this.

Anomie moved this task from Unsorted to Needs Code on the MediaWiki-API board.Oct 14 2015, 1:54 AM

If we do this, $wgEnableWriteAPI should probably go too.

As for actually doing it, we should probably mark the settings deprecated for 1.27 with wfDeprecated() warnings when they're false, and plan to remove them entirely in 1.28 or later. Unless we backport the deprecation to 1.26 and remove in 1.27, although that seems like it might be a bit fast.

To answer the question on the abandoned change of how crazy people could disable the API after we remove the setting, they could:

  • Block access to api.php at the webserver level.
  • Die inside the 'ApiBeforeMain' hook.
  • Throw an exception from the 'ApiBeforeMain' hook.
  • Use the 'ApiBeforeMain' hook to replace ApiMain with a custom subclass that doesn't do anything.

These would also work, but they would also break stuff that internally calls ApiMain with a FauxRequest:

  • Use the 'ApiMain::moduleManager' hook to replace all actions with ApiDisabled.
  • Use the 'ApiCheckCanExecute' hook to prevent any module from executing.
Nemo_bis added a comment.EditedOct 14 2015, 5:40 AM

As someone who has used the API on tens of thousands wikis (not counting Wikia wikis), I think this is probably pointless. People will just delete the api.php file when they don't find an easy setting. (To clarify, this is what really happens on a non-trivial amount of wikis right now.)

As someone who develops extensions, I think the setting is pointless. If the API obeys the privacy settings of closed wikis, the setting can be removed.

People will just delete the api.php file when they don't find an easy setting. (To clarify, this is what really happens on a non-trivial amount of wikis right now.)

So no harm done removing the unused setting then when people are already using other means?

It seems most reasonable to me to treat api.php the same as index.php (and thumb.php, for that matter) in terms of read and write access permissions. This seems to be the best match with user expectations.

I agree with Anomie about killing $wgEnableWriteAPI in addition to $wgEnableAPI. I just think we should concurrently make a guarantee to MediaWiki users that all of the entry points will be treated similarly/consistently with regard to read and write access.

If the API obeys the privacy settings of closed wikis,

Is there any evidence that it doesn't, keeping in mind https://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions?

I suspect there isn't, or else we wouldn't have the API enabled on WMF-managed private wikis.

demon added a comment.Oct 14 2015, 7:27 PM

I've changed my mind since that previous patch. Go for it.

I don't think it's too late to backport the deprecating to 1.26, either.

revi added a subscriber: revi.Oct 14 2015, 11:06 PM

Change 246449 had a related patch set uploaded (by MaxSem):
Remove support for running without API

https://gerrit.wikimedia.org/r/246449

Change 246453 had a related patch set uploaded (by MaxSem):
Remove support for $wgEnableAPI

https://gerrit.wikimedia.org/r/246453

Change 246454 had a related patch set uploaded (by MaxSem):
Remove $wgEnableAPI support

https://gerrit.wikimedia.org/r/246454

Change 246449 had a related patch set uploaded (by MaxSem):
Remove support for running without API

https://gerrit.wikimedia.org/r/246449

The change to RELEASE-NOTES-1.26 implies that there has been no deprecation period at all.
My interpretation of https://www.mediawiki.org/wiki/Requests_for_comment/API_roadmap is that a deprecation takes place (in 1.26?) before removing (in 1.27?)? Or does that not apply here because it's not about changes to the API but about disabling the API itself?

The change to RELEASE-NOTES-1.26 implies that there has been no deprecation period at all.
My interpretation of https://www.mediawiki.org/wiki/Requests_for_comment/API_roadmap is that a deprecation takes place (in 1.26?) before removing (in 1.27?)?

I think that's what we should do here.

Change 246453 merged by jenkins-bot:
Remove support for $wgEnableAPI

https://gerrit.wikimedia.org/r/246453

Change 246454 merged by jenkins-bot:
Remove $wgEnableAPI support

https://gerrit.wikimedia.org/r/246454

Aklapper updated the task description. (Show Details)Oct 26 2015, 1:23 PM
Aklapper set Security to None.
Anomie moved this task from Needs Code to In Dev on the MediaWiki-API board.Nov 13 2015, 3:05 PM

What is left to do here, as this task is still open?

What is left to do here, as this task is still open?

The main patch, https://gerrit.wikimedia.org/r/#/c/246449/, is still open and has -1s. The merged patches were for two extensions.

Change 246449 abandoned by MaxSem:
Remove support for running without API

https://gerrit.wikimedia.org/r/246449

Anomie moved this task from In Dev to Needs Code on the MediaWiki-API board.May 12 2016, 3:30 PM
Anomie removed a project: Patch-For-Review.
demon removed a subscriber: demon.Mar 9 2017, 9:38 PM

Change 383726 had a related patch set uploaded (by Tim Starling; owner: Tim Starling):
[mediawiki/core@master] Deprecate $wgEnableAPI and $wgEnableWriteAPI

https://gerrit.wikimedia.org/r/383726

Change 383726 merged by jenkins-bot:
[mediawiki/core@master] Deprecate $wgEnableAPI and $wgEnableWriteAPI

https://gerrit.wikimedia.org/r/383726

Change 392542 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/core@master] [DNM] Drop deprecated EnableAPI and EnableWriteAPI settings

https://gerrit.wikimedia.org/r/392542

Krinkle moved this task from Needs Code to Blocked on the MediaWiki-API board.

Blocked per comments on https://gerrit.wikimedia.org/r/#/c/392542/, on:

  • Remove use from tarball-bundled and WMF-maintained extensions.
  • Wait until the next release cycle (MW 1.32), given we added deprecation in current master (for MW 1.31)

Change 427289 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[operations/mediawiki-config@master] Drop old wgEnableAPI and wgEnableWriteAPI, no longer used in MW

https://gerrit.wikimedia.org/r/427289

Change 392542 merged by jenkins-bot:
[mediawiki/core@master] Drop deprecated EnableAPI and EnableWriteAPI settings

https://gerrit.wikimedia.org/r/392542

Change 427293 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/Configure@master] Drop references to EnableAPI and EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427293

Change 427294 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/GWToolset@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427294

Change 427295 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/MsUpload@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427295

Change 427293 merged by jenkins-bot:
[mediawiki/extensions/Configure@master] Drop references to EnableAPI and EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427293

Change 427296 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/TopLists@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427296

Change 427297 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/extensions/Html2Wiki@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427297

Jdforrester-WMF closed this task as Resolved.Apr 18 2018, 1:09 AM
Jdforrester-WMF removed a project: Patch-For-Review.
Jdforrester-WMF claimed this task.

Change 427297 merged by jenkins-bot:
[mediawiki/extensions/Html2Wiki@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427297

Change 427294 merged by jenkins-bot:
[mediawiki/extensions/GWToolset@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427294

Change 427296 merged by jenkins-bot:
[mediawiki/extensions/TopLists@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427296

Change 427295 merged by jenkins-bot:
[mediawiki/extensions/MsUpload@master] Drop references to EnableWriteAPI, removed from MW

https://gerrit.wikimedia.org/r/427295

Change 427289 merged by jenkins-bot:
[operations/mediawiki-config@master] Drop old wgEnableAPI and wgEnableWriteAPI, no longer used in MW

https://gerrit.wikimedia.org/r/427289