After applying two-factor authentication (2FA) to my account, I wanted to keep on using my collection of handy Pywikibot command line scripts without the hassle of OAuth. Following the manual guidelines at https://www.mediawiki.org/wiki/Manual:Pywikibot/BotPasswords works, so long as a passwords file is created locally, in that a terminal session logs in, however pywikibot core fails to pick up the login credentials. Note that login.py would break at the stage of getting cookies if manual login was tried rather than a passwords file. I ran a git pull yesterday for Pywikibot core, so my local version is the latest.
With the pressure to move admin accounts to using the more secure 2FA option, and the likelihood of this later rolling out for all accounts, this bug runs counter to the advice being given to volunteers for continued API access for script users.
As an example I have set up a bot password for Fæ@uploader with extensive rights including uploading files and editing pages. Pywikibot's login.py correctly applies it, however pywikibot modules then fail to apply it:
Example at login
core fae$ python pwb.py login Logging in to commons:commons as Fæ@uploader Logged in on commons:commons as Fæ. core fae$ python Python 2.7.10 (default, Jul 14 2015, 19:46:27) [GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.39)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import pywikibot >>> site = pywikibot.getSite('commons', 'commons') >>> print site.userinfo['name'] > < here my IP address gets displayed rather than the expected account name > >>>
Example failure when running an upload script after appearing to correctly log in
User 'None' does not have upload rights on site commons:commons.
Further investigation shows that using login.py with a BotPasswords account, creates a faulty cookie in pywikibot.lwp. This lacks commonswikiUserName, centralauth_Token etc. It is likely that this is the source of the problem.