Page MenuHomePhabricator

Pywikibot cannot log into a private wiki
Closed, ResolvedPublic

Description

I have a wiki that uses SSL and requires a login in order to read articles. The latest pywikibot cannot log into it. Is this a bug, or am I doing something incorrectly? Thank you.

$ ./pwb.py login.py
WARNING: API error readapidenied: You need read permission to use this module
ERROR: APIError: readapidenied: You need read permission to use this module [help:See https://privatewiki.example.com/w/api.php for API usage]
  [...same messages repeat many times...]
WARNING: Could not check user Dan exists on example:en
Password for user Dan on example:en (no characters will be shown): *******
Logging in to example:en as Dan
WARNING: API error readapidenied: You need read permission to use this module
ERROR: APIError: readapidenied: You need read permission to use this module [help:See https://privatewiki.example.com/w/api.php for API usage]
WARNING: API error readapidenied: You need read permission to use this module
ERROR: APIError: readapidenied: You need read permission to use this module [help:See https://privatewiki.example.com/w/api.php for API usage]
  [...same messages repeat many times...]
WARNING: API error readapidenied: You need read permission to use this module
ERROR: Login failed (readapidenied).
Traceback (most recent call last):
  File "./pwb.py", line 263, in <module>
    if not main():
  File "./pwb.py", line 257, in main
    run_python_file(filename, [filename] + args, argvu, file_package)
  File "./pwb.py", line 121, in run_python_file
    main_mod.__dict__)
  File "./scripts/login.py", line 193, in <module>
    main()
  File "./scripts/login.py", line 176, in main
    site.login(sysop)
  File "/home/smith/tip/pywikibot/site.py", line 2082, in login
    if loginMan.login(retry=True):
  File "/home/smith/tip/pywikibot/login.py", line 322, in login
    '{1}'.format(self.login_name, self.site))
pywikibot.exceptions.NoUsername: Username "Dan" does not have read permissions on example:en
<class 'pywikibot.exceptions.NoUsername'>
CRITICAL: Closing network session.

Version info:

$ ./pwb.py version.py
Pywikibot: [https] wikimedia-pywikibot-core (0781baa, g7716, 2016/12/21, 08:04:30, n/a)
Release version: 3.0-dev
requests version: 2.9.1
  cacerts: /etc/ssl/certs/ca-certificates.crt
    certificate test: ok
Python: 2.7.12 (default, Nov 19 2016, 06:48:10) 
[GCC 5.4.0 20160609]
PYWIKIBOT2_DIR: Not set
PYWIKIBOT2_DIR_PWB: .
PYWIKIBOT2_NO_USER_CONFIG: Not set
Config base dir: /home/smith/tip
Usernames for family "example":
        en: Dan (also sysop)	

Family file:

from pywikibot import family
from pywikibot.tools import deprecated


class Family(family.Family):
    def __init__(self):
        family.Family.__init__(self)
        self.name = 'example'
        self.langs = {
            'en': 'privatewiki.example.com',
        }

    def scriptpath(self, code):
        return {
            'en': '/w',
        }[code]

    @deprecated('APISite.version()')
    def version(self, code):
        return {
            'en': u'1.27.1',
        }[code]

    def protocol(self, code):
        return {
            'en': u'https',
        }[code]


    def isPublic():
        return False

user-config.py:

mylang = 'en'
family = 'example'
usernames['example']['en'] = 'Dan'
sysopnames['example']['en'] = 'Dan'

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 21 2016, 8:57 PM
Restricted Application added a subscriber: pywikibot-bugs-list. · View Herald TranscriptDec 21 2016, 8:57 PM
zhuyifei1999 added a subscriber: zhuyifei1999.

Using a MediaWiki-Vagrant-based test site running in Lans, and running the script with -verbose, the fatal query error is:

API Error: query=
u"{u'maxlag': ['5'], u'format': [u'json'], u'rawcontinue': [u''], 'meta': [u'tokens', u'userinfo'], 'action': [u'query'], 'type': [u'login'], u'uiprop': [u'blockinfo', u'hasmsg']}"
           response=
{u'error': {u'info': u'You need read permission to use this module.', u'code': u'readapidenied', u'help': u'See http://private-commonsarchive-test.wmflabs.org/w/api.php for API usage.'}}
ERROR: Login failed (readapidenied).

Caused by a forced meta=userinfo in api.py#L1684 for action=query, which has always been here.

My ideas: either

  • pywikibot no longer force this parameter if 'tokens' in meta and 'login' in type
  • MediaWiki API provide some sort of dummy output, saying the user is an anon, because the login status in visible on the Main Page anyways. For reference, the anon output is like:
$ curl 'https://www.mediawiki.org/w/api.php?action=query&meta=userinfo&uiprop=blockinfo|hasmsg&format=json'
{"batchcomplete":"","query":{"userinfo":{"id":0,"name":"REDACTED","anon":""}}}

See also T130112.

Anomie added a subscriber: Anomie.Feb 3 2017, 3:22 PM

MediaWiki API provide some sort of dummy output

Not going to happen.

But there's probably no reason that meta=userinfo should require the 'read' right, I don't see anything in there that seems like it needs that right. If someone wants to go that route, you'd run the idea past Security (in case I'm missing something) and then patch ApiQueryUserInfo.php to return false for isReadMode().

Happening to me WRT T153891, although I plan to use an OAuth grant for that private wiki so I can only grant the needed rights.

Is there any kind of workaround for this issue? Our wiki hasn't been able to use Pywikibot for 4 months....

Any estimate on when you might address this issue? Pywikibot is completely unusable on all wikis that require logins to read.

Is there any kind of workaround for this issue?

Have you tried OAuth? It skips the login almost completely.

Anomie added a comment.Jun 8 2017, 3:05 PM

If you're asking me, this isn't on my priority list. The code change itself is good first task, just add

public function isReadMode() {
    // Nothing sensitive here
    return false;
}

to ApiQueryUserInfo. The part that's work is running that past Security to verify that the comment is correct (because Security is typically busy with all sorts of stuff, so getting their attention can be a chore).

Or a pywikibot dev could remove the meta=userinfo from the token query, as zhuyifei1999 mentioned.

@zhuyifei1999 - Thanks for the suggestion. This wiki is inside of a corporation that uses another authentication method.

@Anomie - thanks for the info. Would the following be a correct fix within Pywikibot?

--- a/pywikibot/data/api.py
+++ b/pywikibot/data/api.py
@@ -1681,7 +1681,8 @@ class Request(MutableMapping):
 
         if self.action == 'query':
             meta = self._params.get("meta", [])
-            if "userinfo" not in meta:
+            typep = self._params.get("type", [])
+            if "userinfo" not in meta and not ("tokens" in meta and "login" in typep):
                 meta = set(meta + ['userinfo'])
                 self._params['meta'] = sorted(meta)
             uiprop = self._params.get("uiprop", [])

Change 361484 had a related patch set uploaded (by Dbarrett; owner: Dbarrett):
[pywikibot/core@master] Allow pywikibot to authenticate against a private wiki.

https://gerrit.wikimedia.org/r/361484

Change 361873 had a related patch set uploaded (by Dbarrett; owner: Dbarrett):
[pywikibot/core@master] Add a comment.

https://gerrit.wikimedia.org/r/361873

Change 361874 had a related patch set uploaded (by Dbarrett; owner: Dbarrett):
[pywikibot/core@master] Use single quotes instead of double quotes.

https://gerrit.wikimedia.org/r/361874

Change 361873 abandoned by Xqt:
Add a comment.

Reason:
merged with

d12f60b735e0b0263d109e269dab6d3a1e5834c2

https://gerrit.wikimedia.org/r/361873

Change 361874 abandoned by Xqt:
Use single quotes instead of double quotes.

Reason:
merged with

d12f60b735e0b0263d109e269dab6d3a1e5834c2

https://gerrit.wikimedia.org/r/361874

Change 361484 merged by jenkins-bot:
[pywikibot/core@master] Allow pywikibot to authenticate against a private wiki.

https://gerrit.wikimedia.org/r/361484

MarcoAurelio added a comment.EditedJun 29 2017, 11:41 AM

Did this introduce any setting in API? While not breaking the run, I get on my daily tasks this: "WARNING: API warning (main): Unrecognized parameter: uiprop."

Ah, I missed this during code review

Change 362209 had a related patch set uploaded (by Zhuyifei1999; owner: Zhuyifei1999):
[pywikibot/core@master] API Request: set uiprop only when ensuring 'userinfo' in meta

https://gerrit.wikimedia.org/r/362209

@maiden_taiwan Can you verify the login works as expected now?

@zhuyifei1999 Yes, the current code successfully logs into a private wiki. There are some warnings, but the same warnings were already present before the changes.

$ pwb.py login.py
WARNING: API error readapidenied: You need read permission to use this module
WARNING: API error readapidenied: You need read permission to use this module
WARNING: Could not check user Wikisysop exists on mywiki:en
Password for user Wikisysop on mywiki:en (no characters will be shown): 
Logging in to mywiki:en as Wikisysop
WARNING: API warning (login): Main-account login via action=login is deprecated and may stop working without warning. To continue login with action=login, see [[Special:BotPasswords]]. To safely continue using main-account login, see action=clientlogin.
Logged in on mywiki:en as Wikisysop.
zhuyifei1999 closed this task as Resolved.Jun 30 2017, 2:15 PM
zhuyifei1999 assigned this task to maiden_taiwan.