After an update (1.33.1), API:Login fails with credentials of Special:BotPasswords .
Steps to Reproduce:
- Install mediawiki 1.33.1 (via git, last version of the branch REL1.33)
- Create a login and a password with the form of Special:BotPasswords
- Create the file test.php (first sample PHP code of the page https://www.mediawiki.org/wiki/API:Login )
- Replace the endpoint, the password and the login in the code.
File : test.php
<?php $endPoint = "http://wiki/api.php"; $login_Token = getLoginToken(); // Step 1 loginRequest( $login_Token ); // Step 2 // Step 1: GET request to fetch login token function getLoginToken() { global $endPoint; $params1 = [ "action" => "query", "meta" => "tokens", "type" => "login", "format" => "json" ]; $url = $endPoint . "?" . http_build_query( $params1 ); $ch = curl_init( $url ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" ); curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" ); $output = curl_exec( $ch ); curl_close( $ch ); $result = json_decode( $output, true ); return $result["query"]["tokens"]["logintoken"]; } // Step 2: POST request to log in. Use of main account for login is not // supported. Obtain credentials via Special:BotPasswords // (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword function loginRequest( $logintoken ) { global $endPoint; $params2 = [ "action" => "login", "lgname" => "Test@bot", "lgpassword" => "PASSWORD", "lgtoken" => $logintoken, "format" => "json" ]; $ch = curl_init(); curl_setopt( $ch, CURLOPT_URL, $endPoint ); curl_setopt( $ch, CURLOPT_POST, true ); curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params2 ) ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" ); curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" ); $output = curl_exec( $ch ); curl_close( $ch ); echo( $output ); }
Actual Results:
The result is always the same (with a different token).
{ "warnings": { "main": { "*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes." }, "login": { "*": "Fetching a token via \"action=login\" is deprecated. Use \"action=query&meta=tokens&type=login\" instead." } }, "login": { "result": "NeedToken", "token": "a94242ea5e82b694979787846c2b4cdd5db1e890+\\" } }
Expected Results:
The page https://www.mediawiki.org/wiki/API:Login shows this expected results for this code.
{ "login": { "lguserid": 21, "result": "Success", "lgusername": "William" } }