Page MenuHomePhabricator
Create Task
Maniphest T363054

Troubleshooting writeapidenied error
Open, Needs TriagePublic
Actions

Description

I'm an admin for a self-hosted wiki and we cannot get AWB to authenticate to it properly for edits.

AWB Behavior: AWB is able to query our wiki just fine. I can make lists through various sources and everything appears to be functioning well. However, any attempt to log in or make an edit generates the following error:

description:

workaround:

Exception:ApiErrorException
Message:API returned the following error: 'You're not allowed to edit this wiki through the API.'
Call stack:<pre> at WikiFunctions.API.ApiEdit.CheckForErrors(String xml, String action)
at WikiFunctions.API.ApiEdit.Login(String username, String password, String domain)
at WikiFunctions.Profiles.AWBProfilesForm.PerformLogin(String username, String password)</pre>

OS: Microsoft Windows NT 6.2.9200.0
version: AutoWikiBrowser (6.3.0.0), WikiFunctions (6.3.0.0), revision 12558 (2024-01-16 20:38:04)
net: 4.0.30319.42000
duplicate:
site: https://wiki.[SITE].com

I get this edit on login attempts, so I assume it's an authentication issue.

Our Environment: We're running

  • MediaWiki 1.41.0
  • PHP 8.1.27
  • ICU 72.1
  • Maria DB 11.2.3-MariaDB-1:11.2.3+maria~ubu2204
  • Lua 5.1.5
  • Several extensions and libraries, of which the only ones I think might be relevant are PluggableAuth 7.0.0 with mediawiki/oauthclient 2.0.0. User account creation and authentication is linked to accounts on our main website via Oauth.

What I've Tried:

  • I have confirmed that I generated a Bot Password appropriately. I've tried a second one and had another admin try one.
  • I've confirmed that the Bot Password has all the permissions it could possibly need.
  • I've confirmed using the API Sandbox that I can make edits to articles through the API from my regular user account.
  • We've looked through LocalSettings.php for any settings that might block bots or API edits, but found nothing.
  • Everything I've seen in PluggableAuth documentation and troubleshooting posts indicates that it should not interfere with--or even interact with--bot authentication through a Bot Password in modern versions of MediaWiki.
  • The one issue people have reported with AWB and PluggableAuth was if they used HTTP instead of HTTPS in the site preferences. I'm using HTTPS, and they were getting a different error, and also I believe the underlying issue was fixed some time ago.

Any advice on how to troubleshoot this would be hugely appreciated. There's been a lack of content maintenance for several years and I could really use a mass edit tool.

Related Objects

Event Timeline

Archenksov created this task.Apr 20 2024, 9:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 20 2024, 9:23 PM
Wargo subscribed.Apr 21 2024, 8:57 AM

On Special:ListGroupRights make sure user group has writeapi right.

Archenksov added a comment.Apr 21 2024, 12:46 PM

The user has writeapi and I manually did an API edit from my user account to confirm that access isn't disabled through some other mechanism. So I can make an edit through the API on my account, but AWB gives the error above when using a bot password on the same account, even with all of my permissions delegated through the bot password.

Reedy subscribed.Apr 22 2024, 7:59 PM

All needs writeapi, not just user.

The right doesn't mean what anyone thinks it does, and is going away - T294397: Drop writeapi MediaWiki right

Reedy updated the task description. (Show Details)Apr 22 2024, 9:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits