Page MenuHomePhabricator

API action=createaccount needs to interact properly with hooks (e.g. from ConfirmEdit)
Closed, ResolvedPublic

Description

action=createaccount does not interact well with ConfirmEdit: it just returns an error message "Incorrect or missing confirmation code" without actually providing any captcha information.

It needs to be determined how exactly this interaction should work; at a glance, I expect it will need changes both to the ApiCreateAccount module and to ConfirmEdit in order to work correctly, likely an "ApiBeforeCreateAccount" hook resembling the "ApiEditBeforeSave" hook in ApiEditPage.


Version: 1.21.x
Severity: normal

Details

Reference
bz46072

Event Timeline

bzimport raised the priority of this task from to High.
bzimport set Reference to bz46072.
Anomie created this task.Mar 13 2013, 4:28 PM

Mhm, I ran into this problem when making the account creation API. Unfortunately, the problem is that there's just no uniform method of delivering captchas to users. Usually, it's a combination of a UI hook with an Abort* hook to make it work, but for API actions there aren't any UI hooks.

At its root, this is really a problem with MediaWiki's form handling. If there were some uniform Form class that both the API and HTMLForm used, then problems like this wouldn't be an issue.

(In reply to comment #1)

At its root, this is really a problem with MediaWiki's form handling.

The API doesn't use "form handling" of any sort, and if you're looking at some sort of "form handling" to solve this problem you're looking in the wrong direction..

As I said, you'll probably need to add an "ApiBeforeCreateAccount" hook and have ConfirmEdit use it. It will probably work much like how the "ApiEditBeforeSave" hook works, so grok that first.

(In reply to comment #2)

(In reply to comment #1)
>
> At its root, this is really a problem with MediaWiki's form handling.

The API doesn't use "form handling" of any sort, and if you're looking at
some
sort of "form handling" to solve this problem you're looking in the wrong
direction..

What do you mean? At its root, each API request is just the submission of a number of fields, which are then verified and acted upon.

I thought you were talking about something along the lines of HTMLForm but even more abstracted. Handling form submissions is already standardized, and you're using it in the API module, so it's even less clear what you're trying to get at.

brion added a comment.Mar 14 2013, 8:03 PM

I'm working on this since we need it for mobile, my initial version:

& ConfirmEdit ext: https://gerrit.wikimedia.org/r/53794

Patches received -1's and need rework.

  • Bug 53328 has been marked as a duplicate of this bug. ***

try to raise the priority as wlm starts soon ...

Rupert: Please do not change the "Priority" field of bug reports. See http://www.mediawiki.org/wiki/Bugzilla/Fields#Priority .

Assigning to Chris for review.

(In reply to comment #10)

Reworked patches:

ConfirmEdit - https://gerrit.wikimedia.org/r/#/c/106845/

  • sample API client

Both patches are merged now.