Page MenuHomePhabricator
Create Task
Maniphest T88010

Action API modules to support Restbase
Closed, ResolvedPublic
Actions

Description

Two features are requested:

  • Ability to check a CSRF token for validity
  • Interface to Title::userCan()

Details

SubjectRepoBranchLines +/-
API: Add authz features for RESTBasemediawiki/coremaster+139 -6
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 DuplicateNoneT84962 Authn and authz as a service
 ResolvedAnomieT88010 Action API modules to support Restbase

Event Timeline

Anomie created this task.Jan 29 2015, 8:13 PM
Anomie claimed this task.
Anomie raised the priority of this task from to Medium.
Anomie updated the task description. (Show Details)
Anomie added projects: MediaWiki-Action-API, MediaWiki-Core-Team, RESTBase.
Anomie subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 29 2015, 8:13 PM
bd808 subscribed.Jan 29 2015, 8:14 PM
bd808 added subscribers: GWicke, Legoktm, csteipp.Jan 29 2015, 8:16 PM

See also https://www.mediawiki.org/wiki/Talk:Requests_for_comment/Service-oriented_architecture_authentication#RESTBase_use_cases.

gerritbot added a project: Patch-For-Review.Jan 29 2015, 8:22 PM
gerritbot subscribed.

Change 187466 had a related patch set uploaded (by Anomie):
API: Add authz features for RESTBase

https://gerrit.wikimedia.org/r/187466

Patch-For-Review

Anomie added a comment.Jan 29 2015, 8:23 PM

Token checking:

$ curl --silent 'http://localhost/w/api.php?format=json&action=checktoken&type=csrf&token=123ABC' | json_pp
{
   "checktoken" : {
      "result" : "invalid"
   }
}

Title authz:

$ curl --silent 'http://localhost/w/api.php?format=json&action=query&prop=info&intestactions=edit|create|foobar&titles=Test|ProtectedTitle|TestX&inprop=protection&continue=' | json_pp
{
   "query" : {
      "pages" : {
         "-1" : {
            "ns" : 0,
            "protection" : [
               {
                  "expiry" : "infinity",
                  "level" : "sysop",
                  "type" : "create"
               }
            ],
            "title" : "ProtectedTitle",
            "missing" : "",
            "contentmodel" : "wikitext",
            "restrictiontypes" : [
               "create"
            ],
            "actions" : {
               "edit" : ""
            },
            "pagelanguage" : "en"
         },
         "2183" : {
            "contentmodel" : "wikitext",
            "restrictiontypes" : [
               "edit",
               "move"
            ],
            "actions" : {
               "create" : ""
            },
            "pageid" : 2183,
            "pagelanguage" : "en",
            "length" : 5,
            "touched" : "2014-08-10T20:18:12Z",
            "ns" : 0,
            "lastrevid" : 2461,
            "protection" : [
               {
                  "type" : "edit",
                  "expiry" : "infinity",
                  "level" : "evil"
               },
               {
                  "type" : "move",
                  "expiry" : "infinity",
                  "level" : "evil"
               },
               {
                  "source" : "Cascader",
                  "type" : "edit",
                  "level" : "sysop",
                  "expiry" : "infinity"
               }
            ],
            "title" : "TestX"
         },
         "2" : {
            "protection" : [],
            "title" : "Test",
            "touched" : "2015-01-23T20:35:55Z",
            "ns" : 0,
            "lastrevid" : 2792,
            "pageid" : 2,
            "actions" : {
               "create" : "",
               "edit" : ""
            },
            "pagelanguage" : "en",
            "length" : 744,
            "contentmodel" : "wikitext",
            "restrictiontypes" : [
               "edit",
               "move"
            ]
         }
      }
   },
   "batchcomplete" : ""
}
Anomie moved this task from Backlog to Needs Review/Feedback on the MediaWiki-Core-Team board.Jan 29 2015, 8:23 PM
mobrovac added a parent task: T84962: Authn and authz as a service.Jan 30 2015, 11:46 PM
mobrovac moved this task from Backlog to Ready / next on the RESTBase board.Feb 13 2015, 7:02 PM
Anomie moved this task from Unsorted to Needs Review on the MediaWiki-Action-API board.Feb 19 2015, 6:03 PM
gerritbot added a comment.Feb 20 2015, 5:51 AM

Change 187466 merged by jenkins-bot:
API: Add authz features for RESTBase

https://gerrit.wikimedia.org/r/187466

Anomie mentioned this in rMW4b8b0358ebca: API: Add authz features for RESTBase.Feb 20 2015, 5:52 AM
Anomie closed this task as Resolved.Feb 20 2015, 1:28 PM
Anomie moved this task from Needs Review/Feedback to Done on the MediaWiki-Core-Team board.
Anomie set Security to None.
Anomie moved this task from Needs Review to Done on the MediaWiki-Action-API board.Feb 20 2015, 8:23 PM
bd808 moved this task from Done to Archive on the MediaWiki-Core-Team board.Feb 23 2015, 11:58 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:42 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL