Page MenuHomePhabricator
Create Task
Maniphest T92469

RSS RecentChanges does not work on login-required wiki
Closed, DeclinedPublic
Actions

Description

I am trying to get Recent Changes RSS feeds to work from a wiki that requires login for access to most pages (some are whitelisted). I use tinytinyRSS, a web based feed aggregator. It's set up so that clicking on an RSS feed link generates a new feed. When I click on the recent changes RSS link in wikipedia, it creates a working link. When I click the same button in our password protected mediawiki it gives me an error:
No feeds found in http://ccmdb.kuality.ca/api.php?hidebots=1&days=7&limit=50&action=feedrecentchanges&feedformat=rss

When I look at the feed from a different browser (crome) that is not set up to push rss links into tinyRSS I get:

  • When I am logged in, something that looks like an RSS feed
  • When I log out I get the API instructions with <error code="readapidenied" info="You need read permission to use this module" xml:space="preserve">

When I look at the error in TinyRSS it says "LibXML error 5 at line 3217 (column 1): Extra content at the end of the document"
When I copy and paste the API response into Notepad++ to count lines it only seems to have 3206.

TinyRSS allows me to access feeds with a login; using my login for this wiki makes no difference for this.

Am I going at this the wrong way? Thanks!

Related Objects

Event Timeline

Tenbergen created this task.Mar 12 2015, 1:23 AM
Tenbergen raised the priority of this task from to Needs Triage.
Tenbergen updated the task description. (Show Details)
Tenbergen subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 12 2015, 1:23 AM
Krenair added a project: MediaWiki-extensions-RSS.Mar 12 2015, 1:25 AM
Krenair edited projects, added MediaWiki-Recent-changes; removed MediaWiki-extensions-RSS.
Krenair set Security to None.
Krenair subscribed.
Aklapper changed the task status from Open to Stalled.Mar 12 2015, 2:21 PM

Have you contacted the tinytinyRSS maintainers, also to find out how to get more info about that specific "extra content"? Or how to debug / make sure whether the login was actually successful?

Also, which MediaWiki version is this about?

So far I don't see any clear MediaWiki software bug reported here, but potentially a configuration issue (either in MediaWiki or tinytinyRSS)...

Tenbergen added a comment.Mar 13 2015, 12:03 AM

I think there are two things going on. For one, the login/authentication between mediawiki and tinyRSS is not working. The api comes back with a message "You need read permission to use this module". I would be interested to know how to troubleshoot that... I don't know how to view what is going on there.

The second problem is, though, that the RSS feeder can't interpret that error as a feed and so let me know what is wrong. I don't think what comes back is formatted as a feed. Maybe I am naive, but it seems to me that a request for an RSS feed would best be countered with a "you can't have it because..." as an RSS feed. Does that make sense?

I am looking into the TinyRSS side of things.

MediaWiki 1.24.0
PHP 5.5.21 (cgi-fcgi)
MySQL 5.6.22-cll-lve

Tenbergen added a comment.Mar 16 2015, 3:02 PM

TinyRSS forums got back saying that for an authenticated feed listing to work, "http basic/digest auth" needs to be supported and that "digest authentication requires curl". Does Mediawiki work like that?

saper subscribed.Oct 21 2015, 10:24 AM

No, MediaWiki does not use basic authentication. You can use cookies if you want.

Did you check if you can still access your personal watchlist feed - from Special:Watchlist

This one uses a special token so you can bypass login.

If I understand correctly what you might need is to have a kind of token that creates a custom recent changes link for you to bypass login.

saper added a subscriber: csteipp.Oct 21 2015, 10:31 AM

@csteipp what do you think? Shall we provide an additional 'feed' token for API feedrecentchanges and feedcontributions modules? I think re-using existing watchlist or patrol tokens is not an option?

saper mentioned this in T116158: Generic token authentication for feeds.Oct 21 2015, 12:56 PM
Tenbergen added a comment.Oct 21 2015, 4:39 PM

If RSS feeds from mediawiki are to be accessible from a feed reader that is web based then cookies won't do the trick but a token would. To me, being accessible from multiple devices is one of the main benefits of a feed aggregator, so this would be a good feature.

I eventually used the work-around in https://phabricator.wikimedia.org/T76528. In our case the wiki is pretty low-key so I am not too concerned opening it up like that, especially since you still need to log on to read articles. A token would likely be better. Or at least a setting that allows me to change this preference in localsettings.

csteipp added a comment.Oct 21 2015, 7:59 PM

It seems like TinyRSS should use OAuth to consume the feed as the user in this case. I have no idea if they have a dev community that can implement that. I don't like the idea of expanding our watchlist tokens to be more generic. But obviously if there is strong demand for that, then I can look into the security of it more.

Aklapper changed the task status from Stalled to Open.Nov 18 2016, 3:57 PM
Quiddity merged a task: T54516: fdc.wikimedia.org Atom feed url for watchlist is not working in "Feedly.com" RSS reader.Nov 25 2018, 1:31 AM
Quiddity added subscribers: bzimport, Dzahn, wikibugs-l-list.
Restricted Application added a project: Growth-Team. · View Herald TranscriptNov 25 2018, 1:31 AM
kostajh moved this task from Inbox to Needs Discussion on the Growth-Team board.Nov 27 2018, 2:52 PM
JTannerWMF edited projects, added Platform Engineering; removed Growth-Team.Jan 3 2019, 3:51 PM
Restricted Application added a project: Growth-Team. · View Herald TranscriptJan 3 2019, 3:51 PM
JTannerWMF removed projects: Growth-Team, MediaWiki-Recent-changes.Jan 3 2019, 3:51 PM
Aklapper added a subscriber: JTannerWMF.Jan 3 2019, 4:15 PM

@JTannerWMF: If this is not MediaWiki-Recent-changes, which software project tag should be associated to this task?

Dzahn unsubscribed.Jan 3 2019, 4:26 PM
Anomie closed this task as Declined.Jan 4 2019, 2:26 PM
Anomie added a project: MediaWiki-Action-API.
Anomie subscribed.

Since someone dumped this on Platform Engineering...

The bottom line here is that, on a private wiki, you need to be logged in in order to access the recent changes feed. That's the permissions mechanism working correctly. A client wanting to do that is going to have to implement a supported authentication method, whether that's maintaining the login cookies, using OAuth, or something else MediaWiki might support.

As noted in T92469#1743615, adding of parameters to work like the action=feedwatchlist's wlowner and wltoken would be a possibility, but no one has called for that since and use of OAuth would likely be more secure.

Aklapper removed subscribers: Anomie, wikibugs-l-list, bzimport.Oct 16 2020, 5:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits