commonist icon indicating copy to clipboard operation
commonist copied to clipboard

Published 20 hours ago verified publisher icon ritschwumm

Deprecated token API queries

Open reedy opened this issue 4 years ago • 8 comments
trafficstars

In support of https://phabricator.wikimedia.org/T280806....

It seems commonist is doing action=query&prop=info&intoken queries. Can you update them please?

reedy avatar Aug 24 '21 15:08 reedy

thanks for the notification! i haven't looked in to the commonist's code for a long time, but i hope it's an easy change.

ritschwumm avatar Sep 12 '21 17:09 ritschwumm

The new MediaWiki version seems to be active now. Therefore Commonist does not work anymore:

API.scala:341 {"code":"missingparam","info":"The "token" parameter must be set.","*":"See https://commons.wikimedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/ for notice of API deprecations and breaking changes."}

Rodomonte-wp avatar Oct 08 '21 12:10 Rodomonte-wp

The changes are not very difficult. Basically, requests like this:

ISeq(
	"action"	-> "query",
	"format"	-> "json",
	"prop"		-> "info|revisions",
	"intoken"	-> "edit",	// provides edittoken and starttimestamp
	"rvprop"	-> "timestamp",
	"titles"	-> title
)

need to become something like

ISeq(
	"action" -> "query",
	"format" -> "json",
	"curtimestamp"-> 1,
	"prop" -> "info|revisions",
	"meta" -> "tokens",
	"titles" -> title,
	"rvprop" -> "timestamp"
)

The JSON response will change slightly (starttimestamp is now curtimestamp, the token is in query["tokens"]["csrftoken"]). See https://commons.wikimedia.org/wiki/Special:ApiSandbox#action=query&format=json&curtimestamp=1&prop=info%7Crevisions&meta=tokens&titles=Commons%3ASandbox&rvprop=timestamp for an example. The calls that use the tokens don't have to change.

You should also get your login tokens from action=query&meta=tokens&type=login.

See https://www.mediawiki.org/wiki/API:Tokens and https://www.mediawiki.org/wiki/MediaWiki_1.37/Deprecation_of_legacy_API_token_parameters for more details.

AntiCompositeNumber avatar Oct 09 '21 00:10 AntiCompositeNumber

yeah, it seems i have to use a different api to get the tokens, that's what was delaying me when i first tried. and the way all this is currently implemented sucks, of course. past me was not that good as a scala programmer :/

ritschwumm avatar Oct 09 '21 07:10 ritschwumm

it seems i should use a bot password for the commonist - a bit mor work for the users, but probably worth the added security. what do you think?

ritschwumm avatar Oct 09 '21 18:10 ritschwumm

Since several Java-Programs are affected. I reported it upstream: https://phabricator.wikimedia.org/T298340

JoKalliauer avatar Dec 27 '21 20:12 JoKalliauer

sigh i actually have the code ready, i just can't bring my self to try it out and see whether it works :/

ritschwumm avatar Dec 27 '21 21:12 ritschwumm

What’s the status for the code? Could it be committed to let us test it out?

aaronliu0130 avatar May 22 '23 17:05 aaronliu0130