I'm trying to use the readinglists setup command and running in to a permission denied message.
I think the problem is that my bot does not have editmyprivateinfo enabled.
I posted the topic below at https://www.mediawiki.org/wiki/Extension_talk:ReadingLists and was hoping for some feedback
Now that I think about it, it looks like Special:BotPasswords requires editmyprivateinfo be set by the user before a bot password is created. If a bot had this permission, then it could set its own password, which might be bad. This suggests that perhaps the ReadingList functionality should use a different permission?I'm trying to use the readinglists setup command and running in to a permission denied message.
I think the problem is that my bot does not have editmyprivateinfo enabled.
_ChristopherBelow are the details.
This is a bit of a newbie question as I'm just starting out with the api. Please forgive me if this is not the right place to start this discussion. I considered adding something to Phabricator, but this issue is more of a user problem then a problem with the software.
Anyway...
I have a test program where I get a login token, login, get a csrf token and then call setup.
#!/opt/local/bin/python3
"""
setup.py
Invoke the readinglists setup command
MIT License
"""
import requests
URL = "https://en.wikipedia.org/w/api.php"
#URL = "https://www.mediawiki.org/w/api.php"
S = requests.Session()
# Retrieve login token first
PARAMS_LOGIN_TOKEN = {
'action':"query",
'meta':"tokens",
'type':"login",
'format':"json"
}
R = S.get(url=URL, params=PARAMS_LOGIN_TOKEN)
DATA = R.json()
LOGIN_TOKEN = DATA['query']['tokens']['logintoken']
print("Got logintoken")
# Send a post request to login. Using the main account for login is not
# supported. Obtain credentials via Special:BotPasswords
# (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
PARAMS_LOGIN = {
'action':"login",
'lgname': BOT_NAME_HERE,
'lgpassword': BOT_PASSWORD_HERE,
'lgtoken':LOGIN_TOKEN,
'format':"json"
}
R = S.post(URL, data=PARAMS_LOGIN)
DATA = R.json()
print("After login")
print(DATA)
# GET the CSRF Token
PARAMS_CSRF = {
"action": "query",
"meta": "tokens",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_CSRF)
DATA = R.json()
CSRF_TOKEN = DATA['query']['tokens']['csrftoken']
# Call setup
PARAMS_SETUP = {
"action": "readinglists",
"command": "setup",
"format": "json",
"token": CSRF_TOKEN
}
print("About to setup")
R = S.post(URL, data=PARAMS_SETUP)
print("After attempting to call setup")
print(R)
print(R.text)
The message I get is:bash-3.2$ ./setup.py
Got logintoken
After login
{'login': {'result': 'Success', 'lguserid': 208882, 'lgusername': 'Cxbrx'}}
About to setup
After attempting to call setup
<Response [200]>
{"error":{"code":"permissiondenied","info":"You don't have permission to edit your private information.","*":"See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."},"servedby":"mw1316"}
bash-3.2$
In a separate script, I'm able to retrieve my readinglists, so I know that logging in is working.
I think the problem is that my bot does not have editmyprivateinfo enabled.
Looking at the code, I can see ApiReadingLists.php at https://github.com/wikimedia/mediawiki-extensions-ReadingLists/blob/869ffc5462fd33303ea8a822040704ef4489bec0/src/Api/ApiReadingLists.php checks for editmyprivateinfo
Does anyone know if editmyprivateinfo is the problem? If so, is it possible to enable it for a bot?