Hello,
I am using MediaWiki 1.28.0.
I want to provision new users (create new accounts) in MediaWiki using the API. The provisioning will be driven by a callout from another service (a registry that enrolls and manages users in a project using the wiki). Users do not participate directly in the provisioning.
I have set up my client as an OAuth Owner-only consumer as detailed at
https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers
I am able to request an account creation token using this code:
$oauth = new OAuth( $consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION ); $oauth->setToken( $accessToken, $accessSecret );
$oauth->fetch(' https://myserver/w/api.php?action=query&meta=tokens&type=createaccou...', null, OAUTH_HTTP_METHOD_PUT);
$response = json_decode($oauth->getLastResponse(), true);
When I execute that code the $response is, for example,
Array ( [batchcomplete] => [query] => Array ( [tokens] => Array ( [createaccounttoken] => 8f9c1c7c2b38918cb5caac5c87dd2084585bf6c3+\ )
)
)
Note the end of the token include +\
First question: Is that form of the token, specifically having +\ at the end, correct and expected?
If I then take that token and execute
$createAccountToken = $response['query']['tokens']['createaccounttoken'];
$oauth->fetch(" https://myserver/w/api.php?action=createaccount&format=json&name=Foo...", null, OAUTH_HTTP_METHOD_PUT);
I receive
{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}
Second question: What am I doing wrong when invoking the createaccount action?
I am following documentation at
https://www.mediawiki.org/wiki/API:Account_creation
but it is not clear to me which parts of that page may be deprecated and precisely how I should provision a new account.
I appreciate any insights.
Thanks,
Scott K
On Thu, Dec 22, 2016 at 11:16 AM, Scott Koranda skoranda@gmail.com wrote:
First question: Is that form of the token, specifically having +\ at the end, correct and expected?
Yes. They were included years ago, I believe to help catch data corruption introduced by broken proxies.
If I then take that token and execute
$createAccountToken = $response['query']['tokens']['createaccounttoken'];
$oauth->fetch("https://myserver/w/api.php?action= createaccount&format=json&name=FooBar&email=foobar@ gmail.com&realname=FooBar&mailpassword=false&reason= provisioning&language=en&token=$createAccountToken", null, OAUTH_HTTP_METHOD_PUT);
I receive
{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}
Second question: What am I doing wrong when invoking the createaccount action?
Two things:
1. The parameter is named "createtoken", not "token". 2. You're not urlencoding it.
I am following documentation at
https://www.mediawiki.org/wiki/API:Account_creation
but it is not clear to me which parts of that page may be deprecated and precisely how I should provision a new account.
I should update that page for AuthManager. In the mean time, account creation in 1.27 and later works much like action=clientlogin, as documented at https://www.mediawiki.org/wiki/API:Login#The_clientlogin_action. See also https://www.mediawiki.org/w/api.php?modules=createaccount for the auto-generated documentation.
$createAccountToken = $response['query']['tokens']['createaccounttoken'];
$oauth->fetch("https://myserver/w/api.php?action=createaccou nt&format=json&name=FooBar&email=foobar@gmail.com& realname=FooBar&mailpassword=false&reason=provisioning& language=en&token=$createAccountToken", null, OAUTH_HTTP_METHOD_PUT);
I receive
{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}
Second question: What am I doing wrong when invoking the createaccount action?
Two things:
- The parameter is named "createtoken", not "token".
- You're not urlencoding it.
Thank you.
I am now sending this:
$createAccountToken = $response['query']['tokens']['createaccounttoken'];
$createAccountTokenEncoded = urlencode($createAccountToken);
$oauth->fetch(" https://myserver/w/api.php?action=createaccount&format=json&name=Foo...", null, OAUTH_HTTP_METHOD_POST);
But I see this error:
{"error":{"code":"createmustpostparams","info":"The following parameters were found in the query string, but must be in the POST body: createtoken","*":"See https://myserver/w/api.php for API usage"}}
I then try
$parameters = array('createtoken', $createAccountTokenEncoded);
$oauth->fetch(" https://myserver/w/api.php?action=createaccount&format=json&name=Foo...", $parameters, OAUTH_HTTP_METHOD_POST);
but I see this error:
{"error":{"code":"createnotoken","info":"The token parameter must be set","*":"See https://myserver/w/api.php for API usage"}}
Should the createtoken be passed as part of the query string or in the POST body?
I am following documentation at
https://www.mediawiki.org/wiki/API:Account_creation
but it is not clear to me which parts of that page may be deprecated and precisely how I should provision a new account.
I should update that page for AuthManager. In the mean time, account creation in 1.27 and later works much like action=clientlogin, as documented at https://www.mediawiki.org/wiki/API:Login#The_ clientlogin_action. See also https://www.mediawiki.org/w/ api.php?modules=createaccount for the auto-generated documentation.
Thanks. I confess, however, that I am having difficulty understanding the auto-generated documentation.
If you have time and could point me to the source code for the createaccount action I will examine it and see if I can discern what I should be passing in.
Thanks,
Scott K
I then try
$parameters = array('createtoken', $createAccountTokenEncoded);
Sorry. This should be
$parameters = arrary('createtoken' => $createAccountToken);
I then see
{"error":{"code":"createcreatemissingparam","info":"At least one of the parameters createcontinue, createreturnurl is required","*":"See https://myserver/w/api.php for API usage"}}
I will continue to work to understand the details for how to invoke the createaccount action.
Thanks,
Scott K
Have you tried using the API sandbox? It's a less painful way of exploring the API. https://en.wikipedia.org/wiki/Special:ApiSandbox
Have you tried using the API sandbox? It's a less painful way of exploring the API. https://en.wikipedia.org/wiki/Special:ApiSandbox
Thank you Gergo. I agree that it is an elegant and helpful tool.
Cheers,
Scott K
On Thu, Dec 22, 2016 at 4:33 PM, Scott Koranda skoranda@gmail.com wrote:
Should the createtoken be passed as part of the query string or in the POST body?
POST body.
If you have time and could point me to the source code for the createaccount action I will examine it and see if I can discern what I should be passing in.
https://phabricator.wikimedia.org/diffusion/MW/browse/master/includes/api/Ap..., although you'll probably quickly find your way to other files.
BTW, I updated https://www.mediawiki.org/wiki/API:Account_creation for MediaWiki 1.27 and later.
On Thu, Dec 22, 2016 at 4:33 PM, Scott Koranda skoranda@gmail.com wrote: BTW, I updated https://www.mediawiki.org/wiki/API:Account_creation for MediaWiki 1.27 and later.
Thank you. That is quite helpful. I appreciate your time.
I am now able to provision new accounts in the way that I need to in order to support my use case.
I did notice that new documentation does not call out that one may need to send the password (and retype) in the POST body rather than in the query string. Is that an oversight? If so, may I edit the page and add that level of detail? (I appear to have the necessary editing rights but since I am new to the community I am unclear on the style and level of detail you want to maintain).
For the archives, here is some example working code. Again, I am using the MediaWiki OAuth extension with an "Owner-only" consumer for authentication for this client:
$consumerKey = 'ffffd455ba9fb5fe8ad152e71045f3e8'; $consumerSecret = 'ffff674c4e75a8ba6bfcc77c564e81e929199e'; $accessToken = 'ffff6e60f77c7ad9dcfd11fd996b86'; $accessSecret = 'ffff70c9a21c6a1609a1c3715014012be56e292';
$base = "https://myserver/w/api.php";
$oauth = new OAuth( $consumerKey, $consumerSecret, OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_AUTHORIZATION ); $oauth->setToken( $accessToken, $accessSecret );
$queryData = array(); $queryData['action'] = 'query'; $queryData['meta'] = 'tokens'; $queryData['type'] = 'createaccount'; $queryData['format'] = 'json';
$url = $base . "?" . http_build_query($queryData);
$oauth->fetch($url, null, OAUTH_HTTP_METHOD_POST);
$response = json_decode($oauth->getLastResponse(), true);
$createAccountToken = $response['query']['tokens']['createaccounttoken'];
$parameters = array(); $parameters['createtoken'] = $createAccountToken; $parameters['password'] = "CsmfeVCSaKK4gzOUYgpD"; $parameters['retype'] = $parameters['password'];
$queryData = array(); $queryData['action'] = 'createaccount'; $queryData['format'] = 'json'; $queryData['createreturnurl'] = "https://myserver.com"; $queryData['username'] = "Foo Bar"; $queryData['email'] = "foobar@some.domain"; $queryData['realname'] = "Ms Foo Bar"; $queryData['reason'] = "provisioning";
$url = $base . "?" . http_build_query($queryData);
$oauth->fetch($url, $parameters, OAUTH_HTTP_METHOD_POST);
$response = $oauth->getLastResponse();
This returns
{"createaccount":{"status":"PASS","username":"Foo Bar"}}
Thanks,
Scott K
On Fri, Dec 23, 2016 at 9:56 AM, Scott Koranda skoranda@gmail.com wrote:
On Thu, Dec 22, 2016 at 4:33 PM, Scott Koranda skoranda@gmail.com
wrote:
BTW, I updated https://www.mediawiki.org/wiki/API:Account_creation for MediaWiki 1.27 and later.
Thank you. That is quite helpful. I appreciate your time.
I am now able to provision new accounts in the way that I need to in order to support my use case.
I did notice that new documentation does not call out that one may need to send the password (and retype) in the POST body rather than in the query string. Is that an oversight? If so, may I edit the page and add that level of detail? (I appear to have the necessary editing rights but since I am new to the community I am unclear on the style and level of detail you want to maintain).
Feel free.
mediawiki-api@lists.wikimedia.org