Last modified: 2012-09-14 17:24:11 UTC
Hello, it seems to me that the MediaWiki::API does not allow to connect to a Wiki when using the Auth_remoteuser module (using Basic Authentication). I tried extending the MediaWiki::API->new() method by adding a $ua->credentials( 'URL:80', 'Domain', 'user' => 'password' ); But I still get a 2: 401 Unauthorized : error occurred when accessing http://test.server.com/wiki/api.php after 1 attempt(s) at D:\website\wiki\extensions\EmailToWiki\EmailToWiki.pl line 166. Do you have any plan to implement this feature? Thanks, Roberto.
Are you reporting a bug against the MediaWiki::API Perl module, or against api.php itself?
(In reply to comment #1) > Are you reporting a bug against the MediaWiki::API Perl module, or against > api.php itself? Maybe even against the extension itself.
Well, I'm not sure whether you can consider it a bug or simply a new feature but it certainly against the "MediaWiki::API Perl module"
(In reply to comment #3) > Well, I'm not sure whether you can consider it a bug or simply a new feature > but it certainly against the "MediaWiki::API Perl module" In that case, you're in the wrong place. This bug tracker is only for MediaWiki and its extensions. We don't maintain the perl module and don't track bugs for it.
MediaWiki maintainers here say this is a CPAN MediaWiki::API Perl module problem. However at the CPAN site they say the opposite: https://rt.cpan.org/Public/Bug/Display.html?id=71501 I say both sets of maintainers have not spent any significant time looking at where this problem lies. Could you at least take a look on your side? Thanks, Bruce
Oh, and if you have definitive evidence that the problem is on the other side, could you update the problem ticket at the CPAN site? Thanks, Bruce
Finally, I'll add that just the basic format of the action=login API URL tells me that the API is assuming authentication in the URL which means it is not supporting HTTP Basic authentication which is what Auth_remoteuser, a MediaWiki extension, is designed to support. So I think we have an incompatibility between the API and the extension, both of which are Wikimedia's. Is it possible for the maintainers within both areas to work together? As a use case, I have an Apache web server that does authentication against Active Directory - I use Auth_remoteuser to import data such as the user name and email address from the LDAP information. This is very useful since new MediaWiki accounts are automatically created and populated while the user only has to enter their AD credentials. This includes skipping the email verification step. Thanks, Bruce
After some digging I've found the opposite, that indeed the API as written does not require action=login and that, with the Auth_remoteuser extension configured, you can hit other action=X URLs with a browser, Apache will properly respond with a 401 Unauthorized, the browser will prompt for a username/password, then Apache and the api.php will deliver a proper API response page as expected. This means that indeed the CPAN MediaWiki::API module must be the location of the incompatibility - it must assume that an action=login request must proceed any other request. I'll start digging there. Thanks, Bruce
