Last modified: 2012-07-21 14:49:36 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T40190, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 38190 - API help docs should document "token" as param-required for modules that use tokens


Summary:	API help docs should document "token" as param-required for modules that use ...

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	API (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-07-05 08:05 UTC by MZMcBride
Modified:	2012-07-21 14:49 UTC (History)
CC List:	6 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2012-07-05 08:05:37 UTC

Looking at <https://www.mediawiki.org/w/api.php>, the auto-generated documentation for action=patrol reads:

---
* action=patrol *
  Patrol a page or revision

This module requires read rights
This module requires write rights
This module only accepts POST requests
Parameters:
  token               - Patrol token obtained from list=recentchanges
  rcid                - Recentchanges ID to patrol
                        This parameter is required
---

The token parameter is required with action=patrol, so it should be marked as such (with the text "This parameter is required").

This same problem (token parameter not being marked as required) may apply to a few other parts of the MediaWiki API's auto-generated documentation. For now, I'm focused on action=patrol.

Comment 1 Krinkle 2012-07-05 08:09:03 UTC

None of the API modules that use the built-in method for token handling are have their "token" parameter documented as "This parameter is required".

The built-in (and recommended) method is:
- getTokenSalt(): string
- needsToken(): true

e.g. ApiBlock, ApiDelete, ApiEdit, ApiPatrol.

Comment 2 Umherirrender 2012-07-05 16:06:38 UTC

Sounds like a good idea, but you cannot set it for all modules with a token, because modules with "gettoken" (like block/unblock) needs a optional token param.

Comment 3 Umherirrender 2012-07-07 06:29:36 UTC

Done for core with Gerrit change #14608

Comment 4 Krinkle 2012-07-08 22:46:17 UTC

(In reply to comment #2)
> Sounds like a good idea, but you cannot set it for all modules with a token,
> because modules with "gettoken" (like block/unblock) needs a optional token
> param.

The modules have needsToken: return true;

And ApiBase:

		if ( $params ) {
			foreach ( $params as $paramName => $paramSettings ) {
				if ( isset( $paramSettings[ApiBase::PARAM_REQUIRED] ) ) {
					$ret[] = array( 'missingparam', $paramName );
				}
			}
		}
		/* .. */
		if ( $this->needsToken() ) {
			$ret[] = array( 'missingparam', 'token' );
		/* .. */

So it looks like this isn't working properly?

Comment 5 Umherirrender 2012-07-13 14:25:32 UTC

(In reply to comment #4)
> So it looks like this isn't working properly?

It works (you have to set the user param, but it works), you get the token and a warning about "The gettoken parameter has been deprecated.".

You code snap is from method ApiBase::getPossibleErrors which only gets all possible errors for action=paraminfo. it will never trigger the error.

In ApiMain::setupModule the check for the token param exist.

It looks like needsToken is superseeded by getTokenSalt.

Comment 6 Umherirrender 2012-07-21 14:49:36 UTC

successfully merged for core (under that this bug was filled)

Please create seperate bugs for extensions. Thanks.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links