[12:10:57] <Phantom42>	 andre__: Do you have some free time now? It would be nice, if you could take a look at my patch :) 
[12:11:39] <Phantom42>	 Ooos, wrong channel 
[12:11:46] <Phantom42>	 Sorry
[14:52:44] <Urbanecm>	 Hello, I'm trying to login to a private MediaWiki by API
[14:52:50] <Urbanecm>	 I'm using Python 2.7 and requests module
[14:53:12] <Urbanecm>	 And this https://pastebin.com/qVMs1QWa
[14:53:18] <Urbanecm>	 Throws {"error":{"code":"readapidenied","info":"You need read permission to use this module","*":"See https://wiki.wikimedia.cz/mw/api.php for API usage"}}
[14:53:44] <Urbanecm>	 How can I login if I need read access to the api for getting read access to the api?
[14:54:03] <Urbanecm>	 MW version: 1.26.3
[14:54:07] <Reedy>	 Urbanecm: Get the syadmin to fix the permissions?
[14:54:19] <Urbanecm>	 Reedy, I'm the sysadmin...
[14:54:54] <Reedy>	 I guess $wgGroupPermissions['*']['read'] = false; has been set?
[14:55:19] <Urbanecm>	 Yes
[14:55:27] <Hauskatze>	 obvious if it is a private wiki
[14:55:54] <Reedy>	 Nothing is every obvious
[14:55:56] <Urbanecm>	 But this shouldn't prevent me (or anybody else with valid account) using the API, should it?
[14:56:08] <Reedy>	 You're trying to make a read request... when not authenticated
[14:56:19] <Reedy>	 reedy@tin:~$ mwscript eval.php officewiki
[14:56:19] <Reedy>	 > var_dump( $wgGroupPermissions['*']['read'] );
[14:56:20] <Reedy>	 bool(false)
[14:56:24] <Reedy>	 ^ private wiki, it's not true
[14:56:31] <Reedy>	 https://office.wikimedia.org/w/api.php works
[14:56:49] <Urbanecm>	 Reedy, okay, so how can I authenticate? 
[14:57:31] <Reedy>	 By fixing your wiki permissions?
[14:57:35] <Reedy>	 https://office.wikimedia.org/w/api.php?action=query&meta=tokens&type=csrf&format=jsonfm works for example
[14:57:46] <Urbanecm>	 Okay. So https://wiki.wikimedia.cz/mw/api.php?action=query&meta=tokens&type=csrf&format=json works
[14:58:01] <Hauskatze>	 ['*']['writeapi'] = true; ?
[14:58:08] <Urbanecm>	 In browser
[14:58:16] <Reedy>	 Urbanecm: Probably because you've logged in via the gui
[14:58:19] <Reedy>	 I get
[14:58:20] <Reedy>	 {"error":{"code":"readapidenied","info":"You need read permission to use this module","*":"See https://wiki.wikimedia.cz/mw/api.php for API usage"}}
[14:58:25] <Reedy>	 As completely anonyous
[14:58:27] <Reedy>	 *anonymous
[14:59:03] <Urbanecm>	 Reedy, thanks, that's moving me forward! In inkognito window it do not work for me as well
[14:59:50] <Reedy>	 'wgWhitelistRead' => [
[14:59:50] <Reedy>	 	'private' => [ 'Main Page', 'Special:UserLogin', 'Special:UserLogout' ],
[15:00:04] <Hauskatze>	 https://wiki.wikimedia.cz/mw/api.php works for me
[15:00:34] <Urbanecm>	 Reedy, that should fix it?
[15:00:38] <Reedy>	 No
[15:00:47] <Reedy>	 I'm just looking how we have it setup for wmf wikis
[15:00:53] <Urbanecm>	 Reedy, ok. 
[15:01:00] <Reedy>	 	'private' => [
[15:01:00] <Reedy>	 		'*' => [
[15:01:01] <Reedy>	 			'read' => false,
[15:01:01] <Reedy>	 			'edit' => false,
[15:01:01] <Reedy>	 			'createaccount' => false
[15:01:02] <Reedy>	 		],
[15:01:06] <Reedy>	 That... doesn't match
[15:01:32] <Reedy>	 Oh, yeah, it does
[15:01:48] <Hauskatze>	 Reedy, how's writeapi set?
[15:01:56] <Reedy>	 true
[15:01:59] <Reedy>	 Confusingly
[15:02:02] <Hauskatze>	 that's the point
[15:02:17] <Reedy>	 action=query isn't a write action
[15:02:18] <Hauskatze>	 I guess writeapi should be useapi
[15:03:40] <Urbanecm>	 Hauskatze, useapi do not exist, does it? 
[15:03:52] <Reedy>	 No
[15:03:53] <Reedy>	 * $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
[15:03:53] <Reedy>	   a future version. The API is now considered to be stable, secure and
[15:03:54] <Reedy>	   essential.
[15:03:56] <Reedy>	 in 1.31
[15:04:01] <Reedy>	 But they're the globals lol
[15:04:09] <Urbanecm>	 BTW this https://ctrlv.cz/BbLc is the settings of permissions
[15:04:33] <Reedy>	 Urbanecm: Of course, you're also running an unsupported version of MW
[15:04:33] <Reedy>	 ;)
[15:04:50] <Hauskatze>	 Urbanecm, no, it does not exist, only writeapi which seems to be the one that gave you access already?
[15:04:51] <Hauskatze>	 btw
[15:04:55] <Hauskatze>	 {
[15:04:55] <Hauskatze>	     "error": {
[15:04:55] <Hauskatze>	         "code": "readapidenied",
[15:04:56] <Hauskatze>	         "info": "You need read permission to use this module.",
[15:04:56] <Hauskatze>	         "*": "See https://office.wikimedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; for notice of API deprecations and breaking changes."
[15:05:00] <Hauskatze>	     },
[15:05:01] <Hauskatze>	     "servedby": "mw1224"
[15:05:04] <Hauskatze>	 }
[15:05:18] <Hauskatze>	 so action=query is treated as writeapi Reedy apparently
[15:05:32] <Urbanecm>	 Hauskatze, but writeapi is true...
[15:05:32] <Hauskatze>	 but to see the output you need the [read] permission?
[15:06:07] <Skizzerz>	 permissions have some overlap
[15:06:17] <Urbanecm>	 Reedy, I know, just force myself to do the update :D
[15:06:21] <Skizzerz>	 to use the API for writing, you need (at a minimum): read, edit, writeapi
[15:06:34] <Skizzerz>	 (assuming you wish to use the API for editing pages)
[15:06:55] <Urbanecm>	 Skizzerz, I want to login with my credentials and then do some editing
[15:07:05] <Urbanecm>	 and I want the wiki to stay private of course
[15:07:27] <Skizzerz>	 ok, the login action in the API doesn't require read access, so you should be able to login to the API, and then execute queries normally
[15:07:50] <Urbanecm>	 Skizzerz, ehm... We're getting to start. The login method wants a token
[15:07:58] <Skizzerz>	 yep
[15:08:02] <Urbanecm>	 And tokens should be generated by action=query
[15:08:06] <Skizzerz>	 what version of mediawiki are you running?
[15:08:10] <Urbanecm>	 1.26.3
[15:08:17] <Skizzerz>	 that's.... old
[15:08:32] <Urbanecm>	 Force myself to do the update :D
[15:08:51] <Skizzerz>	 Urbanecm: the login API was overhauled in 1.27
[15:09:00] <Skizzerz>	 and you no longer get tokens via action=query in that version and beyond
[15:09:11] <Skizzerz>	 you should upgrade, which would also fix your issue
[15:09:22] <Skizzerz>	 :)
[15:09:35] <Skizzerz>	 oh wait
[15:09:37] <Urbanecm>	 Skizzerz, thanks! I will :D
[15:09:38] <Skizzerz>	 I misread
[15:09:46] <Skizzerz>	 in 1.27+ do DO get tokens via action=query
[15:10:05] <Skizzerz>	 in 1.26 and lower you get tokens by calling action=login without a token, and it gives you the token to use in the error message result
[15:10:14] * Hauskatze forces Urbanecm to use update.php
[15:10:36] <Urbanecm>	 Hauskatze, are you sure that this will solve all potencial update-relevant issues? :D 
[15:10:40] <Skizzerz>	 1.27+ also introduces Special:BotPasswords so you can give whatever script is using the API limited permissions instead of full action to your account
[15:10:52] <Hauskatze>	 Urbanecm, nope :)
[15:11:09] <Hauskatze>	 but breaking the wikis is such fun :P
[15:12:11] <Skizzerz>	 Urbanecm: if you want another reason to upgrade, I can guarantee you that there's some unpatched security vulnerabilities in 1.26 :)
[15:12:47] <Urbanecm>	 Skizzerz, I'm just writing a mail to our maillist about updating (to avoid mails like 'it do not work, is readonly etc.')  and then will start with the updating :D
[15:13:20] <Reedy>	 Hahah
[15:13:26] <Reedy>	 There's more than some in 1.26 I bet
[15:13:50] <Skizzerz>	 including the recent composer one if you installed from git, most likely
[15:14:03] <Skizzerz>	 well, phpunit one technically
[15:14:26] <Reedy>	 heh
[15:14:42] <Reedy>	 It's ok, phpunit doesn't believe in security, as it's a developer tool
[15:15:10] <Skizzerz>	 and composer doesn't believe in giving you only required deps if you run it with no args, instead of giving you world+dog
[15:52:21] <Urbanecm>	 Skizzerz, Hauskatze, Reedy: Ok, update should be dune
[15:52:22] <Urbanecm>	 done
[15:52:29] <Urbanecm>	 But there's an exception which breaks the wiki...
[15:52:30] <Urbanecm>	 https://wiki.wikimedia.cz/wiki/
[15:52:44] <Urbanecm>	 Kritická výjimka typu means Critical exception type
[15:52:46] <Hauskatze>	 fun
[15:52:54] <Urbanecm>	 Anyone know how can I fix it? :D
[15:53:26] <Urbanecm>	 Hauskatze, not fun from my point of view ;)
[15:53:28] <Hauskatze>	 Chyba povolení
[15:53:28] <Hauskatze>	 Přejít na: navigace, hledání
[15:53:29] <Hauskatze>	 Z následujícího důvodu nemáte oprávnění přečíst tuto stránku (nezapomněli jste se přihlásit?): 
[15:53:29] <Hauskatze>	 Požadovanou činnost smějí provádět jen uživatelé ve skupinách Roboti, Členi. 
[15:53:40] <Hauskatze>	 apparently some sort of permission error
[15:54:24] <Urbanecm>	 Hauskatze, I don't see an permission error
[15:54:44] <Hauskatze>	 https://wiki.wikimedia.cz/wiki/ is what it gives to me
[15:54:48] <Urbanecm>	 I'm getting https://ctrlv.cz/nR15
[15:54:50] <Hauskatze>	 what I pasted I mean
[15:54:52] <Urbanecm>	 At the same URL
[15:55:16] <Urbanecm>	 Hauskatze ^^^^
[15:55:23] <Hauskatze>	 I cannot access that
[15:55:24] <Hauskatze>	 INET_E_RESOURCE_NOT_FOUND
[15:56:17] <Urbanecm>	 You mean the ctrlv.cz link?
[15:56:36] <Urbanecm>	 https://pastebin.com/Dy53Czmi
[15:56:39] <Urbanecm>	 Copy&paste
[15:56:52] <andre__>	 https://ctrlv.cz/nR15 works for me.
[15:57:26] <Hauskatze>	 probably they've blocked the DNS of my source
[15:58:17] <Hauskatze>	 Urbanecm, looks like a problem with temporary userrights?
[15:58:37] <andre__>	 https://www.mediawiki.org/wiki/Topic:Tye8bmq845eyhpnc comes to my mind.
[15:58:43] <andre__>	 https://github.com/wikimedia/mediawiki/blob/master/maintenance/archives/patch-user_groups-ug_expiry.sql basically.
[15:59:01] <Urbanecm>	 Thanks
[15:59:13] <Hauskatze>	 oh, was I right?
[16:01:14] <Urbanecm>	 andre__, applied manually
[16:01:16] <Urbanecm>	 Another exception
[16:01:21] <Urbanecm>	 See https://wiki.wikimedia.cz/wiki/Hlavn%C3%AD_strana
[16:02:11] <Hauskatze>	 while logged off I see no exceptions
[16:02:27] <Urbanecm>	 ...
[16:02:30] <Urbanecm>	 Forgotted
[16:02:45] <Urbanecm>	 https://pastebin.com/UMA57uv1
[16:03:29] <Hauskatze>	 hmm, echo
[16:03:51] <andre__>	 Echo, I think, yeah.
[16:03:59] <Urbanecm>	 andre__, yeah, but why? :)
[16:04:32] <Urbanecm>	 BTW you can log in with test/test123 now, I'll delete the account when this problem will be resolved
[16:04:34] <andre__>	 ¯\_(ツ)_/¯ 
[16:04:55] <Urbanecm>	 Reedy ^^^
[16:06:41] <Urbanecm>	 Danny_B, ^^
[16:06:43] <Urbanecm>	 Anyone else :D
[16:08:25] <bawolff>	 Anyone know how to submit a package to packagist in the wikimedia namespace?
[16:08:36] <bawolff>	 maybe legoktm knows?
[16:09:09] <bawolff>	 I think i need whomever owns wikimedia to approve it, but I don't know who that is
[16:11:39] <bawolff>	 hmm, https://www.mediawiki.org/wiki/Manual:Developing_libraries#Packagist_guidelines suggests I need an owner in the wikimedia github org to set it up
[16:13:10] <Hauskatze>	 bawolff, Wikimedia is owned by the Board, eh :)
[16:13:21] <bawolff>	 Hauskatze: different type of owner :)
[16:14:03] <Hauskatze>	 Urbanecm: thanks but I've no experience with this :(
[16:14:23] <Urbanecm>	 Just did it myself, it works now :D
[16:14:26] <Urbanecm>	 Thanks for your effort
[16:14:30] <Hauskatze>	 good :D
[16:14:37] <Hauskatze>	 np, happy to help when/if I can
[16:14:55] <bawolff>	 Looks like I might be able to ask reedy or addshore  (This is about https://github.com/wikimedia/mediawiki-tools-phan-SecurityCheckPlugin )
[16:16:36] <addshore>	 hi ba
[16:16:37] <addshore>	 bawolff: 
[16:16:53] <bawolff>	 hi
[16:17:15] <Hauskatze>	 https://github.com/orgs/wikimedia/people <-- I think these are the owners?
[16:17:26] <bawolff>	 Hauskatze: yes, that's correct
[16:17:33] <addshore>	 ooh, whats that plugin do?
[16:17:52] <bawolff>	 addshore: It does static analysis to try and find xss/sql injection
[16:18:22] <bawolff>	 I intend to send an email to wikitech-l about it once its in packagist and easy to install
[16:20:59] <bawolff>	 It also helps finding cases where i18n messages have the wrong format
[16:23:30] <bawolff>	 Anyways, according to https://www.mediawiki.org/wiki/Manual:Developing_libraries#Packagist_guidelines I have to "Ask an owner in the Wikimedia GitHub organization to set up a Packagist.org service hook in the GitHub repo."
[16:44:51] <addshore>	 bawolff: are we using it in CI yet?
[16:45:02] <addshore>	 i guess we should probably wait for it to be on packagist first...
[16:45:34] <bawolff>	 addshore: No. And its probably not going to be a CI thing because it does have false positives in certain circumstances which we wouldn't want to block commit on
[16:45:46] <addshore>	 bawolff: could be a non voting CI thing?
[16:46:03] <addshore>	 phan is already using the docker hosts for CI too so it wont be making anything slower
[16:46:08] <bawolff>	 That might make sense. It'd certainly be useful to know if a commit increased the number of issues
[16:46:18] <bawolff>	 Its a lot slower than phan, and kind of memory hungry
[16:46:27] <addshore>	 oooh, post commit?
[16:46:27] <bawolff>	 mediawiki core tags about 3 minutes to run
[16:46:38] <bawolff>	 and 2GB of mem on my laptop
[16:47:17] <addshore>	 hmm, we could give it a go and see
[16:47:26] <addshore>	 phan takes 2 mins in CI currently (including code checkout)
[16:55:21] <legoktm>	 bawolff: I would definitely want to make this voting/part of CI. As long as there's a way to suppress false positives (e.g. @codeCoverageIgnoreLine) then I think it'll be ok
[17:04:57] <bawolff>	 We'd definitely need to get the number of false positives for mw-core under control first (currently around 250)
[17:08:32] <bawolff>	 although false positive rate should be low for extensions. Most of the false positives are very specific regions of mw core
[18:49:00] <bawolff>	 Reedy: So the phan plugin thing is https://github.com/wikimedia/mediawiki-tools-phan-SecurityCheckPlugin
[19:02:56] <kunda_>	 Is there a way to search mediawiki without bringing up translation pages ? (MediaWiki 1.28.2) 
[19:04:05] <Zppix>	 kunda_: explain please?
[19:05:44] <bawolff>	 kunda_: So the search options are going to vary depending on what search extensions you have installed
[19:05:56] <bawolff>	 CirrusSearch (what wikimedia uses) has very different options from mediawiki default
[19:06:20] <kunda_>	 so lets say I put a search term in, the result is that many pages that have been translated with said term also appear. I'm wanting to search only in english in this example
[19:06:30] <bawolff>	 but generally speaking, the Translation: namespace can be easily excluded, but the subpages are harder
[19:06:45] <bawolff>	 I assume we're talking about translations made by Extension:Translate
[19:06:47] <kunda_>	 The current wiki I'm referring to is https://www.freecadweb.org/wiki
[19:07:03] <kunda_>	 yes, I think that is what we're running
[19:07:06] <kunda_>	 how can i check ?
[19:07:27] <bawolff>	 https://www.mediawiki.org/wiki/Help:CirrusSearch has some info on the advanced search options that apply only to CirrusSearch
[19:07:34] <bawolff>	 If you go to Special:Version on your wiki
[19:08:47] <bawolff>	 Looks like you're just using the default search, which has much less advanced options
[19:09:11] <kunda_>	 Translate	2016-10-28 (5addec5) 08:26, 13 February 2017
[19:10:14] <kunda_>	 bawolff: so you recommend doing what ?
[19:10:33] <bawolff>	 honestly, I don't think its possible to filter out translations with the default search
[19:11:23] <kunda_>	 as opposed to cirrusSearch ?
[19:13:50] <kunda_>	 bawolff: so your recommendation is cirrussearch, correct ?
[19:14:50] <bawolff>	 I think https://www.mediawiki.org/wiki/Help:CirrusSearch#Inlanguage is what you're looking for
[19:14:52] <bawolff>	 so yes
[19:14:59] <bawolff>	 CirrusSearch is not the easiest ext to install
[19:16:29] <kunda_>	 Yes, Inlanguage is what I'm looking for
[19:18:50] <kunda_>	 Looks like Elastica requires Composer which is a PHP dependency manager
[19:19:35] <bawolff>	 Its possible to install without composer, but compser is probably the best way
[19:19:49] <bawolff>	 For example, with the mediawiki/vendor.git repo
[19:19:53] <kunda_>	 How do you install without composer ?
[19:20:07] <bawolff>	 or mediawiki/core/vendor.git Can never remember which one it is
[19:20:14] <bawolff>	 you have to manually install all the dependencies
[19:21:00] <kunda_>	 is there a list of deps that I can look at ?
[19:21:26] <bawolff>	 its in the composer.json file. but you have to recursively look at each one
[19:22:09] <kunda_>	 ok.. thanks a lot bawolff 
[19:22:16] <bawolff>	 kunda_: if in your mediawiki directory, you do
[19:22:28] <bawolff>	 git clone https://gerrit.wikimedia.org/r/p/mediawiki/vendor.git vendor
[19:22:44] <bawolff>	 This will pull all of Wikimedia's dependencies, which might be enough to install cirrus without composer
[19:22:52] <bawolff>	 you'd have to first remove the existing vendor repo
[19:23:39] <bawolff>	 Note, that using the mediawiki/vendor.git repo isn't officially supported, so ymmv in the long term, but it will probably work fine as long as you remember to use the right branch that corresponds with your mediawiki version, and keep it in sync with your mediawiki version
[19:27:08] <kunda_>	 thanks bawolff :)
[20:04:41] <Ulfr>	 Does anyone know what's up with the restbase server for Math?
[20:07:23] <andre__>	 what's up with "what's up"?
[20:07:53] <Ulfr>	 It's down, giving a 503. https://api.formulasearchengine.com/v1/
[20:08:49] <Ulfr>	 I dunno if this falls under the wikimedia umbrella or if it's more of a shut up and wait till it's better situation, was just curious