MediaWiki: Getting "readapidenied" error instead of login token - api

That's a quite puzzling problem. I've multiple MediaWiki installations. In this specific case: Version 1.34.
Now I can login to all of these MediaWikis. Everything works fine.
Now I can access all of these MediaWikis via API --- EXCEPT ONE. The strange thing is: All of them are configured almost identical. I even copied the configuration from one wiki where everything was working to the second wiki.
To be more precise. If I send ...
/wikiA/api.php?action=query&meta=tokens&format=json&type=login
... I get a very reasonable answer, e.g.:
{"batchcomplete":"","query":{"tokens":{"logintoken":"37ec2e690eeb48a10ac66b2ccbca2b576000f9f4+\\"}}}
If I send ...
/wikiB/api.php?action=query&meta=tokens&format=json&type=login
... I get the following answer, e.g.:
{"error":{"code":"readapidenied","info":"You need read permission to use this module.","*":"See http://xxx.xxx.xxx.xxx/wikiB/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."}}
This can be reproduced using any web browser.
Q: What could be the reason that on this wikiB I even can't access the normal login module? It can't be the configuration. It's almost completely identical. It can't be the source code. I ran a diff on the PHP files and found no significant differences. What could be wrong here? It seems it must be something with the database. But how do I approach this? Does anyone have an idea? I would appreciate it very much if you could help!

I analyzed the data base: No difference. I did more research using google: And found a bug report.
It's a bug in MediaWiki. They provided an official software release with THAT kind of bug.
It turnes out there is a 1.34.0 version and a 1.34.1 version. My WikiA has 1.34.1 while WikiB had 1.34.0. After copying this one single file includes/api/ApiQuery.php from WikiA to WikiB and everything worked fine.
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/580097/

Related

IT-Hit WebDAV Library: passing Access-Token from webapp through WebDAV-Client to webDAV-Server possible?

I am currently working on a POC and made quite a lot of progress thanks to IT-Hit WebDAV Library.
However, I am currently stuck at the authentication. I am using the "OnBeforeRequestSend"-Hook to add my authentication header containing my current access-token. This approach works very well for all the request coming from my webapp.
Nevertheless, the problem I am facing right now is, that I lose the authentication-token for every request from the webdav-client...
In order to tell the webdav-client apart from any other website, I thought about using the User-Agent-Header to determine what behavior the server is going to exhibit.
To be exact: I thought about only checking the token when the user-agent is not "Microsoft Office ...".
Since this solution seems very error prone, I wanted to ask If there is another way to pass the authentication-header from my webapp through the webdav-client to the webdav-server, so that i can validate/verify every request to webdav-server independently of the source (webapp or webdav-client)?
My current stack is:
WebApp written in TypeScript
WebDAV-Server written in .Net
thanks and best regards,
greenbird
Look into implementing MS-OFBA, this will work as you desire.

Can't upload new product image backend prestashop

I need a little help here, i hope someone here can help me for a hint or clue.
First of all, I'm not programmer. I'm just web admin who can use cms and basic html.
I was using PrestaShop for my online shop. In the backend, I can't upload new product image anymore.
The error just blank without any sign for me. Here for the screenshot:
I appreciate it, if someone can help me, thanks, and sorry for my english.
#PanjiWiyono This errors don't really give us a quality information, but this is a start. In your JS code should be a ajax query that has an error when converting results to json (first error). You should check what's the exact error that this request is returning by inspecting in browser developer console.
If you detect that the second error is in fact, the response of this ajax query, well now we almost have the problem.
The second error should be related to data size. Check this: Error while sending QUERY packet
Anyway, you should check DbPDO.php class. You can use debug_backtrace function to display the complete stack, but definitly if error is related to a basic PHP class issue you will have not help knowing wich classes are in calling stack.
Good luck.
Simple solution
maybe a extra module is in a conflict with the prestashop core files. go to advanced parameters, performance and disable third party modules and try again.
other option is reupload admin folder with other name and
js folder check again
hope it will work for you

Jira V6.0+ creating a project over REST API

I've got a problem: I'm working on an external webinterface for my company and we use Atlassians JIRA as a project issue and tracking method. I am trying to connect our webinterface over the REST API. After a short research I found out, that Atlassian never implemented the possibility to create a new JIRA Project over their REST API. Well, that isn't that true, they've implemented it in the actual version (7.0) because they migrated their other two APIs to one REST API. Now comes my problem: We are currently unable to upgrade from version 6.4.4 to version 7.0.0. After a second search I found a workaround for this problem. You can find it here:
The real problem is that this workaround isn't working or I'm doing it wrong.
I've already tried it with a GET request and the given arguments as parameters and over the normal POST method with a JSON body in it.
What's my problem?
Here some more informations: When I try it over GET, I always receive the normal response for the URL (it returns a list with all available templates). When I try it over POST with a JSON body (this is by the way the normal method for the normal functions of the REST API) I get back a HTTP-Error 415 Unsupported media type.
it would be nice if someone could test this workaround with a 6.0+ version of JIRA
So after some months I got it by myself. You have to make a POST request with the following header fields:
Content-Type=application/x-www-form-urlencoded; charset=UTF-8
Authorization=Basic {set your credentials as a Base64-String: "user:password"}
X-Atlassian-Token=nocheck
Once done you can set your POST-Parameters to the following:
name=Name of the Project
key=Key of the Project
lead=Leader of the Project
keyEdited=true (don't change it!)
projectTemplateWebItemKey=com.atlassian.jira-legacy-project-templates:jira-blank-item (don't change it!)
projectTemplateModuleKey=com.atlassian.jira-legacy-project-templates:jira-blank-item (don't change it!)
Hope that this helps someone, Jira is just weird in some cases :/

Opera Next extension autoupdate via update_url

I got problem with my company internal extension. They don't want to publish it, as it does gather data on external server. So I need to host it myself... but would like not to lose ability of autoupdate.
As far as I read I need to use update_url in manifest, but nothing more is said in Opera documentation...
"update_url": "http://path/to/updateInfo.xml", - as it is said in documentation page
Ok... and what should I put in that xml? Will it autoupdate or just notify users about new updates? Where do I put rest of updated files?
I tried to concat Opera itself about this question, but they don't give any contact information except something like if you have problem, ask on stackoverflow... so here I am.
If it does not work, I was thinking about really BAD method, using unsafe-eval and keeping newest version in local storage... but would rather like to avoid that.
In general the behavior is the same as for Chrome. You can base on this document: https://developer.chrome.com/extensions/autoupdate

Is _method=DELETE really supported?

I just noticed that my application can not remove a like on a media object. My code for liking / unliking is identical except I add the parameter _method=DELETE to the unlike case (both use POST). The documentation states that this is supported, and it's pretty common for RESTful API given the lack of support in most browsers for DELETE. I've tried in from the Apigee console too, and the same problem seems to exist, however DELETE does seen to work. I'd attach screenshot from the Apigee console, but apparently I need more points or something.
Yes, this is really supported, but it has been broken since February 3rd. It has now been fixed!