Annoyed by the first concern:Security

First time in my life I am annoyed with my first preference and concern which has always been “Security”. After completing parse and query aspects of the api in codecademy I took a step towards the modifying aspect of mediawiki api.

Modification includes:

  • Creation of a user account.
  • Editing pages.
  • Adding pages to their watchlist.
  • But not deleting as most of the users are not admins.

To modify or edit a Wikipedia page, we need to issue the two following requests:

  1.  To get the action token.
  2.  To use the above token to change some page say Wikipedia:Sandbox .

I started with getting an edit token through api call by passing following json request variable                                                                                                                                 var req = {
format: ‘json’,
action: ‘query’,
prop:’info’,
intoken:’edit’,
titles:’Wikipedia:Sandbox’
};                                                                                                                                            using ajax , But I got the same warning repetitively saying,

"warnings": {
    "info": {
      "*": "Unrecognized value for parameter 'intoken': edit"
    }

I couldn’t understand the problem so i had a talk with my mentor Yuri Astrakhan and he told me its because of “callback” parameter that we use to get the data.He said it was most likely added to prevent what i am trying to do i.e  to prevent calling mediawiki api from non wiki website(in my case codecademy) as an anonymous user to edit/modify Wikipedia pages. As the above warning was unclear I filed a bug on Bugzilla.

As suggested by Yuri, the best way to solve this issue was to join the mediawiki api mailing list and send them a mail stating the current situation, so I did the same. And I got the reply from Chris Steipp suggesting “to use OAuth but if we are using WMF wiki like mediawiki.org instead of mediawiki instance then the cross-origin issues are going to make it very difficult in general, and the only way will likely be to have your javascript talk to codeacademy, and have codecademy use OAuth to access the wiki on behalf of the user. If it’s the former, then you can setup CORS between the domains, and use the api to login, and all calls with be authenticated due to the user’s session.” . It was doubtful whether we could do CORS for codecademy as there is a probability of a huge security hole.

Ahhhhhhh…. I was so ANNOYED :@ by the whole security issue and started exploring OAuth which I could understand conceptually but not its implementations.

Finally we came to one conclusion to quickly setup a simple instance on mediawiki and setup CORS on that which I am going to work on this week  with my mentor. 😀

Advertisements

Exploring Query API and Implementing Generators

Started my year with exploring query aspects of mediawiki API. Got to learn many things about Lists , Props and Meta. This was the huge module as it contains hundreds of sub-module which functions as a wrapper on top of SQL access to the internal databases. Really enjoyed making the live tutorials on all the aspects of getting data  🙂 Concepts like getting data just the users need, multiple pages, continuing queries,meta information, generators and many things are covered in my tutorial. Have a look and try some!!! .

Listing covers many facets like:

  • Performing full text search
  • Listing Wikipedia categories
  • Getting information of a Wikipedia user(s)
  • What links here functionality
  • Listing images
  • Listing pages that use a given image
  • Continuing queries
  • Geo search
  • Generators

Props covers facets like:

  • Getting multiple information in one request
  • Getting content of the revision of a page using prop=revisions
  • Getting revisions made by anonymous user
  • Accessing image information
  • Accessing page information

Meta covers:

  • Interface message information
  • Wiki information
  • User information

The above lists cover all the basic functionality although there are a lot more in the tutorial.

While exploring query API , I came to know about “Generators” , what are they?, what they do? and why we use them?

I implemented this concept in listing which shows the information about the Geo-coordinates of the Wikipedia articles.