How to create an account using the MediaWiki Action API on a wiki with special authentication extensions installed?

api
mediawiki

#1
  • For operating on MediaWiki or Test Wikipedia, both of which seems to have OATHAuth extension, it looks like we need to refer to the complex example. Is that correct?
  • If the above is true, then I’ve two more related questions:
{
                   "id": "CaptchaAuthenticationRequest",
                    "metadata": {
                        "type": "image",
                        "mime": "image/png"
                    },
                    "required": "required",
                    "provider": "CaptchaAuthenticationRequest",
                    "account": "CaptchaAuthenticationRequest",
                    "fields": {
                        "captchaId": {
                            "type": "hidden",
                            "value": "1553503948",
                            "label": "CAPTCHA ID",
                            "help": "This value should be sent back unchanged."
                        },
                        "captchaInfo": {
                            "type": "null",
                            "value": "/w/index.php?title=Special:Captcha/image&wpCaptchaId=1553503948",
                            "label": "To help protect against automated account creation, please enter the words that appear below in the box ([[Special:Captcha/help|more info]]):",
                            "help": "Description of the CAPTCHA."
                        },
                        "captchaWord": {
                            "type": "string",
                            "label": "CAPTCHA",
                            "help": "Solution of the CAPTCHA."
                        }
                    }
                },

#2

OATHAuth is not involved in registration but captcha (ConfirmEdit extension) is so the simple example would not work. (As opposed to login, where we don’t ask for a captcha, except for some special circumstances, like lots of failed login attempts from the same IP).

The captchaInfo field in the authmanagerinfo response gives you the URL of the captcha, and you have to send the ID (captchaId) and the solution (captchaWord) back,

The thing is, this API wasn’t meant for human consumption as much as automatically building a user interface (so the field definitions roughly correspond to form fields: a hidden field, some plain text, then an input field),


#3

So does this mean I can use any of type of captcha such as recaptcha?


#4

On your own wiki, you can. If you are creating an account on a Wikimedia wiki, those use FancyCaptcha.


#5

okay, Thanks.
I will inform you if I run into any other problem concerning this.


#6

Hello Tgr,
I am following the guidelines here: https://www.mediawiki.org/wiki/Extension:ConfirmEdit#FancyCaptcha to use the FancyCaptcha to authenticate account creation using the Mediawiki API, and I tried to download the python imagery library from this link http://www.pythonware.com/products/pil/ which was referenced in the ConfirmEdit documentation but it is only available for python 2.
I also tried to install it manually using pip install pil but it produces this error: Could not find a version that satisfies the requirement pil (from versions: ) No matching distribution found for pil is there any other way to go about this?


#7

@Didicodes I am not sure why you are following that complicated process. The instructions you are following are for when you want to create account on your MediaWiki installation. As you are writing the sample code for account creation on a Wikimedia wiki, from what I understand you can use the Step 1 in the module documentation here: https://www.mediawiki.org/w/api.php?action=help&modules=createaccount and fetch fields available via authmanagerinfo module. As @Tgr has explained above, from the response output you will get, you can use the value in the captchaInfo field which is a URL to a captcha image that you can display to the user (like /w/index.php?title=Special:Captcha/image&wpCaptchaId=1553503948 in an example response below).

"captchaInfo": {
     "type": "null",
     "value": "/w/index.php?title=Special:Captcha/image&wpCaptchaId=1553503948",
     "label": "To help protect against automated account creation, please enter the words that appear below in the box ([[Special:Captcha/help|more info]]):",
     "help": "Description of the CAPTCHA."
},

#8

okay @srishakatux Noted


#9

Are captcha id’s generated? if yes? how?
Is it almost like generating a login token which keeps producing a new token every time you reload the page. I am asking because I think the id expires after some time. For example this link: https://www.mediawiki.org/w/index.php?title=Special:Captcha/image&wpCaptchaId=2048772648 keeps producing this error Request Error Requested bogus captcha image although I got to see the image the first time I tried.
@Tgr @srishakatux


#10

Yeah, they are just random tokens. They expire with the session, or when submit a solution to the captcha.
(Login tokens also expire with the session; they are not regenerated every time you request them.)


#11

oh okay. Noted. @Tgr but how can I generate the tokens to get the captcha image?


#12

@Didicodes See Step 1 here https://www.mediawiki.org/w/api.php?action=help&modules=createaccount, and that explains it all. You don’t have to generate any token to get the captcha image.