I am an outreachy applicant working on the Outreachy Round 18: Documentation improvements to the ~20 top 70 most viewed MediaWiki Action API pages on-wiki project.
I have been working on improving the documentation of API:Rollback. The documentation states that rolling back a page requires an edit right and a rollback right.
At first, I started out with retrieving the rollback token then sending a POST request to roll back the given page (in my case Main_Page) using action=rollback which did not give me exactly what I wanted. So I decided to dig deeper then I realized that in order to roll back a page you need to have access to edit that page and if you want to edit a page, you need to be logged in first. So I added codes to retrieve a login token, a CSRF token and sent a post request to edit the Main Page. But it produced an error saying that the page was protected and I wasn’t allowed to edit it. I was curious on how the person who developed sample codes for the API: EDIT was able to edit a page without this errors so I looked at the sample codes for API:Edit and realized that the developer achieved this by editing a Sandbox page which is not protected and I was able to solve that error.
This is the error
{'error': {'code': 'permissiondenied', 'info': 'The action you have requested is limited to users in one of the groups: [[Wikipedia:Administrators|Administrators]], [[Wikipedia:Rollbackers|Rollbackers]].', '*': 'See https://test.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes.'}, 'servedby': 'mw1288'}
My code snippet.
#!/usr/bin/python3
"""
rollback.py
MediaWiki Action API Code Samples
Demo of `rollback` module: Sending post request to roll
back the last edits made to the given page.
MIT license
"""
import requests
S = requests.Session()
URL = "https://test.wikipedia.org/w/api.php"
# Step 1: Retrieve a login token
PARAMS_1 = {
"action": "query",
"meta": "tokens",
"type": "login",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_1)
DATA = R.json()
LOGIN_TOKEN = DATA['query']['tokens']['logintoken']
# Step 2: Send a POST request to log in. For this login
PARAMS_2 = {
"action": "login",
"lgname": "user_name",
"lgpassword": "password",
"format": "json",
"lgtoken": LOGIN_TOKEN
}
R = S.post(URL, data=PARAMS_2)
DATA = R.json()
# Step 3: While logged in, retrieve a CSRF token
PARAMS_3 = {
"action": "query",
"meta": "tokens",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_3)
DATA = R.json()
CSRF_TOKEN = DATA["query"]["tokens"]["csrftoken"]
# Step 4: POST request to edit a page
PARAMS_3 = {
"action": "edit",
"title": "Sandbox",
"token": CSRF_TOKEN,
"format": "json",
"appendtext": "Hello"
}
R = S.post(URL, data=PARAMS_3)
DATA = R.json()
# Step 5: Retrieve a rollback token
PARAMS_4 = {
"action": "query",
"meta": "tokens",
"type": "rollback",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_4)
DATA = R.json()
ROLLBACK_TOKEN = DATA['query']['tokens']['rollbacktoken']
# Step 5: POST request to rollback a page
PARAMS_5 = {
"action": "rollback",
"prop": "revisions",
"title": "Sandbox",
"token": ROLLBACK_TOKEN,
"user": "K6ka",
"markbot": 1,
"format": "json"
}
R = S.post(URL, data=PARAMS_5)
DATA = R.json()
print(DATA)
My question: Is this how far I can go with this? Can I be added to the Rollbackers group in order to achieve this? Are there any other ways to work around this?
I would really appreciate any help I can get. Thank you!