mediawiki API does not see the csrf token - post

When running my own mediawiki on localhost I run into a problem with the api endpoint for editing a page. The api works fine otherwise. For instance when querying tokens I get the following output:
$ curl "http://localhost/api.php?action=query&meta=tokens&type=createaccount|csrf|login&format=json"
{"batchcomplete":"","query":{"tokens":{"createaccounttoken":"1e5c2ce3f9e12fdab05a0e6e6352da3162644214+\\","csrftoken":"+\\","logintoken":"35ee2e6ccbbd654bcfada9cddab07f7662634214+\\"}}}
Interestingly the csrftoken has the strange value '+\\', which also seems to be appended to the logintoken.
When posting an edit action (for an existing page called Alice) with this token I get the reponse that the token is missing from the post body. But it's not missing, or is it?
$ curl -X POST "http://localhost/api.php?action=edit&title=Alice&summary=test&text=article&baserevid=0&token=+\\&format=json"
{"error":{"code":"mustpostparams","info":"The following parameter was found in the query string, but must be in the POST body: token.","*":"See http://localhost/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."}}
Then I followed this advice and added the cookie-jar option to make the curl request from the same session, but it gave the same error response. Any ideas?
By the way I used the docker.io/bitnami/mediawiki:1 docker image together with a mariadb to set up my mediawiki.

The following parameter was found in the query string, but must be in the POST body
I'm not very familiar with curl but it seems that you are sending a post request with the params in the query part. Try sending them in the post body as the error suggests:
curl --data "action=edit&title=Alice&summary=test&text=article&baserevid=0&token=+\\&format=json" http://localhost/api.php

Related

Does YouTube support oEmbed?

This suggests it does :
https://youtube-eng.googleblog.com/2009/10/oembed-support_9.html
But I'm getting nothing back when I do, say
curl "https://www.youtube.com/oembed" -d 'format=json' -d 'url=https://www.youtube.com/watch?v=uXBDgLglFig'
Does anyone know if the oembed API has been deprecated?
You're making a POST request with those options you're passing to curl. You need to make a GET request instead, like so:
curl 'https://www.youtube.com/oembed?format=json&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DuXBDgLglFig'
Note that the URL parameter must be URL encoded. How you do that depends on what language you're using to make the request.

Medium API: method missing to list posts?

I see a lot of useful methods in the API, but I don't find any method to list all my Posts, or all the posts from within a publication. Is this intentional?
Thought it would be something really obvious to exist in the API. Or am I missing something?
Got it, just use the RSS feed instead.
I wrapped a Github package by #mark-fasel into a Clay microservice that enables you to do exactly this:
Simplified Return Format:
https://clay.run/services/nicoslepicos/medium-get-users-posts-simple
What Medium actually returns at the endpoint
https://clay.run/services/nicoslepicos/medium-get-users-posts
I put together a little fiddle, since a user was asking how to use the endpoint in HTML to get the titles for their last 3 points:
https://jsfiddle.net/h405m3ma/1/
You can call the API as:
curl -i -H "Content-Type: application/json" -X POST -d '{"username":"nicolaerusan"}' https://clay.run/services/nicoslepicos/medium-get-users-posts-simple
You can also use it easily in your node code using the clay-client npm package and just write:
Clay.run('nicoslepicos/medium-get-users-posts-simple', {"username":"usernameValue"}) .then((result) => {
// Do what you want with returned result console.log(result);
})
If you need to generally pull down an RSS feed, here's a microservice for that:
https://clay.run/services/nicoslepicos/rss-to-json

Posting attachments to Slack API

So I just understood that the Slack Web API does not support JSON data over POST. Which means I have to encode my complex and nested JSON object to fit in query parameters over GET. Problem is, the attachements don't seem to work. Does anyone have a solution ?
So I just understood that the Slack Web API does not support JSON data over POST. Which means I have to encode my complex and nested JSON object to fit in query parameters over GET.
I'm not sure I follow what you mean. You can certainly use POST. The body of a Slack API call should be form-encoded, but parameter values are sometimes JSON (as is the case for attachments).
Here's a working curl command that uses HTTP POST to post a message with a simple attachment.
$ curl -d token=<REDACTED> -d channel=<REDACTED> \
-d text="This is the main text." \
-d attachments='[{"text": "This is an attachment."}]' \
https://slack.com/api/chat.postMessage
I'd recommend using POST, but GET also works fine. If you fill in the values in https://api.slack.com/methods/chat.postMessage/test, the tool will give you a URL at the bottom that you can use with HTTP GET.

Constructing an HTTP POST request using Curl and Postman

I have been using curl & Postman on Chrome to send http POST requests with one variable to an simple HTTP server I have running and I have noticed that they construct the requests slightly differently. Apologies if I might have used any incorrect terminology in constructing the question - I'm still learning this stuff.
Using Postman, the request is constructed by putting a '?' between the resource name and the variable. E.g.
http://192.168.0.2:9999/1/command?a=b
However, the following curl command:
curl -X POST http://192.168.0.2:9999/1/command --data a=b
does not put a '?' between the resource name and the variable.
The result is that the HTTP server interprets the requests differently.
In the first case, the body of the request is empty and in the second case the body contains a=b.
Which version is correct?
Constructing curl , python request , using HTTP POST
Open postman client and click on code [Below save button ] refer snapshot .
when click on code another window appears . refer snapshot .
similarly you can generate various other request [curl , python ,java , php ] refer snapshot
You can refer below link
http://jmeterblogb.blogspot.in/2016/11/constructing-curl-from-python-http-php.html
POST requests post data as part of the request body and GET requests via URL parameters. If you choose the form data option in postman you can pass it the same way (request body) in postman as well. How are parameters sent in an HTTP POST request? may be worth reading.

Rails do not parse my HTTP query string

I issued a HTTP request using CURL.
curl -X GET \
http://localhost:3000/api/v1/user_api/35/edit?old_password=aa&new_password=bb&password_confirmation=cc
My rails server only recognise the first parameter
Started GET "/api/v1/user_api/35/edit?old_password=aa" for 127.0.0.1 at 2013-08-01 14:12:52 +0100
Processing by Api::V1::UserApiController#edit as */*
Parameters: {"old_password"=>"aa", "id"=>35}
Any idea what is wrong here?
-------------------------------------Edit-----------------------------------------------------
WARNING! This is a very bad wild insane example of handling password reset.
The question is only aimed for topic of curl and query parsing issues.
Thank you for all your comments
Any idea what is wrong here?
You're passing passwords in plain text in the query string.
How about you start by not doing that?
Also, you need to put your URL in quotes as the & otherwise needs to escaped
curl -X GET \
"http://localhost:3000/api/v1/user_api/35/edit?old_password=aa&new_password=bb&password_confirmation=cc"
But really, please don't use GET to send password data

Resources