[PATCH/RFC] add git credential login to remote mediawiki

[PATCH/RFC] add git credential login to remote mediawiki

[Javier.Roucher-Iglesias]

From: Javier Roucher <jroucher@gmail.com>


This path uses git credential to store the login/password of the mediawiki.


---
 contrib/mw-to-git/git-remote-mediawiki | 96 ++++++++++++++++++++++++++++------
 1 file changed, 81 insertions(+), 15 deletions(-)

diff --git a/contrib/mw-to-git/git-remote-mediawiki b/contrib/mw-to-git/git-remote-mediawiki
index c18bfa1..4dcc189 100755
--- a/contrib/mw-to-git/git-remote-mediawiki
+++ b/contrib/mw-to-git/git-remote-mediawiki
@@ -152,29 +152,95 @@ while (<STDIN>) {
 ########################## Functions ##############################
 
 # MediaWiki API instance, created lazily.
+sub run_credential {
+	my $cre_protocol = "";
+	my $cre_host = "";
+	my $cre_path = "";
+	my $msg = "";
+	my $result = "";
+	my $op = $_[0];
+
+	my $parsed = URI->new($url);
+	$cre_protocol = $parsed->scheme;
+	$cre_host = $parsed->host;
+	$cre_path = $parsed->path;
+
+	if ($wiki_login ne "") {
+		$msg .= "username=$wiki_login\n";
+	}
+	if ($wiki_passwd ne "") {
+		$msg .= "password=$wiki_passwd\n";
+	}
+	if ($cre_protocol ne "") {
+		$msg .= "protocol=$cre_protocol\n";
+	}
+	if ($cre_host ne "") {
+		$msg .= "host=$cre_host\n";
+	}
+	if ($cre_path ne "") {
+		$msg .= "path=$cre_path\n";
+	}
+	$msg .= "\n";
+
+	my $key;
+	my $value;
+	my $Prog = "git credential $op";
+	open2 (*Reader, *Writer, $Prog);
+	print Writer $msg;
+	close (Writer);
+
+	if ($op eq "fill") {
+		while (<Reader>) {
+			my ($key, $value) = /([^=]*)=(.*)/;
+			if (not defined $key) {
+				print STDERR "ERROR receiving response git credential fill\n Reponse: $_\n";
+				# exit 1;
+			}
+			if ($key eq "username") {
+				$wiki_login = $value;
+			}
+			if ($key eq "password") {
+				$wiki_passwd = $value;
+			}
+		}
+	} else {
+		while (<Reader>) {
+			print STDERR "\nERROR while running git credential $op:\n$_";
+		}
+	}
+}
+
 my $mediawiki;
 
+sub ask_credential {
+	run_credential("fill");
+
+	if (!$mediawiki->login( {
+		lgname => $wiki_login,
+		lgpassword => $wiki_passwd,
+		lgdomain => $wiki_domain,
+		} )) {
+			print STDERR "Failed to log in mediawiki user: $wiki_login\n on: $url\n";
+			print STDERR "URL: $wiki_domain $url\n";
+			print STDERR "(error " .
+				$mediawiki->{error}->{code} . ': ' .
+				$mediawiki->{error}->{details} . ")\n";
+			run_credential("reject");
+#			exit 1;
+	} else {
+		print STDERR "Logged in with user: $wiki_login.\n";
+		run_credential("approve");
+	}
+}
+
 sub mw_connect_maybe {
+
 	if ($mediawiki) {
 	    return;
 	}
 	$mediawiki = MediaWiki::API->new;
 	$mediawiki->{config}->{api_url} = "$url/api.php";
-	if ($wiki_login) {
-		if (!$mediawiki->login({
-			lgname => $wiki_login,
-			lgpassword => $wiki_passwd,
-			lgdomain => $wiki_domain,
-		})) {
-			print STDERR "Failed to log in mediawiki user \"$wiki_login\" on $url\n";
-			print STDERR "(error " .
-			    $mediawiki->{error}->{code} . ': ' .
-			    $mediawiki->{error}->{details} . ")\n";
-			exit 1;
-		} else {
-			print STDERR "Logged in with user \"$wiki_login\".\n";
-		}
-	}
+	ask_credential();
 }
 
 sub get_mw_first_pages {
-- 
1.7.10.2.573.ged8bfa6

Re: [PATCH/RFC] add git credential login to remote mediawiki

[Matthieu Moy]

Javier.Roucher-Iglesias@ensimag.imag.fr writes:

>  # MediaWiki API instance, created lazily.
> +sub run_credential {

How is the code related to the comment right above?

> +	my $Prog = "git credential $op";
> +	open2 (*Reader, *Writer, $Prog);
> +	print Writer $msg;
> +	close (Writer);

No space before "(" for function calls (already mentionned twice).

>  my $mediawiki;

Didn't I already mention (twice?) that this declaration was meant to
stay right above mw_connect_maybe?

> +			run_credential("reject");
> +#			exit 1;

Do you, or do you not want to "exit 1". Either remove this, or uncomment
it.

>  sub mw_connect_maybe {
> +
>  	if ($mediawiki) {

Why do you add this blank line? (already mentionned)

> -	if ($wiki_login) {
> -		if (!$mediawiki->login({
> -			lgname => $wiki_login,
> -			lgpassword => $wiki_passwd,
> -			lgdomain => $wiki_domain,
> -		})) {
> -			print STDERR "Failed to log in mediawiki user \"$wiki_login\" on $url\n";
> -			print STDERR "(error " .
> -			    $mediawiki->{error}->{code} . ': ' .
> -			    $mediawiki->{error}->{details} . ")\n";
> -			exit 1;
> -		} else {
> -			print STDERR "Logged in with user \"$wiki_login\".\n";
> -		}
> -	}
> +	ask_credential();

This means you can't use the wiki anonymously anymore. This is an
unacceptable regression.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: [PATCH/RFC] add git credential login to remote mediawiki

[roucherj]

On Tue, 12 Jun 2012 16:51:18 +0200, Matthieu Moy wrote:
> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
>
>>  # MediaWiki API instance, created lazily.
>> +sub run_credential {
>
> How is the code related to the comment right above?
>

Sorry a old comment, i think it's a cause of git rebase i will erase.

>> +	my $Prog = "git credential $op";
>> +	open2 (*Reader, *Writer, $Prog);
>> +	print Writer $msg;
>> +	close (Writer);
>
> No space before "(" for function calls (already mentionned twice).
>

sorry but before it's like:
+	my $Prog = "git credential $op";
+	open2(*Reader, *Writer, $Prog);
+	print Writer $msg;
+	close(Writer);

i have add one space, but the have to be like that?:
+	my $Prog = "git credential $op";
+	open2 ( *Reader, *Writer, $Prog );
+	print Writer $msg;
+	close ( Writer );

>>  my $mediawiki;
>
> Didn't I already mention (twice?) that this declaration was meant to
> stay right above mw_connect_maybe?
>

yes but 'ask_credential' used $mediawiki then i think i have to declare 
before 'ask_credential'

>> +			run_credential("reject");
>> +#			exit 1;
>
> Do you, or do you not want to "exit 1". Either remove this, or 
> uncomment
> it.
>

i have comment this line to see the opinion of the community, because i 
ask all the time to authenticate
but there are few operations who we don't have to authenticate it.

now if we comment this line the login will fail but they will continue 
with the operation (like, git clone)
and try to do it, if the wiki need to be authenticate will refuse the 
operation if not they will continue.

>>  sub mw_connect_maybe {
>> +
>>  	if ($mediawiki) {
>
> Why do you add this blank line? (already mentionned)
>

because we need the structure $mediawiki to get the url if is not 
declare it will return with out doing the operation

>> -	if ($wiki_login) {
>> -		if (!$mediawiki->login({
>> -			lgname => $wiki_login,
>> -			lgpassword => $wiki_passwd,
>> -			lgdomain => $wiki_domain,
>> -		})) {
>> -			print STDERR "Failed to log in mediawiki user \"$wiki_login\" on 
>> $url\n";
>> -			print STDERR "(error " .
>> -			    $mediawiki->{error}->{code} . ': ' .
>> -			    $mediawiki->{error}->{details} . ")\n";
>> -			exit 1;
>> -		} else {
>> -			print STDERR "Logged in with user \"$wiki_login\".\n";
>> -		}
>> -	}
>> +	ask_credential();
>
> This means you can't use the wiki anonymously anymore. This is an
> unacceptable regression.

yes you can use anonymously but login will fail and try to the 
operation, this is the reason because i have comment the 'exit 1'.

Re: [PATCH/RFC] add git credential login to remote mediawiki

[Matthieu Moy]

roucherj <roucherj@telesun.imag.fr> writes:

> On Tue, 12 Jun 2012 16:51:18 +0200, Matthieu Moy wrote:
>> Javier.Roucher-Iglesias@ensimag.imag.fr writes:
>>
>>>  # MediaWiki API instance, created lazily.
>>> +sub run_credential {
>>
>> How is the code related to the comment right above?
>>
>
> Sorry a old comment, i think it's a cause of git rebase i will erase.

The comment was already there in the code, but it was right above

my $mediawiki;

and therefore meaningful.

> sorry but before it's like:
> +	my $Prog = "git credential $op";
> +	open2(*Reader, *Writer, $Prog);
> +	print Writer $msg;
> +	close(Writer);

No it wasn't (this is the expected version). It was "close (Writer);"
with an extra space.

>> Didn't I already mention (twice?) that this declaration was meant to
>> stay right above mw_connect_maybe?
>
> yes but 'ask_credential' used $mediawiki then i think i have to
> declare before 'ask_credential'

But do you have any reason not to declare ask_credential after
mw_connect_maybe?

>>> +			run_credential("reject");
>>> +#			exit 1;
>>
>> Do you, or do you not want to "exit 1". Either remove this, or
>> uncomment
>> it.
>>
>
> i have comment this line to see the opinion of the community, because
> i ask all the time to authenticate
> but there are few operations who we don't have to authenticate it.
>
> now if we comment this line the login will fail but they will continue
> with the operation (like, git clone)
> and try to do it, if the wiki need to be authenticate will refuse the
> operation if not they will continue.
[...]
>> This means you can't use the wiki anonymously anymore. This is an
>> unacceptable regression.
>
> yes you can use anonymously but login will fail and try to the
> operation, this is the reason because i have comment the 'exit 1'.

But in this case, you still prompt for login and password, right?.
That's weird for the user to have to type a dummy login/password and see
an error message to use a wiki anonymously.

>>>  sub mw_connect_maybe {
>>> +
>>>  	if ($mediawiki) {
>>
>> Why do you add this blank line? (already mentionned)
>>
>
> because we need the structure $mediawiki to get the url if is not
> declare it will return with out doing the operation

I'm talking about the blank line, not the if.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/