Hello all,
I am encountering a strange issue with my Scrito page that is not allowing users to login. The login button and dropdown still appear, and it even says ’ * Successfully logged in to Scripto.’
But the options for the user then do not appear, and when contributions are made, they are registered using the User’s IP Address rather than the Username:
I have found relevant forum posts (Scripto Logins not persisting ; Scripto-users can't log in) stating a similar issue with Scripto logins - but I cannot carry out the fixes as they either do not apply to my Omeka S instance or my version of Media Wiki. I wondered whether it has something to do with this ‘configurable cookie prefix’ bug discussed here: Testing: configurable cookie prefix · Issue #28 · omeka/plugin-Scripto · GitHub, but cannot find a correct/confident way to edit the config source code.
Has anyone got any ideas why this may be occurring or any way to fix it?
Many Thanks in Advance!
Richard
The configurable cookie prefix applies only to Scripto for Omeka Classic, not Omeka S, so that’s likely not going to be the issue here.
What are the versions you are using for the following:
- MediaWiki
- Omeka S
- Scripto (module)
Thanks for helping Jim. The Versions are as follows:
MediaWiki - 1.41.0
Omeka S - 4.0.1
Scripto - 1.4.0
I hope this provides some useful context!
Rich
I can’t reproduce the problem when using the same versions. Can you successfully log into Scripto on the administrative side? Have you made any changes to your MediaWiki’s configuration, like modifying permissions or enabling 2-factor authentication?
I cannot log into Scripto on the admin side either - it returns the same error that I have logged in with no further options.
I have not made any changes to the MediaWiki from my recollection, the only changes I have made relate to a custom CSS stylesheet I have made for the Scripto module. But I wouldn’t have thought the CSS code would affect Scripto in such a way.
To clarify, have you made any changes to your MediaWiki’s LocalSettings.php file?
I have not, at least since I did the MediaWiki setup, which I think required me to do so (from my recollection)
Hmm. If it’s not some custom configuration, I see two possibilities here, neither of which are easy to troubleshoot.
The first possibility is that the login could be returning an error that Scripto fails to detect—so it shows a successful login, but you’re not actually logged in. You could check if an error is happening by dumping the clientlogin response in Scripto/src/Mediawiki/ApiClient.php , like so:
public function login($username, $password)
{
// ...
$clientlogin = $this->request([...]);
var_dump($clientlogin);exit; // <-- Add this line
if (isset($clientlogin['error'])) {...}
// ...
}
The second possibility is that, somehow, Scripto fails to persist the login cookies sent by MediaWik; that, or Scripto fails to retrieve the cookies and set them to the HTTP client. I doubt this is the case, however.
I have added the code you have provided into the ApiClient.php file, have tried to log in, and it how now returned this:
“array(1) { [“clientlogin”]=> array(2) { [“status”]=> string(4) “PASS” [“username”]=> string(9) “Rich test” } }”
I have just been reminded by a friend that helped me originally with the initial Scripto installation, he did change something surrounding the MediaWiki Endpoint API setup, as it was trying to reference a HTTPS address rather than a HTTP address (as the website doesn’t have an ssl certificate). I don’t know if this provides any useful context… but I thought it might be good to mention just in case.
It appears that you are successfully logging into MediaWiki, but the subsequent requests aren’t handled as if you are logged in.
Let’s troubleshoot the other possibility. You can check if Scripto carries over the cookies by dumping the them after you’ve logged on. In the same file, add the following:
public function __construct(HttpClient $httpClient, $apiUrl, $timeZone)
{
// ...
var_dump($this->httpClient->getCookies());exit; // <-- Add this line
}
About running MediaWiki API over HTTP: it should be fine since MediaWiki still supports it.
I have added your code as follows:
public function __construct(HttpClient $httpClient, $apiUrl, $timeZone)
{
$this->httpClient = $httpClient;
$this->apiUrl = $apiUrl;
$this->timeZone = $timeZone;
// Retrieve persisted MediaWiki cookies and add them to the HTTP client.
$this->session = new Container('ScriptoMediawiki');
if (is_array($this->session->cookies)) {
foreach ($this->session->cookies as $cookie) {
$this->httpClient->addCookie($cookie);
var_dump($this->httpClient->getCookies());exit;
}
}
}
And it has returned the message:
array(1) { ["clientlogin"]=> array(2) { ["status"]=> string(4) "PASS" ["username"]=> string(9) "Rich test" } }
Good to know that this HTTPS issue is not the reason. Thank you for your continued efforts Jim!!
That doesn’t look right. It looks like you’re still dumping the clientlogin response.
I also tried troubleshooting with ChatGPT which advised me to input the line into the end of the ‘__construct’ method which I have now done:
public function __construct(HttpClient $httpClient, $apiUrl, $timeZone)
{
$this->httpClient = $httpClient;
$this->apiUrl = $apiUrl;
$this->timeZone = $timeZone;
// Retrieve persisted MediaWiki cookies and add them to the HTTP client.
$this->session = new Container('ScriptoMediawiki');
if (is_array($this->session->cookies)) {
foreach ($this->session->cookies as $cookie) {
$this->httpClient->addCookie($cookie);
}
}
var_dump($this->httpClient->getCookies());exit;
}
This now returns the message when I try to navigate to Scripto:
array(0) { }
without letting me even get to the Scripto main page to login, which was possible before. I hope this makes sense to you.
Somehow the MediaWiki cookies are not being passed to the session. First let’s see if they’re set during login. In ApiClient::login() add the following line immediately before the return:
var_dump($this->session->cookies);exit;
Log in to Scripto and what do you see? If you see anything other than cookie data, then MediaWiki isn’t passing cookies to Scripto’s HTTP client.
Now, let’s see if the session contains the cookies after logging in. Log into Scripto, and then in ApiClient::__construct() add the following line immediately before the return:
var_dump($this->session->cookies);exit;
Refresh the page and what do you see? If you see anything other than cookie data, the session is failing to store cookies for some reason. If so, have you customized your Omeka S session configuration in any way?
I have added this first line of code before the return and it now displays the message:
NULL
I guess this means that the cookie data is not being stored. I have not purposefully made any edits to the Omeka S configuration that I think would affect the way that Scripto functions in regard to cookies. But, is there a specific place that I can look at further to provide you with more insight into this?
To clarify, you got a NULL after adding the code to ApiClient::login() or ApiClient::__construct()?
ApiClient::__construct()
The function is as follows:
public function __construct(HttpClient $httpClient, $apiUrl, $timeZone)
{
$this->httpClient = $httpClient;
$this->apiUrl = $apiUrl;
$this->timeZone = $timeZone;
// Retrieve persisted MediaWiki cookies and add them to the HTTP client.
$this->session = new Container('ScriptoMediawiki');
if (is_array($this->session->cookies)) {
foreach ($this->session->cookies as $cookie) {
$this->httpClient->addCookie($cookie);
}
}
var_dump($this->session->cookies);exit;
}
Did you manage to dump the session data in ApiClient::login() as instructed here?
I did indeed, the ApiClient::login() appears as so:
public function login($username, $password)
{
$query = $this->request([
'action' => 'query',
'meta' => 'tokens',
'type' => 'login',
]);
$clientlogin = $this->request([
'action' => 'clientlogin',
'loginreturnurl' => 'http://example.com/', // currently unused but required
'logintoken' => $query['query']['tokens']['logintoken'],
'username' => $username,
'password' => $password,
'rememberMe' => true,
]);
var_dump($clientlogin);exit;
if (isset($clientlogin['error'])) {
throw new Exception\ClientloginException($clientlogin['error']['info']);
}
if ('FAIL' === $clientlogin['clientlogin']['status']) {
throw new Exception\ClientloginException($clientlogin['clientlogin']['message']);
}
// Persist the authentication cookies.
$this->session->cookies = $this->httpClient->getCookies();
// Set user information.
$this->userInfo = null;
$this->userInfo = $this->queryUserInfo();
var_dump($this->session->cookies);exit;
return $clientlogin['clientlogin'];
}
For total coverage, I can also provide you with the entire file. Please let me know if this is preferable. Again, as always, THANK YOU Jim!!
Please remove the var_dump($clientlogin);exit; in the middle of that method and try again.
