Topic on Extension talk:Lockdown

Lockdown and VisualEditor - can't edit protected pages

21 comments • 13:59, 18 December 2020 3 years ago

21

Ckoerner (talkcontribs)

I have a wiki running 1.23wmf11 and the latest build of VisualEditor, the WYSIWYG editor from Wikimedia. It uses a node.js-based parser to round-trip wikitext called Parsoid.

I have defined a few custom name spaces and enabled VisualEdtior for those name spaces. Everything is working as intended.

If I use $wgNamespacePermissionLockdown to define read and edit rights for user groups VisualEditor does not work.

Instead I'm prompted with a "Error loading data from server: parsoidserver-http-bad-status: 500."

Editing the page with WikiEditor works as intended.

node spits out the following when the attempt to edit is made.

starting parsing of localhost:DBC:Cache_Shadowing_Stop/Start_Suspend/Resume
 ERROR in localhost:DBC:Cache_Shadowing_Stop/Start_Suspend/Resume with oldid: 123915
 Stack trace: Error: API response is missing query for: DBC:Cache_Shadowing_Stop/Start_Suspend/Resume
  at TemplateRequest._handleJSON (/var/www/Parsoid/lib/mediawiki.ApiRequest.js:270:11)
  at TemplateRequest.ApiRequest._handleBody (/var/www/Parsoid/lib/mediawiki.ApiRequest.js:192:7)
  at TemplateRequest.ApiRequest._requestCB (/var/www/Parsoid/lib/mediawiki.ApiRequest.js:149:8)
  at Request.self.callback (/var/www/Parsoid/node_modules/request/request.js:129:22)
  at Request.EventEmitter.emit (events.js:98:17)
  at Request.<anonymous> (/var/www/Parsoid/node_modules/request/request.js:873:14)
  at Request.EventEmitter.emit (events.js:117:20)
  at IncomingMessage.<anonymous> (/var/www/Parsoid/node_modules/request/request.js:824:12)
  at IncomingMessage.EventEmitter.emit (events.js:117:20)
  at _stream_readable.js:920:16

It sounds like the Lockdown extension is somehow getting in the way of Parsoid and the MediaWiki api to make it's calls.

While VisualEditor is not the default editor for MediaWiki, its active development and future roadmap seem to indicate that it will be a preferred way to edit wiki pages for many editors. Any inputs and thoughts would be appreciated.

Reply 19:24, 19 February 2014 10 years ago

47.19.118.253 (talkcontribs)

Hi, did you ever find a solution for this?

I'm running the Lockdown extension on MediaWiki 1.24.1 with the latest build of VisualEditor and I'm running into the same behavior where I'm unable to edit protected namespaces using VisualEditor.

Any help would be greatly appreciated!

Reply 19:51, 9 February 2015 9 years ago

89.216.28.24 (talkcontribs)

I am having the same issue. Pages that are under a namespace which is locked by Lockdown can't be edited with VisualEditor. WikiEditor works just fine.

Reply 09:13, 18 March 2015 9 years ago

Monic abc (talkcontribs)

I have the same problem, but I use HaloACL extension. Is there any chance to fix this?

Reply 09:31, 27 March 2015 9 years ago

Andrew Garrett (WMF) (talkcontribs)

https://www.mediawiki.org/wiki/Extension:VisualEditor#Linking_with_Parsoid_in_private_wikis

Reply 11:27, 18 March 2015 9 years ago

89.216.28.24 (talkcontribs)

Enabled cookies, still can't get VisualEditor to work on protected pages with Lockdown.

I created a new group called testgroup with a tool AccessControlPanel (frontend to Lockdown) and visited the page testgroup:Main_page in a browser where I was logged in (Firefox) and in another browser (Chrome). In first browser, I saw the edit button to edit the page in VisualEditor and then I got error (js alert dialog) "novenamespace: VisualEditor is not enabled in namespace 138" and after a reload, the VisualEditor Tab button disappeared.

In Chrome the page was restricted and I needed to log in to be able to see it, as expected.

If I manually create a namespace and if I restrict the namespace (read) to a user group in LocalSettings.php, every page created in that namespace can't be edited with VisualEditor. Only with WikiEditor.

Editing any other page that isn't restriced with Lockdown can be edited with VisualEditor.

Reply 12:52, 18 March 2015 9 years ago

163.244.62.183 (talkcontribs)

BUMP

I have this identical issue using MW 1.25, parsoid 0.3.0 and the latest drops of Visual Editor and Lockdown.

Did anyone reach a solution for this?

Reply 14:09, 15 July 2015 8 years ago

Gino3008 (talkcontribs)

Hello everyone.

We just have the SAME issue with Visual Editor and Lockdown.

Did anyone find a solution ??

Is this an inevitable problem with lockdown ?

We've been looking for a solution since all the day and nothing's working.

We've trying every solutions posted on the internet and .. no.

Please is there a god on this earth able to help us ??

Thank you

Reply 14:48, 14 January 2016 8 years ago

HermannSchwärzler (talkcontribs)

Hi everybody,

I think the problem is solved in newer Versions of MW and VE, as in my Installation of

MediaWiki 1.27.0-wmf.11 and

VisualEditor 0.1.0 (a6e24f4) 00:37, 1 February 2016

with VisualEditor enabled for the "Project" Namespace, which is write protected by Extension:Lockdown I am able to successfully edit those protected pages with VE. I have a Parsoid-server running on an a private backend-network and I am doing cookie-forwarding.

The Parsoid-server is a git clone from the beginning of February 2016.

Greetings

Hermann

Reply 11:36, 22 February 2016 8 years ago

Dieudo (talkcontribs)

Hi,

Encouraged by Hermann's example, I tried with latest night (2016.02.24) builts of every bit of software involved but I still get this message :

Erreur lors du chargement des données du serveur : 500: parsoidserver-http: HTTP 500. Voulez-vous réessayer ?

Thanks for any help.

Reply Edited 01:06, 25 February 2016 8 years ago

HermannSchwärzler (talkcontribs)

Hi @Dieudo,

this looks like a configuration-error or something. Your parsoid-server had some kind of problem and answered with HTTP code 500 ("Internal Server Error").

How do you start parsoid?

And what do you see it output when you run it with

parsoidConfig.debug = true;

in you localsettings.js?

Greetings

Hermann

Reply 09:51, 25 February 2016 8 years ago

Dieudo (talkcontribs)

Actually it looks like there's a problem with my lockdown configuration alone. I'll have to check that first. Thx for your help Hermann : )

Reply 22:46, 25 February 2016 8 years ago

Dieudo (talkcontribs)

The error I get now is :

 Fatal error: Call to a member function getId() on a non-object in .../extensions/Lockdown/Lockdown.php on line 163

Reply 09:09, 26 February 2016 8 years ago

HermannSchwärzler (talkcontribs)

Sorry, I forgot to mention that. There seems to be a bug in Lockdown in combination with MW 1.27 - see https://phabricator.wikimedia.org/T127456

Just add this code before line 162:

 if ( !$wgUser ) {
        return true;
 }

Reply 15:38, 26 February 2016 8 years ago

Dieudo (talkcontribs)

Thank you Hermann !

This does the trick : )

However, it does it only if when including this line in LocalSettings.php :

$wgGroupPermissions['*']['read'] = false;

I wonder what to do to be able to use both Lockdown and VisualEditor on a wiki not private.

Any idea ?

Reply 22:48, 26 February 2016 8 years ago

Textform (talkcontribs)

My solution was, not to load Lockdown, if the request comes from the localhost. In an other configuration I had to take the non-local IP-adress of the server

if ( $_SERVER['REMOTE_ADDR'] != '127.0.0.1' ) {
require_once( "extensions/Lockdown/Lockdown.php" );
}

Additionaly the namespaces had to be activated for VE with $wgVisualEditorAvailableNamespaces

$wgVisualEditorAvailableNamespaces = array( 
NS_MAIN     => true,
NS_USER     => true,
NS_HELP     => true,
NS_PROJECT  => true,
NS_MYCUSTOMNAMESPACE  => true,
);

And read and edit permissions had to be given globally if request came from localhost

if ( $_SERVER['REMOTE_ADDR'] == '127.0.0.1' ) {
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = true;
}

Reply Edited 09:55, 3 June 2016 7 years ago

217.6.132.212 (talkcontribs)

Hi i have the same Problem here.

Where do you put the if Arguments? In the LocalSettings.php?

Reply 15:34, 18 November 2016 7 years ago

Kghbln (talkcontribs)

Yes, "LocalSetting.php"

Reply 12:33, 20 November 2016 7 years ago

109.199.10.165 (talkcontribs)

Hi guys,

I'm dealing with the same issue. If Lockdown is enabled, then VE refuses to save *any* page dispalying message "Permission denied". If I disable Lockdown by commenting out this section:

if ( $_SERVER['REMOTE_ADDR'] != '127.0.0.1' AND $_SERVER['REMOTE_ADDR'] != '::1' ) {

require_once "extensions/Lockdown/Lockdown.php";

}

Then VE works as hell.

I'm using the latest stable mediawiki, parsoid, Lockdown and VE.

My LocalSettings includes also:

$wgVisualEditorAvailableNamespaces = array(

NS_MAIN => true,

NS_USER => true,

NS_HELP => true,

NS_PROJECT => true,

NS_RESTRICTED => true

);

if ( $_SERVER['REMOTE_ADDR'] == '127.0.0.1' OR $_SERVER['REMOTE_ADDR'] == '::1' ) {

$wgGroupPermissions['*']['read'] = true;

$wgGroupPermissions['*']['edit'] = true;

} else {

# The following permissions were set based on your choice in the installer

$wgGroupPermissions['*']['createaccount'] = false;

$wgGroupPermissions['*']['edit'] = false;

}

Do you have any idea how this issue can be fixed?

Thanks in advance.

Maciej

Reply 14:15, 29 November 2016 7 years ago

Marco.malavolti (talkcontribs)

Mediawiki: v1.32.1

NodeJS: v10.15.3

Distribution: Debian GNU/Linux 9.8 (stretch)

Parsoid + VisualEditor + Lockdown (with SSL):

1) sudo apt install xs-utils

2) sudo wget https://nodejs.org/dist/v10.15.3/node-v10.15.3-linux-x64.tar.xz -O /usr/local/src/nodejs-10.15.3.tar.xz

3) sudo tar xf /usr/local/src/nodejs-10.15.3.tar.xz -C /usr/local/ --stript-components 1

4) sudo npm install -g parsoid

5) sudo vim /usr/local/lib/node_modules/parsoid/config.yaml

------ START config.yaml -------

services:

- module: lib/index.js

entrypoint: apiServiceWorker

conf:

mwApis:

- uri: 'http://{{ fqdn }}/{{ mw_wiki_dir_name }}/api.php'

# - uri: 'https://{{ fqdn }}/{{ mw_wiki_dir_name }}/api.php' # If you redirect all HTTP traffic to HTTPS

# - uri: 'http://{{ other_fqdn }}/{{ mw_wiki_dir_name }}/api.php'

------ END config.yaml -------

6) sudo vim /etc/systemd/system/parsoid.service

----- START parsoid.service -----

[Unit]

Description=Mediawiki Parsoid web service on node.js

Documentation=http://www.mediawiki.org/wiki/Parsoid

Wants=local-fs.target network.target

After=local-fs.target network.target

[Install]

WantedBy=multi-user.target

[Service]

Type=simple

User=root

Group=root

WorkingDirectory=/usr/local/lib/node_modules/parsoid

ExecStart=/usr/local/bin/node /usr/local/lib/node_modules/parsoid/bin/server.js

KillMode=process

Restart=on-success

PrivateTmp=true

StandardOutput=syslog

----- END parsoid.service -----

7) sudo service parsoid start (this load parsoid on port 8000)

8) sudo systemctl enable parsoid

9) sudo apt install stunnel

10) sudo vim /etc/stunnel/parsoid.conf

----- START parsoid.conf -----

cert = /etc/ssl/certs/{{ fqdn }}.crt

key = /etc/ssl/private/{{ fqdn }}.key

CAfile = /etc/ssl/certs/ca-certificates.crt

[parsoid]

accept = 8143

connect = 8000

----- END parsoid.conf -----

11) sudo vim /etc/default/stunnel4

----- START stunnel4 -----

...

# Change to one to enable stunnel automatic startup

ENABLED=1

...

----- END stunnel4 -----

12) sudo service stunnel4 restart (now you can reach parsoid on 8143)

13) sudo vim .../w/LocalSettings.php

----- START LocalSettings.php -----

...

// NEW Namespaces

define("NS_NEW_1", 3000);

define("NS_NEW_1_TALK", 3001);

$wgExtraNamespaces[NS_NEW_1] = "NEW1";

$wgExtraNamespaces[NS_NEW_1_TALK] = "NEW1_talk"; # Note underscores in the namespace name.

$wgNamespaceProtection[NS_NEW_1] = array( 'edit-new1' ); # "edit-new1" required to edit NEW1:pages

$wgNamespaceProtection[NS_NEW_1_TALK] = array( 'edit-new1-talk' ); # "edit-new1-talk" required to edit NEW1_talk:pages

$wgNamespacesWithSubpages[NS_NEW_1] = true; # subpages enabled for the NEW1 namespace

$wgGroupPermissions['new1']['edit-new1'] = true; # permission "edit-new1" granted to users in the "new1" group

$wgGroupPermissions['new1']['edit-new1-talk'] = true; # permission "edit-new1-talk" granted to users in the "new1" group

$wgContentNamespaces[] = NS_NEW_1; #prevent inclusion of pages from that namespace

$wgNonincludableNamespaces[] = NS_NEW_1;

$wgNonincludableNamespaces[] = NS_NEW_1_TALK;

wfLoadExtension( 'Lockdown' );

#restrict all permissions on pages with namespace "NEW" to users belonging to 'new1' group

$wgNamespacePermissionLockdown[NS_NEW_1]['*'] = array('new1');

$wgNamespacePermissionLockdown[NS_NEW_1_TALK]['*'] = array('new1');

wfLoadExtension( 'VisualEditor' );

// Enable by default for everybody

$wgDefaultUserOptions['visualeditor-enable'] = 1;

// Don't allow users to disable it

$wgHiddenPrefs[] = 'visualeditor-enable';

$wgVirtualRestConfig['modules']['parsoid'] = array(

// URL to the Parsoid instance

// Use port 8142 if you use the Debian package

'url' => 'https://{{ fqdn }}:8143',

'forwardCookies' => true,

);

$wgVisualEditorAvailableNamespaces = [

NS_MAIN => true,

NS_USER => true,

NS_HELP => true,

NS_NEW_1 => true,

];

...

----- END LocalSettings.php -----

Parsoid + VisualEditor (without SSL):

1) sudo apt install xs-utils

2) sudo wget https://nodejs.org/dist/v10.15.3/node-v10.15.3-linux-x64.tar.xz -O /usr/local/src/nodejs-10.15.3.tar.xz

3) sudo tar xf /usr/local/src/nodejs-10.15.3.tar.xz -C /usr/local/ --stript-components 1

4) sudo npm install -g parsoid

5) sudo vim /usr/local/lib/node_modules/parsoid/config.yaml

------ START config.yaml -------

services:

- module: lib/index.js

entrypoint: apiServiceWorker

conf:

mwApis:

- uri: 'http://{{ fqdn }}/{{ mw_wiki_dir_name }}/api.php'

# - uri: 'https://{{ fqdn }}/{{ mw_wiki_dir_name }}/api.php' # If you redirect all HTTP traffic to HTTPS

# - uri: 'http://{{ other_fqdn }}/{{ mw_wiki_dir_name }}/api.php'

------ END config.yaml -------

6) sudo vim /etc/systemd/system/parsoid.service

----- START parsoid.service -----

[Unit]

Description=Mediawiki Parsoid web service on node.js

Documentation=http://www.mediawiki.org/wiki/Parsoid

Wants=local-fs.target network.target

After=local-fs.target network.target

[Install]

WantedBy=multi-user.target

[Service]

Type=simple

User=root

Group=root

WorkingDirectory=/usr/local/lib/node_modules/parsoid

ExecStart=/usr/local/bin/node /usr/local/lib/node_modules/parsoid/bin/server.js

KillMode=process

Restart=on-success

PrivateTmp=true

StandardOutput=syslog

----- END parsoid.service -----

7) sudo service parsoid start (this load parsoid on port 8000)

8) sudo systemctl enable parsoid

9) sudo apt install stunnel

10) sudo vim .../w/LocalSettings.php

----- START LocalSettings.php -----

...

// NEW Namespaces

define("NS_NEW_1", 3000);

define("NS_NEW_1_TALK", 3001);

$wgExtraNamespaces[NS_NEW_1] = "NEW1";

$wgExtraNamespaces[NS_NEW_1_TALK] = "NEW1_talk"; # Note underscores in the namespace name.

$wgNamespaceProtection[NS_NEW_1] = array( 'edit-new1' ); # "edit-new1" required to edit NEW1:pages

$wgNamespaceProtection[NS_NEW_1_TALK] = array( 'edit-new1-talk' ); # "edit-new1-talk" required to edit NEW1_talk:pages

$wgNamespacesWithSubpages[NS_NEW_1] = true; # subpages enabled for the NEW1 namespace

$wgGroupPermissions['new1']['edit-new1'] = true; # permission "edit-new1" granted to users in the "new1" group

$wgGroupPermissions['new1']['edit-new1-talk'] = true; # permission "edit-new1-talk" granted to users in the "new1" group

$wgContentNamespaces[] = NS_NEW_1; #prevent inclusion of pages from that namespace

$wgNonincludableNamespaces[] = NS_NEW_1;

$wgNonincludableNamespaces[] = NS_NEW_1_TALK;

wfLoadExtension( 'Lockdown' );

#restrict all permissions on pages with namespace "NEW" to users belonging to 'new1' group

$wgNamespacePermissionLockdown[NS_NEW_1]['*'] = array('new1');

$wgNamespacePermissionLockdown[NS_NEW_1_TALK]['*'] = array('new1');

wfLoadExtension( 'VisualEditor' );

// Enable by default for everybody

$wgDefaultUserOptions['visualeditor-enable'] = 1;

// Don't allow users to disable it

$wgHiddenPrefs[] = 'visualeditor-enable';

$wgVirtualRestConfig['modules']['parsoid'] = array(

// URL to the Parsoid instance

// Use port 8142 if you use the Debian package

'url' => 'http://127.0.0.1:8000',

'forwardCookies' => true,

);

$wgVisualEditorAvailableNamespaces = [

NS_MAIN => true,

NS_USER => true,

NS_HELP => true,

NS_NEW_1 => true,

];

Reply Edited 11:28, 4 April 2019 5 years ago

Valerio Bozzolan (talkcontribs)

Maybe related to phab:T260201.

Reply 13:59, 18 December 2020 3 years ago

Reply to "Lockdown and VisualEditor - can't edit protected pages"