3 files changed, 25 insertions, 15 deletions

diff --git a/includes/api/ApiAuthManagerHelper.php b/includes/api/ApiAuthManagerHelper.php
index 299740571b79..e30f22b64e71 100644
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -244,7 +244,7 @@ class ApiAuthManagerHelper {
 			$describe = $req->describeCredentials();
 			$reqInfo = [
 				'id' => $req->getUniqueId(),
-				'metadata' => $req->getMetadata(),
+				'metadata' => $req->getMetadata() + [ ApiResult::META_TYPE => 'assoc' ],
 			];
 			switch ( $req->required ) {
 				case AuthenticationRequest::OPTIONAL:
@@ -283,7 +283,6 @@ class ApiAuthManagerHelper {
 	private function formatFields( array $fields ) {
 		static $copy = [
 			'type' => true,
-			'image' => true,
 			'value' => true,
 		];
 
diff --git a/includes/api/ApiQuery.php b/includes/api/ApiQuery.php
index 3ca4c08da4f5..ed4d373a7c09 100644
--- a/includes/api/ApiQuery.php
+++ b/includes/api/ApiQuery.php
@@ -554,23 +554,34 @@ class ApiQuery extends ApiBase {
 	}
 
 	public function isReadMode() {
-		// We need to make an exception for ApiQueryTokens so login tokens can
-		// be fetched on private wikis. Restrict that exception as much as
-		// possible: no other modules allowed, and no pageset parameters
-		// either. We do allow the 'rawcontinue' and 'indexpageids' parameters
-		// since frameworks might add these unconditionally and they can't
-		// expose anything here.
+		// We need to make an exception for certain meta modules that should be
+		// accessible even without the 'read' right. Restrict the exception as
+		// much as possible: no other modules allowed, and no pageset
+		// parameters either. We do allow the 'rawcontinue' and 'indexpageids'
+		// parameters since frameworks might add these unconditionally and they
+		// can't expose anything here.
+		$this->mParams = $this->extractRequestParams();
 		$params = array_filter(
 			array_diff_key(
-				$this->extractRequestParams() + $this->getPageSet()->extractRequestParams(),
+				$this->mParams + $this->getPageSet()->extractRequestParams(),
 				[ 'rawcontinue' => 1, 'indexpageids' => 1 ]
 			)
 		);
-		if ( $params === [ 'meta' => [ 'tokens' ] ] ) {
-			return false;
+		if ( array_keys( $params ) !== [ 'meta' ] ) {
+			return true;
+		}
+
+		// Ask each module if it requires read mode. Any true => this returns
+		// true.
+		$modules = [];
+		$this->instantiateModules( $modules, 'meta' );
+		foreach ( $modules as $module ) {
+			if ( $module->isReadMode() ) {
+				return true;
+			}
 		}
 
-		return true;
+		return false;
 	}
 
 	protected function getExamplesMessages() {
diff --git a/includes/api/ApiQueryAuthManagerInfo.php b/includes/api/ApiQueryAuthManagerInfo.php
index b591f9c00a5d..e2229cbe9fa8 100644
--- a/includes/api/ApiQueryAuthManagerInfo.php
+++ b/includes/api/ApiQueryAuthManagerInfo.php
@@ -75,8 +75,8 @@ class ApiQueryAuthManagerInfo extends ApiQueryBase {
 		$this->getResult()->addValue( [ 'query' ], $this->getModuleName(), $ret );
 	}
 
-	public function getCacheMode( $params ) {
-		return 'public';
+	public function isReadMode() {
+		return false;
 	}
 
 	public function getAllowedParams() {
@@ -95,7 +95,7 @@ class ApiQueryAuthManagerInfo extends ApiQueryBase {
 					AuthManager::ACTION_UNLINK,
 				],
 			],
-		] + ApiAuthManagerHelper::getStandardParams( '', 'mergerequestfields' );
+		] + ApiAuthManagerHelper::getStandardParams( '', 'mergerequestfields', 'messageformat' );
 	}
 
 	protected function getExamplesMessages() {