Support login via bot password

[lucaswerkmeister]

Currently, mwapi.Session supports login with credentials via action=clientlogin, which only supports the user’s real password (and may require an interactive flow, continuing the login in another step). It would be nice to also support bot passwords – by automatically detecting them in login() (username contains “@”), by adding a new method for action=login instead of action=clientlogin, or at least by documenting the following workaround:

lgtoken = session.get(action='query',
                      meta='tokens',
                      type='login')['query']['tokens']['logintoken']
session.post(action='login',
             lgname=bot_username,
             lgpassword=bot_password,
             lgtoken=lgtoken)

[lucaswerkmeister]

Note on this workaround: the login API doesn’t return a standard error when login fails, so this call will appear to “succeed” (i.e., it won’t throw an mwapi.errors.APIError) even if the login didn’t actually work. You’ll want to check that the response’s .login.result == 'Success'. If you use assert='user' on subsequent requests, then that should at least prevent you from leaking your IP address. (Cf. lucaswerkmeister/m3api-botpassword#1.)