Help for integrating the Laravel package
Forum rules: Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
#4657 by Bfr
29 Sep 2017, 08:55

I'm trying to use the Admin/JSONAPI but when I make the OPTIONS request (with BASIC auth in my header), I'm redirected to the login page.
Also request to .../admin/default/jsonadm/product display "The page has expired due to inactivity".

If I add the Middleware AuthenticateOnceWithBasicAuth and modify my route :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic']],
Now when I make the OPTIONS request I get Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: This action is unauthorized.

Thanks in advance for your help,


Version : PHP 7.0.22 Ubuntu 16.04
Laravel Framework 5.5.13
Aimeos : ~2017.07
#4686 by Bfr
02 Oct 2017, 12:13

I fixed the problem with unauthorized access by adding my user to "admin" group and changing this :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic']]
to this :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic.once']]

But I still have a problem when I make a request to /admin/default/jsonadm/product ("The page has expired due to inactivity").

Thanks for your help.

#4687 by aimeos
02 Oct 2017, 13:18
Laravel requires a CSRF token for all DELETE/PATCH/POST operations. You will get a new one with every response in the meta section of the JSON REST API:
Code: Select all"csrf": {
   "name": "_token",
   "value": "eSEetvzK8Lh4UgKoKDifUyi6Fy48zGvYk0tcc7eC"

In jQuery, add it to the JSON URL like this:
Code: Select allif(response['meta']['csrf']) {
    var csrf = {};
    csrf[response['meta']['csrf']['name']] = response['meta']['csrf']['value'];
    url += (url.indexOf('?') === -1 ? '?' : '&') + $.param(csrf);
#4691 by Bfr
03 Oct 2017, 13:26

Now I have another problem linked to the JSONadm.
Since I enable base auth for json admin rest, when I go in the admin I always have the basic auth login popup.

Can you help me please?

#4695 by aimeos
03 Oct 2017, 17:54
You should not use basic HTTP auth for Jsonadm because of that. Chose another way of authentication and pass the Laravel cookie with each request so Larvel knows you are authenticated.