JSON admin API

Help for integrating the Laravel package
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Bfr
Posts: 9
Joined: 29 Sep 2017, 08:44

JSON admin API

Post by Bfr » 29 Sep 2017, 08:55

Hello,

I'm trying to use the Admin/JSONAPI but when I make the OPTIONS request (with BASIC auth in my header), I'm redirected to the login page.
Also request to .../admin/default/jsonadm/product display "The page has expired due to inactivity".

If I add the Middleware AuthenticateOnceWithBasicAuth and modify my route :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic']],
Now when I make the OPTIONS request I get Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: This action is unauthorized.

Thanks in advance for your help,

Bernard

Version : PHP 7.0.22 Ubuntu 16.04
Laravel Framework 5.5.13
Aimeos : ~2017.07

Bfr
Posts: 9
Joined: 29 Sep 2017, 08:44

Re: JSON admin API

Post by Bfr » 02 Oct 2017, 12:13

Hello,

I fixed the problem with unauthorized access by adding my user to "admin" group and changing this :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic']]
to this :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic.once']]

But I still have a problem when I make a request to /admin/default/jsonadm/product ("The page has expired due to inactivity").

Thanks for your help.

Bernard

User avatar
aimeos
Administrator
Posts: 3207
Joined: 01 Jan 1970, 00:00

Re: JSON admin API

Post by aimeos » 02 Oct 2017, 13:18

Laravel requires a CSRF token for all DELETE/PATCH/POST operations. You will get a new one with every response in the meta section of the JSON REST API:

Code: Select all

"csrf": {
	"name": "_token",
	"value": "eSEetvzK8Lh4UgKoKDifUyi6Fy48zGvYk0tcc7eC"
}
In jQuery, add it to the JSON URL like this:

Code: Select all

if(response['meta']['csrf']) {
    var csrf = {};
    csrf[response['meta']['csrf']['name']] = response['meta']['csrf']['value']; 
    url += (url.indexOf('?') === -1 ? '?' : '&') + $.param(csrf);
}
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

Bfr
Posts: 9
Joined: 29 Sep 2017, 08:44

Re: JSON admin API

Post by Bfr » 02 Oct 2017, 13:24

Hello,

Thanks it works.

Bfr
Posts: 9
Joined: 29 Sep 2017, 08:44

Re: JSON admin API

Post by Bfr » 03 Oct 2017, 13:26

Hello,

Now I have another problem linked to the JSONadm.
Since I enable base auth for json admin rest, when I go in the admin I always have the basic auth login popup.

Can you help me please?

Thanks,

User avatar
aimeos
Administrator
Posts: 3207
Joined: 01 Jan 1970, 00:00

Re: JSON admin API

Post by aimeos » 03 Oct 2017, 17:54

You should not use basic HTTP auth for Jsonadm because of that. Chose another way of authentication and pass the Laravel cookie with each request so Larvel knows you are authenticated.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

Post Reply