Page 1 of 1

JSON admin API

Posted: 29 Sep 2017, 08:55
by Bfr
Hello,

I'm trying to use the Admin/JSONAPI but when I make the OPTIONS request (with BASIC auth in my header), I'm redirected to the login page.
Also request to .../admin/default/jsonadm/product display "The page has expired due to inactivity".

If I add the Middleware AuthenticateOnceWithBasicAuth and modify my route :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic']],
Now when I make the OPTIONS request I get Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: This action is unauthorized.

Thanks in advance for your help,

Bernard

Version : PHP 7.0.22 Ubuntu 16.04
Laravel Framework 5.5.13
Aimeos : ~2017.07

Re: JSON admin API

Posted: 02 Oct 2017, 12:13
by Bfr
Hello,

I fixed the problem with unauthorized access by adding my user to "admin" group and changing this :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic']]
to this :
'jsonadm' => ['prefix' => 'admin/{site}/jsonadm', 'middleware' => ['web', 'auth.basic.once']]

But I still have a problem when I make a request to /admin/default/jsonadm/product ("The page has expired due to inactivity").

Thanks for your help.

Bernard

Re: JSON admin API

Posted: 02 Oct 2017, 13:18
by aimeos
Laravel requires a CSRF token for all DELETE/PATCH/POST operations. You will get a new one with every response in the meta section of the JSON REST API:

Code: Select all

"csrf": {
	"name": "_token",
	"value": "eSEetvzK8Lh4UgKoKDifUyi6Fy48zGvYk0tcc7eC"
}
In jQuery, add it to the JSON URL like this:

Code: Select all

if(response['meta']['csrf']) {
    var csrf = {};
    csrf[response['meta']['csrf']['name']] = response['meta']['csrf']['value']; 
    url += (url.indexOf('?') === -1 ? '?' : '&') + $.param(csrf);
}

Re: JSON admin API

Posted: 02 Oct 2017, 13:24
by Bfr
Hello,

Thanks it works.

Re: JSON admin API

Posted: 03 Oct 2017, 13:26
by Bfr
Hello,

Now I have another problem linked to the JSONadm.
Since I enable base auth for json admin rest, when I go in the admin I always have the basic auth login popup.

Can you help me please?

Thanks,

Re: JSON admin API

Posted: 03 Oct 2017, 17:54
by aimeos
You should not use basic HTTP auth for Jsonadm because of that. Chose another way of authentication and pass the Laravel cookie with each request so Larvel knows you are authenticated.