Comments (11)
First thing I can think of is that the Member you use to access the API doesn't the right to read the Member record you are trying to access, maybe? Since Member has it's default set of canView etc...
You don't have any other extension on the Member object?
from silverstripe-restfulapi.
The user I'm using is an admin so I don't think it's that.
I do have an extension. Do I need to add that instead of Member?
from silverstripe-restfulapi.
For the extension I was just wondering if there might be code there that affects it... maybe? can you post the code?
from silverstripe-restfulapi.
Im having a similar issue, I can't really see any support which makes me think the answers easy and im just confused. I would like to be able to create a new member by posting to a url: "http://mysite.local/api/Member" with data like : {"FirstName":"test1"}.
When I try the above I get a "Token invalid" response. Heres my config.yml
---
Name: restfulapi
After: 'framework/*','cms/*'
---
# ---------------------------------
# Routing
Director:
rules:
'api': 'RESTfulAPI'
ArkOrder:
api_access: 'true'
Ark:
api_access: 'true'
#DONT NEED TO POST TO BADGE REMOVE FOR PRODUCTION
Badge:
api_access: 'true'
# RestfulAPI config
RESTfulAPI:
authentication_policy: true
access_control_policy: 'ACL_CHECK_CONFIG_ONLY'
dependencies:
authenticator: '%$RESTfulAPI_TokenAuthenticator'
cors:
Enabled: true
Allow-Origin: '*'
Allow-Headers: '*'
Allow-Methods: 'OPTIONS, GET, POST, PUT'
Max-Age: 86400
RESTfulAPI_TokenAuthenticator:
tokenOwnerClass: 'Member'
Member:
extensions:
- RESTfulAPI_TokenAuthExtension
from silverstripe-restfulapi.
The "Token invalid" error is because you are using an authenticator
component: RESTfulAPI_TokenAuthenticator
which restricts access to the api to only authorized requests.
This means you need to pass a X-Silverstripe-Apitoken
in the header of your request. Here is the doc: https://github.com/colymba/silverstripe-restfulapi/blob/master/doc/TokenAuthenticator.md.
The token itself comes from the DataObject who has the RESTfulAPI_TokenAuthExtension
extension, in your case, Member
. The token can be generated via the login method for example api/auth/login?email=XXX&pwd=XXX
(https://github.com/colymba/silverstripe-restfulapi/blob/master/code/authenticator/RESTfulAPI_TokenAuthenticator.php#L132)
Or you could just disable it for test purposes by setting authentication_policy: false
on the RESTfulAPI
config.
from silverstripe-restfulapi.
I apologize I was a bit vague.
Its for registration. So for a new user to create a profile in order to login. At this point in the journey he (the user) would not have a token but would require one only after registering
from silverstripe-restfulapi.
@MarkyParkyJozi I see... authentication_policy
can take an array of HTTP methods, so you could leave out POST ($authentication_policy = array('GET', 'PUT', 'DELETE');
) so anyone can create new Members... theoretically, it should work....?
from silverstripe-restfulapi.
THANKS @colymba it works if I place it in my yml as:
RESTfulAPI:
authentication_policy: 'GET,DELETE,PUT'
But thats a bit dangerous so i tried extending my member so that only the 'Member' model would have the policy:
class MyMemberExtension extends DataExtension {
/**
* Modify the field set to be displayed in the CMS detail pop-up
*/
private static $has_many = array(
'Arks' => 'Ark'
);
public function canCreate($member = null) {
//return Permission::check('CMS_ACCESS_CMSMain', 'any', $member);
return true;
}
// define additional properties
private static $has_one = array();
private static $authentication_policy = array('GET', 'PUT', 'DELETE');
private static $belongs_many_many = array();
}
and my config.yml:
Director:
rules:
'api': 'RESTfulAPI'
ArkOrder:
api_access: 'GET,POST,PUT'
Ark:
api_access: 'GET,POST,PUT'
#DONT NEED TO POST TO BADGE REMOVE FOR PRODUCTION
Badge:
api_access: 'GET,PUT,POST'
# RestfulAPI config
RESTfulAPI:
authentication_policy: true
access_control_policy: 'ACL_CHECK_CONFIG_ONLY'
dependencies:
authenticator: '%$RESTfulAPI_TokenAuthenticator'
cors:
Enabled: true
Allow-Origin: '*'
Allow-Headers: '*'
Allow-Methods: 'OPTIONS, GET, POST, PUT'
Max-Age: 86400
RESTfulAPI_TokenAuthenticator:
tokenOwnerClass: 'MyMemberExtension'
MyMemberExtension:
extensions:
- RESTfulAPI_TokenAuthExtension
Member:
api_access: 'GET,POST,PUT'
extensions:
- MyMemberExtension
And then my post would now be to : http://mysite.local/api/MyMemberExtension but its the same 'Token invalid' message
Im still pretty new to silverstripe so maybe Im missing some fundamentals? Surely this pattern or something similar has been done before
from silverstripe-restfulapi.
@MarkyParkyJozi authentication_policy
just wont be checked on your dataExtension and also, /api/MyMemberExtension
isn't right, you can't call DataExtensions like that, they are added to DataObjects...
from silverstripe-restfulapi.
Brilliant!, knowing what wont work is half the battle. @colymba can you direct me to any documentation that would allow me to use the RESTfulAPI and have the desired pattern of allowing registration
from silverstripe-restfulapi.
@MarkyParkyJozi this is now going off topic for this issue.... bets thing is for you to create a new issue and we can continue there....
from silverstripe-restfulapi.
Related Issues (20)
- Embedded Records not working as expected, or at all HOT 2
- Pagination for the Json
- The full configuration for BlogCategories & FeaturedImage
- Setting tokenOwnerClass HOT 2
- password with special characters HOT 1
- Response code 100 when post object has more than 3 relations
- CORS not working - Question really HOT 1
- api/auth/lostPassword -> BadMethodCallException
- New release? HOT 1
- Created, LastEdited never seem to be returned HOT 3
- Specify fields to be returned HOT 2
- default limit? HOT 1
- Access to token on dataobjects HOT 2
- Why convert properties and model names by "lcfirst"? HOT 1
- Lost password existing account disclosure HOT 4
- Can I call multiple dataobject in one api request and response in one json object?
- How to prevent POST requests specifying ID HOT 1
- SilverStripe 4 Support HOT 1
- model_permission_check instanceof Member not namespaced HOT 1
- Getting error: Call to undefined method SilverStripe\Config\Collections\CachedConfigCollection::set()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silverstripe-restfulapi.