No bearer authentication for Read API about nodebb-plugin-write-api HOT 12 CLOSED

Hi @alexschomb -- a bit of a delay, but I did test this just now, and it does work as intended. Here's what I did.

I created a new user token (0a8f70c3-75d9-40e1-b203-da7b4ad09ebe), and made a curl without said token:

$ curl localhost:4567/api/un
read
{
    "code": "not-authorised",
    "message": "A valid login session was not found. Please log in and try again.",
    "params": {}
}

With token:

$ curl localhost:4567/api/unread -H "Authorization: Bearer 0a8f70c3-75d9-40e1-b203-da7b4ad09ebe"
{
    "showSelect": true,
    "nextStart": 0,
    "topics": [],
    "topicCount": 0,
    "categories": [
        {
            "cid": 5,
            "name": "Test Group",
            "icon": "hidden",
            "bgColor": "rgba(0,0,0,0)",
            "color": "rgba(0,0,0,0)",
            "slug": "5/test-group",
            "link": "",
            "selected": false
        },
        {
            "cid": 2,
            "name": "General Discussion",
            "icon": "fa-comments-o",
            "bgColor": "#59b3d0",
            "color": "#fff",
            "slug": "2/general-discussion",
            "link": "",
            "selected": false
        },
        {
            "cid": 4,
            "name": "Comments & Feedback",
            "icon": "fa-question",
            "bgColor": "#e95c5a",
            "color": "#fff",
            "slug": "4/comments-feedback",
            "link": "",
            "selected": false
        },
... etc...

So it does seem to work. Let me know if you still can't get it working.

from nodebb-plugin-write-api.

Interesting. I did exactly the same (but with different tokens) and always receive the not-authorized code. I tried both master and user tokens, no joy. Running NodeBB v1.0.3 (latest stable).

$ curl http://127.0.0.1:33002/api/unread -H "Authentication: Bearer 49a11260-1be3-4db8-90c3-41302561d9ed"
{"code":"not-authorised","message":"A valid login session was not found. Please log in and try again.","params":{}}

from nodebb-plugin-write-api.

from nodebb-plugin-write-api.

Oops, you're right. That did solve the problem for the /api/unread route. But I'm still receiving not-authorized for the request of /api/users:

$ curl http://127.0.0.1:33002/api/users -H "Authorization: Bearer 49a11260-1be3-4db8-90c3-41302561d9ed"
"not-authorized"

from nodebb-plugin-write-api.

I'm sorry, unfortunately I cannot reproduce this error:

$ curl localhost:4567/api/users -H "Authorization: Bearer 22e57cdc-3796-4330-8537-b4c1dff04eb1"           
{
    "loadmore_display": "hide",
    "users": [
        {
            "username": "mango5",
            "userslug": "mango5",
            "joindate": 1466629097936,
            "lastonline": 1466628804468,
            "picture": "",
            "reputation": 0,
            "postcount": 0,
            "banned": false,
            "status": "offline",
            "uid": 11,
            "email:confirmed": false,
            "icon:text": "M",
            "icon:bgColor": "#827717",
            "joindateISO": "2016-06-22T20:58:17.936Z",
            "administrator": false,
            "lastonlineISO": "2016-06-22T20:53:24.468Z"
        },
        ...
    ]
}

from nodebb-plugin-write-api.

Does it help if I give you access to my forum? I can safely reproduce it for two separate NodeBB intances (v1.0.2 and v1.0.3)

from nodebb-plugin-write-api.

By the way, is it a master token or a regular user token you're using?

from nodebb-plugin-write-api.

I tried both. A master token would ask me to provide a uid for the /api/unread call (as expected), but not for the /api/users one. The latter always returns the exact string (no JSON) "not-authorized" for any token (user or master).

# User token of an admin user
$ curl http://127.0.0.1:4567/api/unread -H "Authorization: Bearer fa14de0a-c384-4c80-b991-foobarcefd61"
{"showSelect":true,"nextStart":0,"topics":[],"categories":[{"cid":"1","name": ...

$ curl http://127.0.0.1:4567/api/users -H "Authorization: Bearer fa14de0a-c384-4c80-b991-foobarcefd61"
"not-authorized"

# Master token
$ curl http://127.0.0.1:4567/api/unread -H "Authorization: Bearer 5b54de45-5ccb-4b0d-be9b-foobard06b29"
{"code":"params-missing","message":"Required parameters were missing from this API call, please see the \"params\" property","params":["_uid"]}

$ curl http://127.0.0.1:4567/api/users -H "Authorization: Bearer 5b54de45-5ccb-4b0d-be9b-foobard06b29"
"not-authorized"

from nodebb-plugin-write-api.

Same issue here.
I have to request the read API /api/unread/ with _uid param once, and then request other API I want. If I don't do that, it will respond with 'not-authorized'

I can constantly reproduce this error:

1. Remove all cookies.
2. $ curl http://127.0.0.1:4567/api/users -H "Authorization: Bearer "
   "not-authorized"

If (and only if) I do these:

1. Remove all cookies.
2. $ curl http://127.0.0.1:4567/api/unread -H "Authorization: Bearer "
   {"showSelect": true,"nextStart": 0,"topics": [],"topicCount": 0, ...}
3. $ curl http://127.0.0.1:4567/api/users -H "Authorization: Bearer "
   {"users": [...], "pagination": {...}, ...}

from nodebb-plugin-write-api.

Still unable to reproduce. Both user and master tokens work correctly, and I cannot get not-authorized no matter what I try.

Perhaps it is the Node.js version you two are using? Use at least v4/5/6...

from nodebb-plugin-write-api.

Created token from Admin settings.
While accessing /users endpoint, I am getting not-authorised error

from nodebb-plugin-write-api.

@mzahidriaz-tr please open a new issue. This one is from 2016.

Please provide a cURL command demonstrating the issue.

from nodebb-plugin-write-api.