Modify

Ticket #1302 (closed defect: fixed)

Opened 11 months ago

Last modified 11 months ago

API POST /member liefert trotz session_key "forbidden"

Reported by: seppelin@… Owned by: dark
Priority: critical Milestone:
Component: API Version: 2.0
Keywords: Cc: seppelin@…

Description

Es können keine Werte per API gepostet werden trotz gültigen session_keys und member-Zugriff

Ausführlicher Trace:

POST /session
Request Header

POST /session HTTP/1.1
Host: localhost
User-Agent: PHP LiquidFeedback API 0.1
Content-Type: text/xml
Content-Length: 24

key=XXXXXXXXChvD3XNnf99Y

Response Header

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Date: Sun, 29 Jul 2012 12:25:47 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Raw JSON Object

stdClass Object
(
    [session_key] => w8zTJUQypiyu6Rr0
    [status] => ok
)

GET /info?session_key=w8zTJUQypiyu6Rr0
Request Header

GET /info?session_key=w8zTJUQypiyu6Rr0 HTTP/1.1
Host: localhost
User-Agent: PHP LiquidFeedback API 0.1
Content-Type: text/xml

Response Header

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Date: Sun, 29 Jul 2012 12:25:47 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Raw JSON Object

stdClass Object
(
    [core_version] => 2.0.11
    [api_version] => 0.2.0
    [current_access_level] => member
    [current_member_id] => 1
    [member_ttl] => stdClass Object
        (
            [years] => 1
        )

    [settings] => stdClass Object
        (
            [result_row_limit] => stdClass Object
                (
                    [max] => 1001
                    [default] => 101
                )

        )

    [status] => ok
)

GET /member?session_key=w8zTJUQypiyu6Rr0&member_id=1
Request Header

GET /member?session_key=w8zTJUQypiyu6Rr0&member_id=1 HTTP/1.1
Host: localhost
User-Agent: PHP LiquidFeedback API 0.1
Content-Type: text/xml

Response Header

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Date: Sun, 29 Jul 2012 12:25:47 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Raw JSON Object

stdClass Object
(
    [result] => Array
        (
            [0] => stdClass Object
                (
                    [id] => 1
                    [name] => Administrator
                    [organizational_unit] => 
                    [internal_posts] => 
                    [realname] => 
                    [birthday] => 
                    [address] => 
                    [email] => 
                    [xmpp_address] => 
                    [website] => 
                    [phone] => 
                    [mobile_phone] => 
                    [profession] => 
                    [external_memberships] => 
                    [external_posts] => 
                    [statement] => 
                    [active] => 1
                    [locked] => 
                    [created] => 2012-07-08T16:55:56.789Z
                    [last_activity] => 2012-07-10
                )

        )

    [status] => ok
)

Random String to be written to website

cvyckjd0nl

POST /member
Request Header

POST /member HTTP/1.1
Host: localhost
User-Agent: PHP LiquidFeedback API 0.1
Content-Type: text/xml
Content-Length: 47

session_key=w8zTJUQypiyu6Rr0&website=cvyckjd0nl

Response Header

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Date: Sun, 29 Jul 2012 12:25:47 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Raw JSON Object

stdClass Object
(
    [status] => forbidden
)

Attachments

Change History

comment:1 Changed 11 months ago by dark

  • Status changed from new to accepted

Die Behandlung des session_key wurde bei POST-Requests nur unvollständig durchgeführt. Der Wert session_key wurde nur als GET-Parameter in der Request-URL berücksichtigt, nicht jedoch wenn er im POST-Body übermittelt wurde. Das spezifizierte Verhalten wurde in  http://www.public-software-group.org/mercurial/lfapi/rev/0eef836b8f54 implementiert und steht auch auf der Testumgebung zur Verfügung.

Bitte um Rückmeldung.

comment:2 Changed 11 months ago by seppelin@…

Danke für das Feedback. Mit der neuen Version funktioniert es! Wie kann ich denn mit mercurial auf die
neueste Revision updaten? Ich bin da nicht so der Experte und hg update hat mir nie Änderungen angezeigt, die geholt werden könnten. hg update -r 0eef836b8f54 lieferte auch nur 

abort: unknown revision '0eef836b8f54'!

Es ist ja wahrscheinlich nicht richtig, dass ich den API Server stoppe, das lfapi-Verzeichnis verschiebe, 

cd /opt
hg clone http://www.public-software-group.org/mercurial/lfapi

durchführe und config.js und node_modules rüberkopiere :-)

comment:3 Changed 11 months ago by dark

  • Status changed from accepted to closed
  • Resolution set to fixed

"hg pull" holt updates vom Repository-Server. Der übliche Workflow zum updaten ist:

hg pull
hg up

oder kurz zusammengefasst: 

hg pull -u

Ansonsten:  http://mercurial.selenic.com/wiki/Tutorial/

comment:4 Changed 11 months ago by seppelin@…

Danke!

View

Add a comment

Modify Ticket

Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

Attachments
 
Note: See TracTickets for help on using tickets.