Jump to:
| Project: | RESTful Web Services |
| Version: | 7.x-2.0-alpha4 |
| Component: | Documentation |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I'm trying to post a login json so I can create/update nodes. I don't require any advanced authentication. I just testing the concept.
My understanding is:
1) That I need to use the restws_auth_basic module. Is that true or could I just send the user/password json to the drupal site url?
2) I'm using the restws_auth_basic module. I keep getting a 403 failure; and, I cant't figure out the json requirements. I get the same results in PHP and using the HttpRequester FF plugin. I have done the following as per instructions:
a) I enabled the restws_auth_basic module and set the settings.php to
$conf['restws_basic_auth_user_regex'] = '/^webrstest.*/';
I have written no hook functions nor do I require any (I'm just accessing posted articles).
b) I created the restwstest account with a password of 'test' and gave permissions to the restws and node functions I was using.
c) My login json is:
{
"name":"restwstest",
"pass":"test",
}
d) Content type is application/json
e) url is http://localhost:8082/user/login (I also tried http://localhost:8082/user/login.json, leon)
What am I doing wrong? Additionally, is there anywhere I can go to GET examples? For instance, to update a node I do a get and alter one of the fields and then a PUT back the entire node. Is that true with restws?
Thanks
Comments
#1
Hi,
The authentication works that way :
1: login /password should be send to the restws_basic_auth url : http://yourdrupal.com/restws/session/token.
They should be placed in the header (not in the content) using Basic access authentication.
Authorization should contain a stroing composed by (without quotes) : "Basic " followed by a Base64 encoding of "login:passwd".
For example :
-- header--GET http://yourdrupal.com/restws/session/token
Content-Type : text/plain
Authorization : Basic qsdjhqsdjqsnbd:sjqdbqs=
-- content --
no content
2: The response returns a token that should be used for any further request, within the "X-CSRF-Token" header.
For example :
-- header--PUT http://yourdrupal.com/node/<nodeid>
Content-Type : text/plain
X-CSRF-Token: EvCdeRfltYdQTTJxBgGbNIK5d4DwxqCvDD5YqhPZaT4
Content-Type: application/json; charset=UTF-8
-- content --
{"title":"my new title"}
I use firefox Poster plug-in to test it, but I think there should be better tools for that...
#2
You must send cookie in headers to do a CRUD action.
After submiting user and pass to http://example.com/restws/session/token you must get cookie from returned data headers.
I wrote a simple login function in python, hope it works for you.
def login(u,p):url = 'http://<drupal-with-restws>/restws/session/token'
r = urllib2.Request(url,'',{'Authorization':'Basic '+base64.b64encode(u+':'+p)})
f = urllib2.urlopen(r)
cookie = f.headers.dict['set-cookie']
csrf = f.read()
return csrf,cookie
and another function to request a node :
def requestNode(nid,session,cookie):url = 'http://<drupal-with-restws>/node/' + nid + '.json'
r = urllib2.Request(url,'',{'Content-Type':'text/plain','X-CSRF-TOKEN':session,'Cookie':cookie})
r.get_method = lambda: 'GET'
f = urllib2.urlopen(r)
js = json.loads(f.read())
f.close()
return js
Hope it helps you.
sorry for my poor english#3
Here is a (procedural) way of grabbing the data using PHP:
<?php
// Login to the site
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://<drupal-with-restws>/restws/session/token');
curl_setopt($curl, CURLOPT_USERPWD, "restws_user:password");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HEADER, 1);
// Parse the header to get the token and cookie
$result = curl_exec($curl);
$token = substr($result, (strlen($result) - 43));
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $m);
$cookie = $m[1];
// Pull all nodes in json format
curl_setopt($curl, CURLOPT_URL, 'http://<drupal-with-restws>/node.json?type=article');
$headers[] = 'Content-type: application/json';
$headers[] = "X-CSRF-Token: $token";
$headers[] = "Cookie: $cookie";
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$json = curl_exec($curl);
print($json);
#4
Lots of good advice in this issue so far.
Nobody else has mentioned this so far, but I think that the username restwstest will not match the regular expression pattern: '/^webrstest.*/' which would prevent the user from being logged in.
Marking this fixed as there has been no followup from the original poster and there is some good advice on how to work with the module.
#5
Automatically closed -- issue fixed for 2 weeks with no activity.