I'm not sure wether this is a Services (Services Keyauth) or REST server issue, feel free to move it ;)

I'm using services 2.1 with REST server, configured to use the sessid as authentication key. All anonymous services work fine.

However, for services defined with '#auth' => TRUE and '#key' => TRUE, I keep getting ;

"HTTP/1.0 406 Not Acceptable: Missing required argument sessid".

Even when the sessid is clearly present in the request (no matter what method), f.e. "/services/rest/favorite?sessid=XXX"
I went back and saw that keyauth changes method and adds the sessid argument in it's alter_methods call:

_services_keyauth_alter_methods

  // sessid arg
  $arg_sessid = array(
    'name' => 'sessid',
    'type' => 'string',
    'description' => t('A valid sessid.'),
  );

Now, the problem is that REST server only checks the "source" attribute of each field, but none is defined for the sessid. It won't find one and throws the 406.

RESTServer.inc

      foreach ($controller['args'] as $i => $info) {
        // Fill in argument from source
        if (isset($info['source'])) {
          if (is_array($info['source'])) {
            list($source) = array_keys($info['source']);
            $key = $info['source'][$source];
            if (isset($sources[$source][$key])) {
              $arguments[$i] = $sources[$source][$key];
            }
          }
          else {
            if (isset($sources[$info['source']])) {
              $arguments[$i] = $sources[$info['source']];
            }
          }

When I manually add "'source' => array('param' => 'sessid')," to the sessid field it works fine.

Did I overlook something here?

CommentFileSizeAuthor
#6 rest_server-mduvergey-1.patch2.24 KBmduvergey
#6 services-keyauth-mduvergey-1.patch614 bytesmduvergey
#2 rest_server-800472.patch2.07 KBfabsor

Comments

fabsor’s picture

fabsor commented

I'm having the same problem, and it also applies to using an api key, since it requires sending some parameters which are missing the #source parameter.

The #source argument is not required for ordinary services functions declared with hook_service, but they are apparently a requirement if you are using the REST server and defines a resource rather than a function.

fabsor’s picture

fabsor commented
Status: Active » Needs review
StatusFileSize
new rest_server-800472.patch2.07 KB

I posted an issue with a patch in the services issue queue here: http://drupal.org/node/834906

In order to get this to work we need to get a patch into the 2.x branch of the rest_server module which adds two parameters to each controller, what type it is (retrieve, create, ...) and which resource it belongs to. If services gets this information, it can successfully convert the controller into a method, and the authentication will work fine.

edonnelly’s picture

edonnelly commented

subscribing

edonnelly’s picture

edonnelly commented

I'm getting this error and the patch did not work for me. I am running:

REST Server 6.x-2.0-beta3
Services 6.x-2.4

In post #2 it says an issue in Services queue was added, and from the looks of the source of the current (6.x-2.4) version, the patched offered there has been fully and correctly incorporated into the code, so that should just leave this patch (#2) to be done for the REST Server, but even after manually applying it I still get the "missing sessid" error above when I try to save (create) a node. I have no problems, however, retrieving views (views.get) either with or without the above patch.

The patch was posted in June and nobody has weighed in on it either way. Anyone else having this problem and/or resolving this problem with the above patch?

Thanks.

matslats’s picture

matslats commented
Component: Code » Miscellaneous

It seems to me that the resolveController function expects to receive arguments stripped of authentication parameters. I can't see how key authentication is supposed to work.
This page doesn't help at all: http://drupal.org/node/400212 since the request string it generates is badly formed
$request_url = $domain.'/method=user.get&uid=0&hash='.$hash.'&domain_name='.$domain.'&domain_time_stamp='.$timestamp.'&nonce='.$nonce;
I suspect it is way out of date as well.

mduvergey’s picture

mduvergey commented
StatusFileSize
new services-keyauth-mduvergey-1.patch614 bytes
new rest_server-mduvergey-1.patch2.24 KB

After some struggle, I was able to get REST Server working with Keyauth.

My setup is :
REST Server 6.x-2.0-beta3
Services 6.x-2.4

I applied a modified version the patch in #2 (the resource_name property was not set).
I also created a patch for the services_keyauth.inc file in module Services (fixes a SQL query problem that prevents the module from fetching the API key).

See also:
#919646: Problem using key_auth with Rest_server - mysqli_real_escape_string
#921372: Incorrect data use?