Hi!

There seems to be a problem when trying to use resources together with the key authentication module. There are a couple of reasons for this:

1. Resource controller parameters must be defined with a source declaration, while services does not. This is all well and good, until you want to use the key authentication module. The problem is how the server declares the parameters, for instance:

  $arg_sessid = array(
    'name' => 'sessid',
    'type' => 'string',
    'description' => t('A valid sessid.'),
  );

This will work for services, but when using it with a resource, a source must be provided, like this:

  $arg_sessid = array(
    'name' => 'sessid',
    'type' => 'string',
    'description' => t('A valid sessid.'),
    'source' => array('param' => 'sessid'),
  );

This part of the problem is quite easy to fix (just add the source).

2. When a resource controller is about to be executed, it calls the function services_method_call, which in turn sets the authentication system in motion. The authentication system needs to know the method name, since it saves it in the database and links it to the key that is required to use this controller. The REST server passes the controller declaration to the server. According to the docs, this is valid, since the first parameter, $method_name can either be an array or the name of the service to call. Services uses a mapper to map all controller names to methods, in order to be able to handle both services and resources the same way. However, there are, as far as I know, no way to do this with just a controller, and without knowing which resource it belongs to, and this is needed.

As I see it, there is no way to fix this in the 2.x version without doing some big refactoring changes. However, it must be solved in some way in order to get resources to work properly in 2.x.

CommentFileSizeAuthor
#4 services-800472-2.patch2.79 KBfabsor
#1 services-834906.patch2.75 KBfabsor

Comments

fabsor’s picture

fabsor commented
StatusFileSize
new services-834906.patch2.75 KB

I created a patch against the 2.x branch that adds the 'source' declaration on the arguments that the keyauth module declares.

I also added a check in services_method_call that looks for two new declarations which the REST server should provide, resource_type and resource_name. If the REST server provides this parameters, you can successfully convert the resource controller into a services method, and the authentication will work.

This depends on a patch for the rest server module which I will post here: http://drupal.org/node/800472

If both this patches gets commited, we will have key authentication working without having to make an API change in a stable version (2.x.).

fabsor’s picture

fabsor commented
Status: Active » Needs review

This needs review, of course =)

Status: Needs review » Needs work

The last submitted patch, services-834906.patch, failed testing.

fabsor’s picture

fabsor commented
Status: Needs work » Needs review
StatusFileSize
new services-800472-2.patch2.79 KB

I messed up while editing some stuff in the patch file by hand. Let's try this again.

Status: Needs review » Needs work

The last submitted patch, services-800472-2.patch, failed testing.

fabsor’s picture

fabsor commented
Version: 6.x-2.2 » 6.x-2.x-dev

Changing this to dev.

fabsor’s picture

fabsor commented
Status: Needs work » Needs review

#4: services-800472-2.patch queued for re-testing.

Brandonian’s picture

Brandonian commented

I ran into the same issue with resources/key authorization. We essentially have the same solution for the source problem (adding a source for the parameters). This works fine, but it involves sending GET parameters for every call for a resource, which seems kind of broken. Ideally, wouldn't you want to send your parameters with POST when you're POST-ing? AFAIK, I don't think you can change where the parameter is coming from based on how the resource is being requested.

As for the second issue (method names being passed to controller), I ended up adding a hardcoded name to my resource definition. Since I'm having to write my own resources for my project anyway, it's not that big of a deal, but definitely lacks elegance.

'create' => array(
        'help' => 'Creates a resource',
        'file' => array('file' => 'inc', 'module' => 'ceen_service', 'file name' => 'ceen_resource'),
        'callback' => '_ceen_service_resource_create',
        'access callback' => '_ceen_service_access',
        'access arguments' => array('ceen resource create'),
        'access arguments append' => FALSE,
        'name' => 'resource_resource.create',
        'args' => array(
          array(
            'name' => 'data',
            'type' => 'struct',
            'description' => 'The resource data object',
            'source' => 'data',
            'optional' => FALSE,
          ),
        ),
      ),
fabsor’s picture

fabsor commented

The advantage of getting part two (the method names) into services and the REST server is that no API changes are needed for the end users, which is important since this is a stable release.

skyredwang’s picture

skyredwang
Location Shanghai
commented

Key Auth is home-brewed and incomplete protocol. Why don't you give OAuth a try? It was designed to work with resource oriented services.

fabsor’s picture

fabsor commented

Oauth is great, but if we have a key authentication module, it should work with both services and resources, unless otherwise stated.

kylebrowning’s picture

kylebrowning commented

#4: services-800472-2.patch queued for re-testing.

kylebrowning’s picture

kylebrowning commented
Status: Needs review » Fixed

Committed in dev.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.