I'm trying to post a login json so I can create/update nodes. I don't require any advanced authentication. I just testing the concept.
My understanding is:
1) That I need to use the restws_auth_basic module. Is that true or could I just send the user/password json to the drupal site url?
2) I'm using the restws_auth_basic module. I keep getting a 403 failure; and, I cant't figure out the json requirements. I get the same results in PHP and using the HttpRequester FF plugin. I have done the following as per instructions:
a) I enabled the restws_auth_basic module and set the settings.php to
$conf['restws_basic_auth_user_regex'] = '/^webrstest.*/';
I have written no hook functions nor do I require any (I'm just accessing posted articles).
b) I created the restwstest account with a password of 'test' and gave permissions to the restws and node functions I was using.
c) My login json is:
{
"name":"restwstest",
"pass":"test",
}
d) Content type is application/json
e) url is http://localhost:8082/user/login (I also tried http://localhost:8082/user/login.json, leon)
What am I doing wrong? Additionally, is there anywhere I can go to GET examples? For instance, to update a node I do a get and alter one of the fields and then a PUT back the entire node. Is that true with restws?
Thanks
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous commentedHi,
The authentication works that way :
1: login /password should be send to the restws_basic_auth url : http://yourdrupal.com/restws/session/token.
They should be placed in the header (not in the content) using Basic access authentication.
Authorization should contain a stroing composed by (without quotes) : "Basic " followed by a Base64 encoding of "login:passwd".
For example :
2: The response returns a token that should be used for any further request, within the "X-CSRF-Token" header.
For example :
I use firefox Poster plug-in to test it, but I think there should be better tools for that...
Comment #2
KiTOxN CreditAttribution: KiTOxN commentedYou must send cookie in headers to do a CRUD action.
After submiting user and pass to http://example.com/restws/session/token you must get cookie from returned data headers.
I wrote a simple login function in python, hope it works for you.
and another function to request a node :
Hope it helps you.
sorry for my poor englishComment #3
mtiftHere is a (procedural) way of grabbing the data using PHP:
Comment #4
gregglesLots of good advice in this issue so far.
Nobody else has mentioned this so far, but I think that the username restwstest will not match the regular expression pattern: '/^webrstest.*/' which would prevent the user from being logged in.
Marking this fixed as there has been no followup from the original poster and there is some good advice on how to work with the module.
Comment #6
aalamaki CreditAttribution: aalamaki commentedHmm,
I've been struggling with trying to get the code from #3 to with the 7.x-2.0-alpha5 version of the module with no luck. Problem is when printing out the $result from just above the $token definition in the code, I get "HTTP/1.0 401 Unauthorized" etc. What I have done so far:
- enabled the restws and the basic auth module, didn't setup anything in settings.php
- created a user "aalamaki" and gave the necessary administrator role to access the restws
- trying to run the code on localhost from the command line on linux, the Drupal is running on the same server
Been trying this on two different servers now with no luck, could someone try to point me in the correct direction, is there something else required? Any help would be greatly appreciated... :)
Comment #7
giorgio79 CreditAttribution: giorgio79 commentedHere is a working php curl login
http://stackoverflow.com/questions/2140419/how-do-i-make-a-request-using...
Worked for me for Rest WS
PS :
LOST MORE INFO HERE
https://drupal.org/documentation/modules/rest
Comment #8
SMRussell CreditAttribution: SMRussell commentedHi all
I've just spent a few hours trying to work out how authentication works in RESTWS. The comments above are each only part of the story. Here's how I think it works. Correct me if I'm wrong.
Basically, you have two choices:
1. You can make REST calls (from within a browser with jQuery, for example) so long as you are logged in; that is, you have a valid session cookie. To prevent CSRF attacks, you will first need to go through the process in #1 above to get a token for a X-CSRF-Token header. You include this header in future requests, and your browser will provide the session cookie. (In case you're wondering, you need to provide the Authorization header to prove you're entitled to get the token.)
2. You use a Basic Authorization header on all REST calls. You don't need a session cookie. The format for the Authorization header is as specified in #1 above; ie
Authorization: Basic qsdjhqsdjqsnbdsjqdbqs=
The parameter is a base-64 encoding of the string "username:password".
BUT ... to use this option, you need to
a. Enable the "Basic authentication login" module (it's in the "Others" category)
b. Use a user account that starts with the required prefix; the default is "restws", as shown in #7 above. See the discussion in #1946108: Document the motivation for restws_basic_auth_user_regex for the motivation for this feature. Make sure you assign the appropriate permissions to your restws user account. (I put mine into an admin role I already had on my site. You might want to be more selective.)
Thanks to klausi for his help in figuring this out, and for the project. I think it's a very interesting addition to Drupal.
Comment #9
jasonlttl CreditAttribution: jasonlttl commentedI tried all the examples here with no success (possibly my bad) but was able to piece together a working example from #8 and prior posts. Below are the assumptions and some simple sample code:
As an aside, there's a few projects on github that may also be helpful if you search for restws and drupal.
Comment #10
akki1212 CreditAttribution: akki1212 as a volunteer and commentedHi,
I have created one page content entity =node/1 and able to get response in html format while hitting the url : GET http://localhost/mysite/node/1
but its showing "page not found" in browser and "404 not found" status in rest client when I use request http://localhost/mysite/node/1.json.
How can I get the content in json format representation when I use the request like GET http://localhost/mysite/node/1 bcz this request returning response in html format with whole page layout structure.But I want only content in json format.
yours help is greatly appreciate.
Thanks
Akki