I didn't quite like I didn't get the token as JSON.

This patch was sponsored by Tag1 Consulting .

Files: 
CommentFileSizeAuthor
token_service.patch1.57 KBchx
PASSED: [[SimpleTest]]: [MySQL] 1,589 pass(es).
[ View ]

Comments

Title:Add a token serviceAdd a CSRF token service

Status:Needs review» Needs work

The last submitted patch, token_service.patch, failed testing.

Status:Needs work» Needs review

Bot fluke.

Status:Needs review» Fixed

I have added some changes to the patch and committed it. Main change is:

-function _services_sessions_authenticate_call() {
+function _services_sessions_authenticate_call($module, $controller) {
   global $user;
   $original_user = services_get_server_info('original_user');
-  if ($original_user->uid != 0) {
+  if ($original_user->uid != 0 && $controller['callback'] != '_user_resource_get_token') {

As in case we are calling XMLRPC server we cannot depend on url.

Could we possibly have a new release with this service? Without it, you need to know the base URL to a site, which is impossible to determine from the endpoint URL. That's a big problem for Clients module.

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.