ssossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

This topic contains 11 replies, has 5 voices, and was last updated by  diglin 3 years, 8 months ago.

  • Creator
    Topic
  • #2512

    arikurtz
    Participant

    Hi
    I’m having problem understanding exactly how are the API filter commands are to be executed. I see that the format is

    /api/rest/{version}/user/filter

    and for user command there is 2 filters of either email or username but I don’t understand exactly where to initiate these filter variables.

    All help will be greatly appreciated.

    Best Regards

    Ari Kurtz

Viewing 11 replies - 1 through 11 (of 11 total)
  • Author
    Replies
  • #2519

    Alexandr Smaga
    Participant

    Hi.

    Now only pagination supported in “list” requests. For user there is filter by email and username it should be called in following format

    #3189

    ZOTTIG
    Participant

    Hi
    Can you help me.
    How I can auth by WSSE in /api/rest with jquery?

    #3195

    Alexandr Smaga
    Participant

    Hello.

    Are you going to use REST inside the platform/crm application ?
    If so you do not need to pass WSSE because user already will have authorization cookie.

    JQuery code could be similar to following:
    $.ajax('http://crmdev.lxc/app_dev.php', {
    type: "GET",
    beforeSend: function(xhrObj){
    xhrObj.setRequestHeader("Authorization",'WSSE profile="UsernameToken"');
    xhrObj.setRequestHeader("X-WSSE", '');
    },
    });

    But keep in mind that to access from different domain you should allow CORS access.

    #3219

    ZOTTIG
    Participant

    Hi.
    I try this:

    And have result:

    What I doing wrong?

    #3224

    Alexandr Smaga
    Participant

    Hi.

    Recently we updated version of WSSE bundle and now it uses salt to generate “digest”. So i guess used app/console oro:wsse:generate-header command, am I right ?
    If so there will be small issue, here is a patch for you.

    Hope it will help.

    P.S. Also keep in mind that new version of WSSE bundle requires unique “nonce” on each request to prevent “replay attack”. So header should be regenerated with unique nonce.

    #3232

    ZOTTIG
    Participant

    Thank you very much! It works!
    How can I not regenerate headers each request? I have a lot of requests.

    #3239

    Alexandr Smaga
    Participant

    Seems that it’s correct behavior for WSSE. So for security reasons you should regenerate it.

    Please let us know if you have any other questions.

    #3288
    Dima Soroka
    Dima Soroka
    Oro Core

    @ZOTTIG, this is an issue, we’ll solve this in next release at the beginning of April.

    #3304

    diglin
    Participant

    The patch works for me too but regenerating each time the key is not fun….

    At the moment I generate those keys via CLI. But am I right? normally I should generate it only once to use it from a third party application. So @dima this is what you mean that it will be fixed and only once this key should be generated.

    Thanks for the reply

    #3310

    Alexandr Smaga
    Participant

    @diglin It will work as I described before(the same in WSSE specs). You can find algorithm for header generation in our GenerateWSSEHeaderCommand and implement it in your client application.

    Issue that will be fixed in next release is related to “salt”, the problem was that you unable to generate header without “salt” and regular user should not know anything about it.

    #3311

    diglin
    Participant

    @asmaga Thanks for the explanation

Viewing 11 replies - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.