6

I am using Phil Sturgeon's REST server, CI3 and POSTMAN for debugging. I send a PUT with below info, however, I am not receiving the error messages expected.

Here is my form_validation.php:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

$config = array(
  'student_put' => array(
    array('field' => 'email_address', 'label' => 'email_address', 'rules' => 'trim|required|valid_email'),
    array('field' => 'password', 'label' => 'password', 'rules' => 'trim|required|min_length[8]|max_length[16]'),
    array('field' => 'first_name', 'label' => 'first_name', 'rules' => 'trim|required|max_length[50]'),
    array('field' => 'last_name', 'label' => 'last_name', 'rules' => 'trim|required|max_length[50]'),
    array('field' => 'phone_number', 'label' => 'phone_number', 'rules' => 'trim|required|alpha_dash'),
  )
);

?>

Here is my method in my controller Api.php:

function student_put(){
    $this->form_validation->set_data($this->put());
    // these are the rules set in config/form_validation.php
    if ($this->form_validation->run('student_put') != FALSE) {
        die('good data');
    } else { 
        $this->response( 
            array(
                'status'=> 'failure', 
                'message'=> $this->form_validation->get_errors_as_array(),
                ), 
            REST_Controller::HTTP_BAD_REQUEST  
        );
    }
}

This is in my libraries folder as MY_Form_validation.php:

<?php

class MY_Form_validation extends CI_Form_validation {

  function __construct($rules = array()) {
      parent::__construct($rules);
      $this->ci =& get_instance();
  }

  public function get_errors_as_array() {
      return $this->_error_array;
  }

  public function get_config_rules() {
      return $this->_config_rules;
  }

  public function get_field_names($form) {
      $field_names = array();
      $rules = $this->get_config_rules();
      $rules = $rules[$form];
      foreach ($rules as $index=> $info) {
          $field_names[] = $info['field'];
      }
      return $field_names;
  }
}

When I put following in POSTMAN:

X-API-KEY          123456
first_name         test
email_address      abc

This is the result I get:

{
  "status": "failure",
  "message": []
}

But I should be getting the validation errors.

As debugging steps, I have confirmed: - no auth errors - the form_validation.php is being read - if I change: 

'message'=> $this->form_validation->get_errors_as_array(),

to 

'message'=> 'test',

the postman returns:

{
"status": "failure",
"message": "test"
}

Any help very much appreciated.

larsAnders
  • 3,813
  • 1
  • 15
  • 19
spreaderman
  • 918
  • 2
  • 10
  • 39
  • what the setting in application/config/rest.php? – keronconk Apr 17 '16 at 06:14
  • Which setting in particular are you referring to. I guess I should avoid posting the enter file as very long. – spreaderman Apr 17 '16 at 06:27
  • What is the setting of $config['rest_auth'] and $config['rest_enable_keys'] ? – keronconk Apr 17 '16 at 06:31
  • I am running above with KEYS from keys table. $config['rest_auth'] = FALSE;$config['rest_enable_keys'] = TRUE;$config['rest_key_column'] = 'key'; When I run the PUT without X-API-KEY I get a 403 error as expected. When I insert the correct X-API-KEY I get 200. – spreaderman Apr 17 '16 at 06:40
  • Just found out that I may not be getting the data submitted by PUT. I use POSTMAN and made one KEY / VALUE pair first_name and 'Richard'. I assume I can catch the date like this: $data = array('email_address' => $this->put('email_address')); ... or ... echo like this: print_r($this->put('email_address')); Unfortunately, nothing is captured or displayed. Any help appreciated. – spreaderman Apr 17 '16 at 10:45
  • @keronconk and anyone: Cannot get data from put even with this: function student_put(){ $data = array('returned: '. $this->put('last_name')); $this->response($data); } In POSTMAN, I made a key pair last_name and value MREXAMPLE. The out put is: [ "returned: " ] – spreaderman Apr 17 '16 at 10:59
  • ok, seems like I am not the only one who has this problem. https://github.com/chriskacerguis/codeigniter-restserver/issues/641 – spreaderman Apr 17 '16 at 12:16
  • it can be because your setting, $config['rest_auth'] = FALSE; $config['rest_enable_keys'] = TRUE; $config['rest_key_column'] = 'key'; if you $config['rest_enable_keys'] = TRUE; at least $config['rest_auth'] = 'basic' or $config['rest_auth'] = 'digest'; – keronconk Apr 18 '16 at 03:37
  • @keronconk thanks for that reply. I get a 200 notice though. When I change the key I get 403 as expected. Would I still receive 200? Will try this evening and let you know. – spreaderman Apr 18 '16 at 05:27
  • @keronconk Thanks for above but I am not sure if the guidance you have provided is correct. I have changed to 'basis' and now I receive the error { "status": false, "error": "Unauthorized" }. Are you sure that with KEYS it is also required to use $config['rest_auth'] set to basic etc? I am not having any problems at all when I use get without $config['rest_auth'] set. For example; localhost:8000/Api/student/1 – spreaderman Apr 18 '16 at 10:35

2 Answers2

3

you must read this link,

http://code.tutsplus.com/tutorials/working-with-restful-services-in-codeigniter-2--net-8814

if you use apikey, you must set 

    $config['rest_auth'] = 'basic'
    $config['rest_enable_keys'] = TRUE;

also make a table in database for storing api key 

CREATE TABLE `keys` (
    `id` INT(11) NOT NULL AUTO_INCREMENT,
    `user_id` INT(11) NOT NULL,
    `key` VARCHAR(40) NOT NULL,
    `level` INT(2) NOT NULL,
    `ignore_limits` TINYINT(1) NOT NULL DEFAULT '0',
    `is_private_key` TINYINT(1)  NOT NULL DEFAULT '0',
    `ip_addresses` TEXT NULL DEFAULT NULL,
    `date_created` INT(11) NOT NULL,
    PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

insert into that database minimum 1 row, the important column only key, it is the apikey

the apikey must contains 40 digits alphanumeric for security reasons

and again, you must read documentation, and the rest.php in application/config

    $config['rest_valid_logins'] = ['admin' => '1234'];

that login is set by default, so you must insert that login in your header of client request, etc

    http_user           'admin'
    http_pass           '1234'
    X-API-KEY           '123456'
    first_name          test
    email_address       abc

if that header not work, try this

    http_user           'admin'
    http_pass           '1234'
    api_name            'X-API-KEY'
    api_key             '123456'
    first_name          test
    email_address       abc

if you have try request like this before with your

    $config['rest_auth'] = FALSE

actually you not yet securing your api webservice

keronconk
  • 359
  • 2
  • 10
  • Maybe you did not see my last comment? I have no authentication errors. I am able to obtain data from my db using only keys using GET + http://localhost:8000/Api/student/1 (If I change the key, I do get 403 error. With correct one I get 200). The problem I am having is with PUT (not authentication). Response received: {"status": "failure", "message": []} FYI, yes, am using a keys tables, etc. FYI, rest.php states MAX 40 chars for key. It can be less, in my case, 6 chars. In config, there is a setting, Allow Authentication and API Keys mean FALSE for just Keys and TRUE for both. – spreaderman Apr 22 '16 at 02:29
  • Do you mean in order to use PUT, I must use KEYS and, at minimum, BASIS auth? – spreaderman Apr 22 '16 at 02:31
  • Here is an identifical copy of the code I am using: https://github.com/alexmarton/RControl Just download and replace files in a fresh copy of codeigniter. The code is from a tutorial. – spreaderman Apr 23 '16 at 00:54
  • you must use authentication in all type of activities get, post, put, delete, and because of it, this technique of webservice called REST (Representational state transfer) – keronconk Apr 25 '16 at 12:04
  • I use GET will only KEYS and it works fine. Please show me where in the documentation that authentication is required (eg other than just keys). – spreaderman Apr 25 '16 at 23:04
  • you must read the rest.php in application/config, there are some comments you must read well – keronconk Jun 10 '16 at 12:22
  • thanks but can you highlight what? Obviously have gone through the config. As stated I am able to use just KEYS and it works. Do you know otherwise? – spreaderman Jun 10 '16 at 22:50
0

I was placing the PUT variables in the Headers tab within POSTman.

Only the X-API-KEY belongs in the request header. The rest of the data (e.g. email_address, first_name, etc) should be passed in the request body (e.g. from within the Body tab of POSTman).

All works correctly now.

spreaderman
  • 918
  • 2
  • 10
  • 39