Access token authenticated Member::currentUser() in onAfterDeserialize function

Question

Access token authenticated Member::currentUser() in onAfterDeserialize function

Closed this issue 8 years ago · 9 comments

I'm wondering it's possible to access Member::currentUser() data within the onAfterDeserialize function on my model.

I'm logging in and authenticating ok using the API and passing the token back which I can read in the canCreate() function.

Idea is that if a user creates an entry, it will put their ID against it in the onAfterDeserialize rather than posting up their ID

colymba commented 8 years ago

Awesome!

Answer 1 · 2016-11-18T09:21:53.000Z

If you are using the TokenAuth and the token is stored on a Member dataobject, when the Authenticator validates the token the Member gets login at the same time.

So theoretically, Member::currentUser() should work anywhere. Have you tried it?

Answer 2 · 2016-11-18T10:39:19.000Z

I think my problem my be that the member is authenticated when I log in and get their details, but i haven't set up the 'log' dataobject / endpoint to use the authenticated user...

Log:
  api_access: 'GET,POST'

Member:
  api_access: 'GET'
  extensions:
    - RESTfulAPI_TokenAuthExtension

Answer 3 · 2016-11-18T12:00:18.000Z

That config snippet seems fine. What's the config for RestfulAPI?

Answer 4 · 2016-11-18T12:57:19.000Z

config is

Log:
  api_access: 'GET,POST'

Member:
  extensions:
    - RESTfulAPI_TokenAuthExtension

# RestfulAPI config
RESTfulAPI:
  #authentication_policy: true
  access_control_policy: 'ACL_CHECK_CONFIG_AND_MODEL'
  dependencies:
    authenticator: '%$RESTfulAPI_TokenAuthenticator'
  cors:
    Enabled: true
    Allow-Origin: '*'
    Allow-Headers: '*'
    Allow-Methods: 'GET,POST'
    Max-Age: 86400
  RESTfulAPI_TokenAuthenticator:
    tokenOwnerClass: 'Member'

in my 'log' data object I have

public function onAfterDeserialize(&$data) { print_r($data); print_r(Member::currentUser()); print_r(Member::currentUser()->ID); }
which is displaying the data posted, but not the member info.

if i add a 'canCreate' function eg:

function canCreate($member = null) { if(!$member) $member = Member::currentUser(); print "create:"; print $member->ID; return true; }

then within there I can see the member info in there

Answer 5 · 2016-11-18T13:21:33.000Z

You need to uncomment authentication_policy: true (you can change true to an array of HTTP method if for example you only want to authenticate request that change data...). Adding the RESTfulAPI_TokenAuthExtension is not enough.

Am pretty sure you get a Member ID in the canCreate method because SilverStripe has its own Member retrieval mechanism if non is passed as argument.

Answer 6 · 2016-11-18T13:39:49.000Z

Hi there,

Many thanks - I think there's a combination of lots of things going on here - I'm getting close now.
One issue I seem to have is that $HTTP requests from AngularJS aren't sending the token in the required format - using POSTMAN is now working, so with that working it isolate the final issue.

Really appreciate your help, and once it's working and I get some free time I'll post my solution for other people reference.,

Answer 7 · 2016-11-18T13:47:29.000Z

by default the token has to be passed in an HTTP header X-Silverstripe-Apitoken
See https://github.com/colymba/silverstripe-restfulapi/blob/master/doc/TokenAuthenticator.md#restfulapi_tokenauthenticator

Or fall back to a query variable ?token

Answer 8 · 2016-11-18T15:14:44.000Z

I seem to have it all working now. Cheers.