Unable to upload an image from Solidus API

Question

Unable to upload an image from Solidus API

Closed this issue 10 months ago · 3 comments

I'm trying to upload an image of a product through API following the documentation here https://solidus.stoplight.io/docs/solidus/77b87aeb0d589-create-product-image
The documentation is not clear, there is no example of how to specify attachment attribute (URL or base64) !

Solidus Version:
3.2

To Reproduce

Go to your favorite REST tool (Postman)
Fill the end point : http://localhost:3000/xxx/api/products/1/images
Fill the body

{
  "image": {
    "alt": "Test image upload",
    "attachment": "/Users/redabenh/Downloads/solidus-logo-dark.png"
  }
}

Current behavior
I get this error:

 
ActiveSupport::MessageVerifier::InvalidSignature (ActiveSupport::MessageVerifier::InvalidSignature):
  
activesupport (7.0.6) lib/active_support/message_verifier.rb:178:in `verify'
activerecord (7.0.6) lib/active_record/signed_id.rb:63:in `find_signed!'
activestorage (7.0.6) app/models/active_storage/blob.rb:87:in `find_signed!'
activestorage (7.0.6) lib/active_storage/attached/changes/create_one.rb:72:in `find_or_build_blob'
activestorage (7.0.6) lib/active_storage/attached/changes/create_one.rb:20:in `blob'
activestorage (7.0.6) lib/active_storage/attached/changes/create_one.rb:12:in `initialize'
activestorage (7.0.6) lib/active_storage/attached/model.rb:65:in `new'
activestorage (7.0.6) lib/active_storage/attached/model.rb:65:in `attachment='
solidus_core (3.3.0) app/models/concerns/spree/active_storage_adapter.rb:73:in `block (2 levels) in override_writer'
activemodel (7.0.6) lib/active_model/attribute_assignment.rb:49:in `public_send'
activemodel (7.0.6) lib/active_model/attribute_assignment.rb:49:in `_assign_attribute'
activerecord (7.0.6) lib/active_record/attribute_assignment.rb:21:in `block in _assign_attributes'
activerecord (7.0.6) lib/active_record/attribute_assignment.rb:13:in `each'
activerecord (7.0.6) lib/active_record/attribute_assignment.rb:13:in `_assign_attributes'
activemodel (7.0.6) lib/active_model/attribute_assignment.rb:34:in `assign_attributes'
activerecord (7.0.6) lib/active_record/core.rb:468:in `initialize'
activerecord (7.0.6) lib/active_record/inheritance.rb:75:in `new'
activerecord (7.0.6) lib/active_record/inheritance.rb:75:in `new'
activerecord (7.0.6) lib/active_record/reflection.rb:158:in `build_association'
activerecord (7.0.6) lib/active_record/associations/association.rb:337:in `build_record'
activerecord (7.0.6) lib/active_record/associations/collection_association.rb:348:in `_create_record'
activerecord (7.0.6) lib/active_record/associations/has_many_association.rb:140:in `_create_record'
activerecord (7.0.6) lib/active_record/associations/association.rb:204:in `create'
activerecord (7.0.6) lib/active_record/associations/collection_proxy.rb:348:in `create'
solidus_api (3.3.0) app/controllers/spree/api/images_controller.rb:18:in `create'
actionpack (7.0.6) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
actionpack (7.0.6) lib/abstract_controller/base.rb:215:in `process_action'
actionpack (7.0.6) lib/action_controller/metal/rendering.rb:165:in `process_action'
actionpack (7.0.6) lib/abstract_controller/callbacks.rb:234:in `block in process_action'
activesupport (7.0.6) lib/active_support/callbacks.rb:118:in `block in run_callbacks'
actiontext (7.0.6) lib/action_text/rendering.rb:20:in `with_renderer'
actiontext (7.0.6) lib/action_text/engine.rb:69:in `block (4 levels) in <class:Engine>'
activesupport (7.0.6) lib/active_support/callbacks.rb:127:in `instance_exec'
activesupport (7.0.6) lib/active_support/callbacks.rb:127:in `block in run_callbacks'
activesupport (7.0.6) lib/active_support/callbacks.rb:138:in `run_callbacks'
actionpack (7.0.6) lib/abstract_controller/callbacks.rb:233:in `process_action'
actionpack (7.0.6) lib/action_controller/metal/rescue.rb:23:in `process_action'
actionpack (7.0.6) lib/action_controller/metal/instrumentation.rb:67:in `block in process_action'
activesupport (7.0.6) lib/active_support/notifications.rb:206:in `block in instrument'
...

Expected behavior
image created an api return 201

Desktop (please complete the following information):

OS: IOS 12.0.1
Browser POSTMAN
Version [e.g. 22]

Additional context
I'm using postman to test the API

Answer 1 · 2023-07-22T14:33:48.000Z

After some tests , it works with curl directly in CLI

curl -i -X POST -H "Authorization: Bearer 1234X" -H "Content-Type: multipart/form-data" -F "image[attachment]=@/Users/redabenh/Downloads/solidus-logo-dark.png" -F "type=image/jpeg" http://localhost:3000/api/products/1/images

I think there is some security restriction executing the request form Postman !

Answer 2 · 2023-07-23T17:27:29.000Z

Perhaps the Postman application doesn't have access to the Downloads folder?

Answer 3 · 2023-07-28T10:25:59.000Z

Thanks @BenMorganIO that's the root cause 👍 but i'm unable to find how to authorize Postman to access to the Downloads folder.
I close this issue.