indicia-team / drupal-7-module-indicia-api Goto Github PK

The user activation code attempts to log numerous messages but all fail.
This arises because activation is done from an email link and the request contains no api key.

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#11

Return ID of the new resources.

Samples within samples.

Whilst fixing something else, I spotted that $interim_image_folder is used on this line but not defined beforehand:

If apps are left in debug mode long term then the PHP error log and, to a lesser extent, the Drupal log become so full of the debug messages that it is hard to locate errors when they occur. Look for an alternative, e.g. using a separate file for debug. When doing so, ensure the content is stored securely as it will contain sensitive information.

Accept record model/submodels in JSON format and not in a destructured smpAttr:, occAttr:, sc: key value pairs (form-data)

This should closely resemble warehouse data services submission format.

This would need to support two-step image-record submission.

Differences from existing warehouse data submission fromat:
no website_id needed as this would be attached in the module.
type would be the model's type - Occurrence or Sample

{
  "id": "<set if updating existing>",
  "type": "sample",
  "fields": {
    "survey_id": { "value": "1" },
    "entered_sref": { "value": "SP41" },
    "entered_sref_system": { "value": "OSGB" },
    "date": { "value": "2013-06-13" },
    "comment": { "value": "This is an example record" },
    "smpAttr:3": { "value": "158" },
    "smpAttr:41": { "value": "" },
    "input_form": { "value": "node\/69" }
  },
  "subModels": [
    {
      "id": "<set if updating existing>",
      "type": "sample",
      "fields": {
        "survey_id": { "value": "1" },
        "entered_sref": { "value": "SP4123" },
        "entered_sref_system": { "value": "OSGB" },
        "date": { "value": "2013-06-13" },
        "comment": { "value": "This is an example record" },
      },
      "subModels": [
        {
          "id": "<set if updating existing>",
          "type": "occurrence",
          "fields": {
            "zero_abundance": { "value": "f" },
            "taxa_taxon_list_id": { "value": "30" },
            "record_status": { "value": "C" }
          }
        }
      ]
    }
  ]
}

This has been reported by LERC, iRecord and iMammalia apps all of which are linked to Drupal sites that use this module. These sites have disabled the anonymous submissions by setting -1 in the anonymous user ID field but it looks like the records are still passed through to the warehouse somehow.

Here are some logs for one of the submissions which looks OK.

All these have no recorder name and were made on the LERC Wales App on 07/05/2021
https://record.bis.org.uk/details/record?occurrence_id=20346608
https://record.bis.org.uk/details/record?occurrence_id=20345470
https://record.bis.org.uk/details/record?occurrence_id=20346683
https://record.bis.org.uk/details/record?occurrence_id=20346668
https://record.bis.org.uk/details/record?occurrence_id=20346615
https://record.bis.org.uk/details/record?occurrence_id=20345342
https://record.bis.org.uk/details/record?occurrence_id=20364956

Both these are recorder name bis employee, one on the LERC Wales App & one on iRecord App on 06/05/2021.
https://record.bis.org.uk/details/record?occurrence_id=20343280
https://record.bis.org.uk/details/record?occurrence_id=20343259

This one is admin core made using LERC Wales App on 03/05/2021
https://record.bis.org.uk/details/record?occurrence_id=20322349

The module includes Access-Control-Allow-Headers: 'Authorization' in responses but not x-api-key which is needed for authentication.
This error observed during preflight checks when trying to log in user.

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#8

Do not clutter the logs with duplicate or redundant data, better format system variables, do not expose sensitive info. More logging levels.

At the moment, it is only the occurrences that are checked, so empty lists pass through:

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#6

201 Created

"data": [{
"type": "samples",
"id": "1",
"attributes": {
"date": "1/2/2017"
},
...
415 Unsupported Media Type

{
"code" : 1234,
"message" : "Something bad happened :(",
"description" : "More details about the error here"
}

After an account activation attempt the code redirects to a page determined by variables 'indicia_api_registration_redirect' and 'indicia_api_registration_redirect_unsuccessful'.

There is no interface for setting these variables.

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#9

Use HTTP basic auth and authenticate with every request using user password and not a generated secret (not sure if it is gives anything much), hopefully, we should move towards OAuth sometime soon.

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#5

Allow to itterate faster and be more flexible making breaking changes.
/api/v0.1/ samples
/api/v0.1/ occurrences
/api/v0.1/ users

/api/v1.2/ samples

The training mode flag is not always working. I can see the record in Explore -> My Records list but when opening it I get this error:

I can see the record has been created and the training flag was sent with the occurrence:

[occurrences] => Array ( 
	[0] => Array ( 
		[external_key] => 5243cef3-4e54-40be-b709-b803f7416dc8 
		fields] => Array ( [taxa_taxon_list_id] => 228614 ) 
		[media] => Array ( ) 
		[training] => 1 
	) 
) 

note: this is a subsample occurrence, though I have noticed similar behaviour with a general iRecord App record.

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#10

Allow fetching samples/occurrences without going after a specific report.

eg. GET /api/v1/samples?filter=personal&sort=asc HTTP/1.1

"data": [{
"type": "samples",
"id": "1",
"attributes": {
...
},
"type": "samples",
"id": "2",
"attributes": {
...
}

Usernames shouldn't be emails by default as some of the systems (iRecord) exposes it in forums and elsewhere. It should be best generated from name+surname or required for the user manually set up.

Moved from Indicia-Team/drupal-7-module-iform_mobile_auth#7

502 Bad Gateway or 200 Success are not very useful, return better fitting statuses.