Short problem description

When logging in using the API via the /sessions route, correct credientials are provided, but the following error is returned:

{
    "code": 500,
    "message": "An exception occurred while executing 'INSERT INTO phplist_admintoken (expires, value, adminid) VALUES (?, ?, ?)' with params [\"2017-12-04 15:09:49\", \"15574d49a0c75ff3f2f498e92ec9ca46\", 1]:\n\nSQLSTATE[HY000]: General error: 1364 Field 'entered' doesn't have a default value"
}

Steps to reproduce

1. Install using base-distribution via composer
2. Attempt to log in using Postman and the REST API using valid credentials, and an existing phpList 3 database

Expected behaviour

Login successful, token info is returned

Actual behaviour

Exception is returned

REST sessions should expire a certain time after the last interaction, i.e., the timer is reset each time the token ist used. This should help against attackers that find an old token.

Short problem description

Currently, you cannot add a subscriber to a specified list.

Short problem description

Currently, the API does not support removing subscribers from a particular list

https://en.wikipedia.org/wiki/JSON_Web_Token
https://jwt.io/
https://jwt.io/introduction/

Short problem description

Please provide a one-sentence summary of the problem.

This is not so much of an issue but more of a feature request to add the number of subscribers in the rest-api.

More: https://discuss.phplist.org/t/newbie-questions/4678/7

Short problem description

Currently, the API does not support subscriber removal.

Currently it is unclear which base URL should be used for sending API requests to. I believe that the standard label for this in API Blueprint format is 'HOST'. Please add the URL that should be used for receiving requests to the RestApi.apib file.

Short problem description

I almost had API working with 3.6.2, but was having trouble authenticating (getting credentials) with an error similar to this one: #57 so I tried upgrading. Admin site works fine and doesn't throw errors; however, trying to access the API is causing errors, see below:

Steps to reproduce

1. Upgrade to 3.6.3 from 3.6.2
2. Attempt to use phplist API

Expected behaviour

I'd love to be able to use the API. Authentication is another thing I guess I'll tackle later. It was giving me a really hard time before the upgrade to 3.6.3 from 3.6.2

Actual behaviour

Stack trace:
#0 /home/sierdcqi/public_html/lists/base/vendor/phplist/core/src/Core/ApplicationKernel.php(70): PhpList\Core\Core\ApplicationStructure->getApplicationRoot()
#1 /home/sierdcqi/public_html/lists/base/vendor/phplist/core/src/Core/ApplicationKernel.php(169): PhpList\Core\Core\ApplicationKernel->getApplicationDir()
#2 /home/sierdcqi/public_html/lists/base/vendor/phplist/core/src/Core/ApplicationKernel.php(147): PhpList\Core\Core\ApplicationKernel->readBundleConfiguration()
#3 /home/sierdcqi/public_html/lists/base/vendor/phplist/core/src/Core/ApplicationKernel.php(31): PhpList\Core\Core\ApplicationKernel->bundlesFromConfiguration()
#4 /home/sierdcqi/public_html/lists/base/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(493): Ph in /home/sierdcqi/public_html/lists/base/vendor/phplist/core/src/Core/ApplicationStructure.php on line 56

$corePackageIsRootPackage is returned false. Exception thrown because "there is no composer.json in the application root."
This package is installed on my server per the installation instructions and as mentioned above, is otherwise working fine except the API.

System configuration

Package version

Phplist version 3.6.3

PHP and Composer version

LiteSpeed Server
PHP version: 7.3.27
PHP post max size: 1 GB
PHP time limit: 1500
PHP max input vars: 2000
cURL version: 7.71.0, OpenSSL/1.1.1d

Short problem description

"Bad request" message displayed when you enter empty credentials or Empty JSON data

Expected behaviour

eg: if you enter empty crendetials, it is expected incomplete credentials message

Actual behaviour

"Bad request" message

Short problem description

The following JSON request is sent but 'incomplete credentials' are reported:

{
    "loginName": "admin",
    "password": "password"
}

Using a local PHP development server (http://127.0.0.1:8000/api/v2/sessions), with .htaccess in root dir removed (to avoid permission issues).

Steps to reproduce

1. Send a login request with above JSON using Postman Chrome app
2. Observe reported error

Expected behaviour

Session is created, success status returned

Actual behaviour

Error reported

System configuration

Package version

Installed base-distribution via composer

PHP and Composer version

PHP 7.1.11
Composer version 1.5.2 2017-09-11 16:59:25

Short problem description

Currently, you cannot add a list via the API.

Currently if an illegal request method is used for communication with the API, no response is returned and a PHP Fatal Error is triggered (Uncaught Symfony\Component\Routing\Exception\MethodNotAllowedException in /base-distribution/var/cache/prod/phplist4coreProdProjectContainerUrlMatcher.php:58).

Add exception handling and error reporting for such cases.

In the JSON data for the /api/v2/subscribers endpoint, for adding new subscriber, there should be an (optional) attribute for triggering the sending of the confirmation email (double opt-in) to the new subscriber. Such as "request_confirmation" : true.

This would be very helpful when e.g. using a custom subscribe form on a business website which interacts with phpList via the new API. Especially for websites in the European Union where a double-opt-in is mandatory.

• #74 Provide the code language in markdown files
• #75 make sure everything is fine both with the lowest as well as highest version of the dependencies http://naderman.de/slippy/slides/2017-07-13-T3DD17-Composer-Best-Practices.pdf
• #82 REST action: list of subscribers for a list
• #89 REST action: get list info
• document testing via Postman
• #91 Use the database test trait and web test base class
• #98 REST action: delete list
• #101 REST action: destroy session
• REST action: update list
• #81, #??? add system tests for all three environments
• require a JSON content type for the request and add tests for requests without content type
• in the wiki or README, create a table with possible resource/action combinations and their status
• document how to test this package without the base-distribution package
• make the project structure more similar to the default Symfony project structure
• add nice 404 error JSON responses
• #32 add error handling for illegal request methods
• #57 improve the error messages for missing json content type headers and incomplete credentials
• block authentication for disabled admins
• create a REST reading list in the wiki
• #32 Add error handling for illegal request methods (MethodNotAllowedException)
• #48 Look into nelmio/api-doc-bundle for creating API docs
• research how to have different levels of detail for the response
• research how to best model actions via a REST API
• research jsonapi.org
• rework the used HTTP status codes

To reduce download size, we should have a .gitattributes file that makes sure that development-only files (tests, CI stuff and non-production configuration) will not end up in the Composer packages and the ZIPs generated by GitHub.

Like this: MyIntervals/emogrifier@80266bb#diff-fc723d30b02a4cca7a534518111c1a66

This meta ticket covers the rest-api-related tasks for phase 2. The core-specific tasks are listed in phpList/core#125, the base-distribution-specific tasks are listed in phpList/base-distribution#18, the the web-distribution-specific tasks are listed in phpList/web-frontend#16.

• #21 fix the MySQL DB import in Travis
• #22 make sure Composer installs the latest version of the dependencies (was a packagist configuration issue)
• #23 get the Travis builds to work on Trusty
• #24 return error 400 for bad data, not a 500
• #25 return a JSON content type for the response
• #26 rename the branch alias from 4.0.0-dev to 4.0.x-dev https://getcomposer.org/doc/articles/aliases.md#branch-alias
• #28 add the Symfony console
• #29, #31 add host URL documentation
• #37 make this bundle known to the core
• #37 use the module registration hook
• #40 move the REST routing configuration to the rest-api package
• #56 switch to FOSRestBundle
• #62 finish the authentication, AKA REST API for handling authentication
• #62, REST API for reading lists and creating subscribers

Short problem description

I was testing /lists/2/members for some lists, and I noticed that for a list that has more than 50000 subscribers, an internal server error is given.

So in resume, (something that is not precisely specified on the docs) atm of write this, the api only allows you to:

• Create and Destroy Session
• Retrieve all subscriber lists
• Retrieve the info of a single list
• Delete a list
• Retrieve the subscribers of a list
• Add a subscriber

although the api is a great step in phplist its current functions/calls are very very reduced and of low usability

I would like to ask more functions/calls that make the api a little more functional like:

• Create a list
• Add subscribers to a list
• Remove subscribers
• Remove subscribers from a list
• Run a list/campaign

And other calls/functions that make more usable the Api

Thanks in advance

Short problem description

After settle phplist on my ubuntu server, the rest of the api method work fine, but except the subscriptions method return 404 not found when i use post method to https://example.com/lists/api/v2/subscriptions. i know this funtion is not include in default so i hv configure the file in /lists/base/rest-api like this PR, but it seem something still not right. any suggestion? thanks

System configuration

Package version

phplist 3.6.4

PHP and Composer version

PHP 7.4.9 Composer 1.10.10

• upgrade phpstan
• REST action: subscriber info
• REST action: delete subscriber
• REST action: update subscriber
• REST action: create list
• REST action: list of subscriptions for subscriber
• REST action: list of subscriptions for list
• REST action: create subscription
• REST action: update subscription
• REST action: delete subscription
• REST action: info for subscription
• research HAL JSON API
• drop the DI class and load the services via composer.json instead
• decide on what to log
• log things
• read up on REST formats
• support HTTP caching (last modified header, eTag, HEAD requests?), also research whether and how to use and set “valid until” headers
• research GraphQL
• investigate Symfony filters for authentication
• performance testing to have some numbers
• add a REST route for /api/
• add a REST route for /api/v2/
• investigate https://scrutinizer-ci.com/ and maybe use it
• investigate https://swagger.io/
• use stylecio to fix the style in PRs
• delete the old rewrite

Short problem description

Currently, the API does not support sending a campaign.

Dear All
Am testing the Rest API, and it works great.
The problem is how can I target a specific List.
and how can I add the attributes to the json?

try {
    $subscriberRequest = $client->request('POST', $base_uri . '/subscribers',
        [
            'headers' => [
                'Authorization' => 'Basic ' . $credentials,
                'Content-Type' => 'application/json',
            ],
            'json' => [
                'email' => '[email protected]',
                'confirmed' => true,
                'blacklisted' => false,
                'html_email' => true,
                'disabled' => false,
                
            ],
        ]
    );
} catch (\GuzzleHttp\Exception\GuzzleException $e) {
}

I can found nothing in the API Doc
https://github.com/phpList/rest-api/blob/master/docs/Api/RestApi.apib

This should be documented somewhere obvious to avoid confusion.

(moved from phpList/core#177)

Feature descriptions

This describes some required features of phpList 4. The features will be used to accommodate inter-dependency between groups of features and related functionality.

Subscribers

• Subscriber sign-up

  A new subscriber registers themselves

  • Required:
    • Valid subscriber data including preferences is stored
    • Subscriptions to supplied lists are created
    • If no lists are supplied then no subscription is created
    • The confirmation status is unconfirmed
    • An email confirmation request is sent to the supplied address
    • When the confirmation link is visited the subscriber is marked confirmed
  • Optional:
    • Supplied values for existing subscriber attributes are stored
    • Supplied values for non-existing subscriber attributes trigger error

• Import subscribers

  One or more subscribers are imported by an administrator

  • Required:
    • All validated subscribers are stored
    • Existing subscribers are matched against those being imported based on email address or foreign key (where available)
    • If update subscription is requested then identified subscribers will have their data replaced where it differs
    • Return a summary of the import result with total subscribers imported, updated, duplicated, and errored
  • Optional:
    • If dry run is requested then return a summary of import results but do not store subscribers
    • If send confirmation is requested then imported subscribers are stored unconfirmed
    • If send confirmation is requested then a confirmation link is created and email sent
    • If email validation is requested then subscribers with invalid email addresses will be discarded
    • If old email retention is requested then where old and new email addresses conflict, prefer the old
    • If invalid assignation is requested then parse and apply custom email address where invalid addresses are provided

Subscriptions

To be done

Lists

To be done

https://symfony.com/doc/3.4/security/api_key_authentication.html
https://symfony.com/doc/3.4/security/guard_authentication.html

We need to see whether this actually simplifies things, and whether this works well with FOSRestBundle.

Some browsers such as Internet Explorer require the ​nosniff header to be set and potentially dangerous characters to be encoded. Otherwise other websites embedding this resource could trigger a XSS vulnerability.

https://github.com/OAI/OpenAPI-Specification