techjoomla / com_api Goto Github PK

file: \com_api_v1.6.2 (1)\site\libraries\plugin.php

line:
$plgfile = JPATH_BASE.self::$plg_path.$name.'/'.$name.'.php';

die ($plgfile) => /var/www/html/plugins/api/articles/articles/articles.php

problem: file "articles/articles/articles.php" not found

right path is:
$plgfile = JPATH_BASE.self::$plg_path.$name.'.php';

and all works with fix

Currently the request method is not visible in the logs. This should be saved in the DB and displayed on the logs page.

Hi,

I tried to install the com_api and the default user plugin. I got the error as HTTP ERROR 500 when I tried to open the url
https://xyz.com/index.php?option=com_api&app=users&format=raw&resource=users&key=mykey

There is nothing recorded on error_log so I am not able to catch the error. Server is using php 5.4, cent OS.
I guess somewhere issue in with http.php but it is a guess only as it seem this file is not loading
api.php
if (file_exists($c_path))
{
include_once $c_path;
$c_name = 'ApiController' . ucwords($c);
}

file do exists with full permission. Please share any hint as what could be wrong.

joomla error log, php error log all set to maximum. still not recording error but giving blank page(not 500 which was appearing before)

What happened to the jomsocial api plugin? the website said it was already available on github?

Steps to reproduce -

• Set Allow Cross Origin Requests to All
• Set CORS URLs / Domains to a particular site where you are consuming API's.
• Now hit the POST API.

You will get the below error in console.
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xyz.com' is therefore not allowed access.

Is anyone else getting this warning?

Hi Team,
I was searching for webservice for joomla and landed here. I have tried your plugin and it is working with the demo users plugin. I have requirement to allow external web applications(a wordpress site) to access my joomla system for some specific data. Earlier wordpress site used to have a iframe which points to my joomla page but now we want to move to webservice layer so that wordpress can fetch data using your webservice plugin from my joomla(com_api will be installed in joomla and a user key will be created).

I was reading tickets, documentation, issues mentioned by other users so as to gather more information. I came to know about issue: Token issue #27
#27

Now since the webservices will be called by a browser dependent client application (wordpress site) then does it mean the user(whosoever) opened the browser page of wordpress site(which makes call com_api the wordpress template or functions.php file) will be automaticly gets logged in joomla system too ? i.e wohosoever the user is, if opens my site www.xyzjoomla.com will be automaticly logged in joomla (using the user key I created) ? Is this correct ? I donot want any person browsing wordpress site gets logged in joomla system as they are not supposed to access joomla.

Please confirm if this is the behaviour and in such case do I need to modify authentication.php file?
https://github.com/techjoomla/com_api/blob/master/code/site/libraries/authentication.php

Thanks,
Amit

Hi,

I installed com_api and users plugin on my Joomla 2.5 website. I downloaded the zip file from github and installed by logging in as admin and installed it via extensions, add new. It installed the Module and Plugin (users). However when I try to access - http://mywebsite.com/index.php?option=com_api&app=users&format=raw&resource=login , it gives me 500 internal server error. Could someone please advise?

Thanks in advance

Add a router so that the following routes are supported. Users will not create a menu for com_api so the default Joomla routes will be used. If a plugin uses the id or alias parameters in querystring those can be rewritten by the route. All other query params will stay visible in the URL.

Basic route for app & resource

/components/api/:app/:resource

The URL ?option=com_api&app=<appname>&resource=<resource> will be written as the above route.

Add support for id / slug

/components/api/:app/:resource/:id or /components/api/:app/:resource/:alias

The URL ?option=com_api&app=<appname>&resource=<resource>&id=<id> will be written as the above route. In case the last segment is a non-integer it will be mapped as the alias param i.e. ?option=com_api&app=<appname>&resource=<resource>&alias=<alias>

Should allow configuring IP addresses to allow API requests from. Should be possible to define IP addresses as

• IP address
• IP address range
• CIDR block

Scenario: If users created with the mobile_no as their username then the com_api - user's login API does not recognize the user and throws an error 'User Not Found' exception.

JDatabase::getErrorNum() is deprecated, use exception handling instead.
JRegistry::getValue() is deprecated. Use get instead.

Hi Team,

Is there any default option for adding trusted IP. I wanted to restrict API Key access only from a trusted IP so that data is protected even if key is compromised. There will be chances that any user in team intensionally/unintentionally share key with any non-authorized user. So if request is coming from only trusted IP then allow else not. I understand that it does not guarantee data protection fully but still it is kind of additional level of protection.

If this feature is there then please guide otherwise I will add this through customization.

Thanks,
Amit

Hi, I want to use com_api to write an api for the Hikashop component. But when I use
ApiError::raiseError("ERR005", "Record not found", 'APINotFoundException');
I get this error.

Wrong parameters for APINotFoundException([string $message [, long $code [, Throwable $previous = NULL]]])

Good Day,,

this is a newbie question, i create on joomla specific user a.k.a (usrRequests) and add token in component on backend.

and this is the user story

-> user "test" login on joomla
-> then go to a menu item and show´s K2 component item
-> make a ajax request to the api, (using token from the usrRequests)
--> i set in /plugins/api/categories/categories.php
$this->setResourceAccess('company', '', 'post');
and in the ajax request
jQuery.ajax({ url: '/index.php?option=com_api&app=categories&resource=company&format=raw&mode=2&key=XXXXXXXXXXX', dataType: 'json', method: 'POST', cache: false, data: { info: formdata, time: jQuery.now() }, success: function (data, textStatus, jqXHR) { }, beforeSend: function (xhr) { }, error: function (jqXHR, textStatus, errorThrown) { console.log('An error occured!'); } });
every things and response it´s ok.. and all works fine
-> but it change the session from the user "test" to the user "usrRequests"

The question is

1. i need one token per user to make ajax requests?
2. is it possible to use a generic token or a single user token to make requests independent of the user who is authenticated in joomla?

Needs some thought around what are the minimum claims that need to be supported. Also need to support the exp claim to prevent replay attacks.

I have installed com api and users plugin.
I try to connect:
mydomain/index.php?option=com_api&app=users&format=raw&resource=loginkey=f501d684ccf92abba4e34cff53e82eee

But browser respond: could not get any respond
Request log is empty.
Apache2 log: http://prntscr.com/bq1ytu
Error after switching on Debug: Fatal error: Cannot redeclare class JDispatcher in mydomain\libraries\joomla\event\dispatcher.php on line 281
Please help me to connect correctly.

UPD:
When I change the com_api/libraries/plugin.php:58
//$dispatcher = JEventDispatcher::getInstance();
$dispatcher = JDispatcher::getInstance();
I see response in browser:
{"code":400,"message":"Users API Plugin not found, Users is probably not installed"}

On joomla 3.6.0

As I go in administrato com api / keys. If I try to create a new get I get this error (I'm on a test instance in debug mode)

Notice: Undefined property: JObject::$ordering in /home/ubuntu/com_api/code/admin/views/key/tmpl/edit.php on line 84 
Call Stack #TimeMemoryFunctionLocation 
10.0000239120{main}( )../index.php:0 
20.01281954472JApplicationCms->execute( )../index.php:51 
30.01281954776JApplicationAdministrator->doExecute( )../cms.php:257 
40.18985947272JApplicationAdministrator->dispatch( )../administrator.php:152 
50.18995948608JComponentHelper::renderComponent( )../administrator.php:98 
60.19095976344JComponentHelper::executeComponent( )../helper.php:380 
70.19106001400require_once( '/home/ubuntu/com_api/code/admin/api.php' )../helper.php:405 
80.19476156904JControllerLegacy->execute( )../api.php:28 
90.19476157120ApiController->display( )../legacy.php:728 100.19496171448JControllerLegacy->display( )../controller.php:30 
110.19686359840ApiViewKey->display( )../legacy.php:690 
120.21136815848JViewLegacy->display( )../view.html.php:54 130.21136816360JViewLegacy->loadTemplate( )../legacy.php:209 
140.21166861720include( '/home/ubuntu/com_api/code/admin/views/key/tmpl/edit.php' )../legacy.php:670 " /> 

The problems comes from a hidden field calling item->ordering which does not seems to exists.

<input type="hidden" name="jform[ordering]" value="<?php echo $this->item->ordering; ?>" />

Commenting this line, makes it work.

Hi
Could you explain this in more depth please

Documentation says:
key / token
It’s also possible to use the /api/user/login API to login using username and password and get a token in response.

Should I create plugin user and public resource login that accepts username and password with simple logic that checks user credentials and then inserts userid and hash (key) in table #__api_keys?

I have been using com_api successfully for the best part of 2 years. It has worked perfectly well for my use case running Joomla 3.6.X. However, upon upgrading to 3.9.1 and then 3.9.2 and now 3.9.3, it has been noticed that when using my custom plugin, which I have stripped down completely to only return a hardcoded string, the user session is still being killed.

I have the plugin set to use setResourceAccess to public.

I am calling the API via an AJAX request, which returns the string. However, the user has already been logged out at before this request is even made.

Anyone have this successfully running in the latest version of Joomla?

Hello
There is no License file. What is the status of this ?
Is it free to use, can u make it GPL ?
Thanks <3

First of all thanks for this nice contribution in Joomla ecosystem. May be it's too basic question, But I am wondering for subsequent API calls how I will pass jwt token . In header ? I could not find anything in documentation, documentation is saying to pass Auth token .. But If I like to use jwt what I have to do ?

I had to comment this lines on the view

JHtml::('behavior.tooltip');
JHtml::('behavior.formvalidation');
JHtml::('formbehavior.chosen', 'select');
JHtml::('behavior.keepalive');

In site/controlers/keys.php the ApiControllerKeys::checkAccess method is totally wrong (checking ACL as if it was running for joomla 1.5).

Code should be either updated to use authorize, either de-activated for now.

Joomla 3.3.6
com_api, latest version

After installing the latest version the following error occurs

An error has occurred.
0 Unknown column 'a.checked_out' in 'on clause' SQL=SELECT COUNT() FROM jir57_api_keys AS a LEFT JOIN jir57_users AS uc ON uc.id=a.checked_out LEFT JOIN jir57_users AS userid ON userid.id = a.userid LEFT JOIN jir57_users AS created_by ON created_by.id = a.created_by Unknown column 'a.checked_out' in 'on clause' SQL=SELECT DISTINCT a.,uc.name AS editor,userid.name AS userid,created_by.name AS created_by FROM jir57_api_keys AS a LEFT JOIN jir57_users AS uc ON uc.id=a.checked_out LEFT JOIN jir57_users AS userid ON userid.id = a.userid LEFT JOIN jir57_users AS created_by ON created_by.id = a.created_by ORDER BY a.id asc LIMIT 0, 20 Unknown column 'a.checked_out' in 'on clause' SQL=SELECT COUNT(*) FROM jir57_api_keys AS a LEFT JOIN jir57_users AS uc ON uc.id=a.checked_out LEFT JOIN jir57_users AS userid ON userid.id = a.userid LEFT JOIN jir57_users AS created_by ON created_by.id = a.created_by

On a high API transaction site, the queries for this table are running rather slow due to the absence of indexes. So indexes need to be added for the following columns in the keys table

• userid
• key

If you set the domain field for an api key, you can call a function with any domain, even empty domain.

Currently the com_api framework sets the JUser object for any API call based on the token passed in the Authorization header. Plugins can then access the user object making the API call via $this->plugin->get('user').

This feature adds support for a new X-Impersonate header which allows the API caller to set a different user than the one making the API call. The Impersonate header can accept either the id, username or email of the user to impersonate.

The Impersonate header cannot be used by all users, only by Super Users.

Consider the example below

Case 1
GET /jgive/campaign
Authorization : Bearer rrrrrr
X-Impersonate : 21

In this case the user object available to the campaign resource will be that of userid 21.

Case 2
GET /jgive/campaign
Authorization : Bearer jjjjjj
X-Impersonate : 22

This API call will return a 403 error since the user with token jjjjjj is not allowed to use impersonation.

Case 3
GET /jgive/campaign
Authorization : Bearer rrrrrr
X-Impersonate : email:[email protected]

In this case the user object available to the campaign resource will be that of userid 22 i.e. the user with the email [email protected]

Case 4
GET /jgive/campaign
Authorization : Bearer jjjjjj

This is how com_api works as of today, the campaign resource will receive the user object for userid 21

In the admin, currently when I click on delete directly deletes the selected entries without asking for a confirmation.

Hi,
Apology I have to post this query in this repo issues, as the other repo - techjoomla/com_api-plugins#93, is not active. I am trying to expose joomla content through REST APIs using com_api. While installing plugins from com_api_plugins, I am getting error - > Call to a member function children() on null.
Version details
Joomla version - 3.9
php version - 7.0.10.

Can you please help?

Does the extension supports pagination? I want to implement infinite scroll in my mobile app.

If yes, how it's impemented?

Thanks

Deprecated: Non-static method ApiAuthentication::getAuthMethod() should not be called statically in /components/com_api/libraries/authentication. on line 34

Currently it is possible to send tokens via GET or POST. This means that token values will get logged in logs etc, and generally its a bad practice to send tokens via URLs.

Since we are already accpeting tokens via the Bearer Authorization, the support for tokens in request variables should be dropped.

Implement CORS support for com_api in the following way

Create 2 config options

• Enable CORS
  This will be a radio with options as GET, POST and All

• CORS domains
  This will be a textarea that accepts one domain per line

Based on the values of these configurations, the CORS headers are set. If the config is set to POST, then com_api should also be able to respond to a pre-flight OPTIONS request with the right headers.

The following CORS headers need to be set based on the following flowchart -
https://www.html5rocks.com/static/images/cors_server_flowchart.png

I got Following Error

Notice: Trying to get property of non-object in /var/www/joomla/components/com_api/libraries/plugin.php on line 61

I using Joomla 3.6.4 Version

When I deactive User Plugin get following 👍

Notice: Trying to get property of non-object in /var/www/joomla/components/com_api/libraries/plugin.php on line 61
[{"id":"209","name":"employer","username":"jsjobs_employer","email":"[email protected]","block":"0","sendEmail":"0","registerDate":"2016-09-20 12:04:58","lastvisitDate":"0000-00-00 00:00:00","activation":"","params":"{"admin_style":"","admin_language":"","language":"","editor":"","helpsite":"","timezone":""}","lastResetTime":"0000-00-00 00:00:00","resetCount":"0","otpKey":"","otep":"","requireReset":"0","group_count":"1","group_names":"Registered","note_count":0},{"id":"211","name":"hghjsgfhjdsfdhsj ghjdfhjsdfhjsdfdsj","username":"[email protected]","email":"[email protected]","block":"0","sendEmail":"0","registerDate":"2016-11-09 08:34:48","lastvisitDate":"2016-11-09 08:34:48","activation":"","params":"{}","lastResetTime":"0000-00-00 00:00:00","resetCount":"0","otpKey":"","otep":"","requireReset":"0","group_count":"1","group_names":"Registered","note_count":0},......

When i active User Plugin get following 👍

{"code":400,"message":"Users API Plugin not found, Users is probably not installed"}

I try to use com api as angular-resource, but I have one issue, Joomla doesn't allow me to log out, it returns me "Invalid token" on a white page and user doesn't log out.
I call to api without key, as I understand the plugin create a token if I do not use key as GET parameter.
When I use key generated for admin, joomla make automatically logging as admin after page refresh and without login-password input!
What I need to fix the problem?

Hi, I installed this component , but i confused that how to call api methods.

please show the calling url or url structure.

Thanks
Gaurav

If you try to delete more than one log, only the first one will be deleted.

I think there is a need for some documentation here guys, don't you?

If you request an api with a non-existent key the component returns the error "403 - API Key Disabled" instead of "403 - API Key Not Found"

Currently, the token needs to be passed via a key request parameter. This means that in several cases the token must be passed via the URL. To improve security support sending the token in the Authorization header.

Some servers need special configuration to expose the Authorization headers to PHP. To work around this, also support the X-Authorization header along with the Authorization.

Plugin only works if it is disabled.
Joomla! 5.2.7 + PHP 5.5.12

When the component gets installed, a menu should be automatically created with the the alias as api.

After looking on your Documentation I haven't found anything about compatible version which com_api version support, I tried (from https://extensions.joomla.org/extension/rest-api/) com_api_v1.5.1.zip, com_api_v1.6.2.zip , com_api_v2.2.zip versions
but in all faced with Error! Could not find a Joomla! XML setup file in the package

which version of Joomla com_api support ? I want to have it in joomla 1.5, what is your suggestion?

If you use Username and Password Authentication Method, the component doesn't log properly the requests.