REST API Getting Started Problems

Discussion in 'Developers' Forum' started by petzsch, Feb 2, 2017.

  1. petzsch

    petzsch New Member

    I'm fiddeling arround with the REST API and would like to autenticate my customers against ISPConfig (prior to letting them order stuff). I've looked at https://git.ispconfig.org/ispconfig/ispconfig3/tree/ispconfig-3.0.5/remoting_client/examples but couldn't find a client_login function. So I guess I will need to use client_get_by_username and compare the hashed password against what the user gave me.

    What I also noticed is that when posting my session_id to json.php?get_function_list I allways get a "message": "You do not have the permissions to access this function."

    Any help would be appreciated. :)
     
    petzsch, Feb 2, 2017
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, thats's probably the best way.

    Did you enable all checkboxes for the remote user?
     
    till, Feb 2, 2017
    #2
  3. petzsch

    petzsch New Member

    testwise, yes. still the same error.
    all i wanted are the client and billing functions.
     
    petzsch, Feb 2, 2017
    #3
  4. petzsch

    petzsch New Member

    Got the Auth middleware working :)

    PHP:
    <?php
    // Application middleware

    // e.g: $app->add(new \Slim\Csrf\Guard);
    use \Slim\Middleware\HttpBasicAuthentication\AuthenticatorInterface;

    class     ISPConfigAuthenticator implements AuthenticatorInterface
    {
        public function     __invoke(array $arguments)
        {
            function     crypt_password($cleartext_password)
            {
                    $salt "$1$";
                    $base64_alphabet 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
                for (    $n 0$n 8$n++) {
                        $salt .= $base64_alphabet [mt_rand(063)];
                }
                    $salt .= "$";
                return     crypt($cleartext_password$salt);
            }

            if (    $arguments ['user'] == NULL) return false;

                $http = \Httpful\Request::post("https://ISPCONFIG_URL/remote/json.php?login")->sendsJson()->body('
            {
                "username": "API_USER",
                "password": "API_PASSWORD"
            }'    )->send();
                $session $http->body->response;
                $http = \Httpful\Request::post("https://ISPCONFIG_URL/remote/json.php?client_get_by_username")->sendsJson()->body('
            {
                "session_id": "'     $session '",
                "username": "'     $arguments ['user'] . '"
                }'    )->send();
                $saved_password stripslashes($http->body->response->passwort);
            if (    crypt(stripslashes($arguments ['password']), $saved_password) != $saved_password)
                return     false;
            else {
                    $GLOBALS ['cid'] = $http->body->response->userid;
                return     true;
            }
        }
    }

    //$app = new \Slim\App ();

    $app->add(new \Slim\Middleware\HttpBasicAuthentication ([
            "path" => "/domains/",
            "realm" => "Protected",
            "authenticator" => new ISPConfigAuthenticator ()
    ]));
    A client_login function would be appreciated in the future for simple SSO :)
     
    petzsch, Feb 3, 2017
    #4
    till likes this.

Share This Page