[bd] API 1.6.3

[Bobsilvio]

The user group system in XF is pretty unique so it doesn't make sense to expose to external system. In our experience, if you want to sync paid user status, it's simpler to sync user groups (normally user group adds user into special group). This add-on also include websub support so it's pretty efficient.

Thanks, and what is the function to do this?

 

[Deleted member 91401]

@xfrocks hey, looking at using your API.

I'm struggling how to figure out how to let users generate their own "auth"or "access" codes so they can use them to login to programs or web pages that require a valid auth/access code ?

 

[Deleted member 91401]

@xfrocks he what's the post url request for verifying an access token? I can't figure it out
I want users to have to put their access token into a. Net program I'm developing but can't figure out the api url to post the token too for verification?

 

[xfrocks]

@xfrocks he what's the post url request for verifying an access token? I can't figure it out
I want users to have to put their access token into a. Net program I'm developing but can't figure out the api url to post the token too for verification?

If you have a token, it doesn't need to be verified. The token is generated by the server and given to you via one of the OAuth authentication flows.

 

[otto]

Hello @xfrocks

I have several errors like this one with members who try to use 2 factor identification at my xenforo 1.5.22

ErrorException: count(): Parameter must be an array or an object that implements Countable - library/bdApi/Lib/oauth2-server-php/src/OAuth2/Response.php:369
Generiert durch: XXX, 3.06.2020

#0 [internal function]: XenForo_Application::handlePhpError(2, 'count(): Parame...', '/var/www/vhosts...', 369, Array)
#1 /var/www/vhosts/xxx.de/httpdocs/forum/library/bdApi/Lib/oauth2-server-php/src/OAuth2/Response.php(369): count('redirect_to=htt...')
#2 /var/www/vhosts/xxx.de/httpdocs/forum/library/bdApi/Lib/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php(165): OAuth2\Response->setRedirect(302, 'https://foto.xxx...', '', 'access_denied', 'The user denied...')
#3 /var/www/vhosts/xxx.de/httpdocs/forum/library/bdApi/Lib/oauth2-server-php/src/OAuth2/Controller/AuthorizeController.php(129): OAuth2\Controller\AuthorizeController->setNotAuthorizedResponse(Object(OAuth2\Request), Object(OAuth2\Response), 'https://foto.xxx...', 1624)
#4 /var/www/vhosts/xxx.de/httpdocs/forum/library/bdApi/Lib/oauth2-server-php/src/OAuth2/Server.php(382): OAuth2\Controller\AuthorizeController->handleAuthorizeRequest(Object(OAuth2\Request), Object(OAuth2\Response), false, 1624)
#5 /var/www/vhosts/xxx.de/httpdocs/forum/library/bdApi/OAuth2.php(109): OAuth2\Server->handleAuthorizeRequest(Object(OAuth2\Request), Object(OAuth2\Response), false, 1624)
#6 /var/www/vhosts/xxx.de/httpdocs/forum/library/bdApi/XenForo/ControllerPublic/Account.php(475): bdApi_OAuth2->actionOauthAuthorize2(Object(Dadparvar_notifications_Extend_XenForo_ControllerPublic_Account), Array, false, 1624)
#7 /var/www/vhosts/xxx.de/httpdocs/forum/library/XenForo/FrontController.php(369): bdApi_XenForo_ControllerPublic_Account->actionAuthorize()
#8 /var/www/vhosts/xxx.de/httpdocs/forum/library/XenForo/FrontController.php(152): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#9 /var/www/vhosts/xxx.de/httpdocs/forum/index.php(13): XenForo_FrontController->run()
#10 {main}

array(3) {
  ["url"] => string(291) "https://www.xxx.de/forum/account/authorize?client_id=59esjzwr12&response_type=code&redirect_uri=https%3A%2F%2Ffoto.xxx.de%2Fwp-login.php%3Fredirect_to%3Dhttps%253A%252F%252Ffoto.xxx.de%252Fcategory%252Ffotowettbewerbe%252F%26xfac%3Dcallback&scope=read+post+conversate"
  ["_GET"] => array(4) {
    ["client_id"] => string(10) "xyz"
    ["response_type"] => string(4) "code"
    ["redirect_uri"] => string(132) "https://foto.xxx.de/wp-login.php?redirect_to=https%3A%2F%2Ffoto.xxx.de%2Fcategory%2Ffotowettbewerbe%2F&xfac=callback"
    ["scope"] => string(20) "read post conversate"
  }
  ["_POST"] => array(4) {
    ["scopes"] => array(3) {
      [0] => string(4) "read"
      [1] => string(4) "post"
      [2] => string(10) "conversate"
    }
    ["scopes_included"] => string(1) "1"
    ["cancel"] => string(9) "Abbrechen"
    ["_xfToken"] => string(8) "********"
  }
}

Can you help with a hint what the problem will be?

I have the xenforo 1.5.22 under https://www.xxx.de/forum and the Wordpress 5.4.2 under https://foto.xxx.de if it helps.

Greetings

 

[HomerJ]

I think I've found a bug with PUT /posts/:postId. Thread titles are not updated unless the user or one of the users groups has been given the Manage (move, merge, etc.) thread by anyone moderator permission? With permissions set correctly (i.e. regular users have no mod permissions, but can edit titles in a specific forum section), post body is updated fine (via api), and user can edit their own title on the forum - but title doesn't update via the api. XF ver 1.5.22. BdApi ver 1.6.1.

Any chance you could take a look at this?

Edit: Upgraded to 1.6.3 and get this error on attempting post:
Parse error: syntax error, unexpected ')' in \library\bdApi\ControllerApi\Post.php on line 566 I've just checked and this is due to an extra comma at the end of the line. Edit 3: Just submitted this as an issue on github

Edit 2: I fixed the error with the additional comma. From initial testing I think the updating title permissions issue is fixed. Noticed an issue in the logs though - anything to do with HTML in the return object - it shows (object:XenForo_BbCode_TextWrapper) instead of a snippet of the actual HTML. (The actual output on the client end looks fine though).

 

[xfrocks]

I have several errors like this one with members who try to use 2 factor identification at my xenforo 1.5.22

This looks like a bug in one of the external library. It seems to be fixed here, I'll pull it in and release a new version soon.

I think I've found a bug with PUT /posts/:postId. Thread titles are not updated unless the user or one of the users groups has been given the Manage (move, merge, etc.) thread by anyone moderator permission? With permissions set correctly (i.e. regular users have no mod permissions, but can edit titles in a specific forum section), post body is updated fine (via api), and user can edit their own title on the forum - but title doesn't update via the api. XF ver 1.5.22. BdApi ver 1.6.1.

Any chance you could take a look at this?

Edit: Upgraded to 1.6.3 and get this error on attempting post:
Parse error: syntax error, unexpected ')' in \library\bdApi\ControllerApi\Post.php on line 566 I've just checked and this is due to an extra comma at the end of the line. Edit 3: Just submitted this as an issue on github

Edit 2: I fixed the error with the additional comma. From initial testing I think the updating title permissions issue is fixed. Noticed an issue in the logs though - anything to do with HTML in the return object - it shows (object:XenForo_BbCode_TextWrapper) instead of a snippet of the actual HTML. (The actual output on the client end looks fine though).

I have addressed your issue regarding the trailing comma. Regarding the edit title permission, it is indeed a bug. It's checking for canEditThread instead of the correct one (canEditThreadTitle). A new version will be released soon to address this.

 

[xfrocks]

xfrocks updated [bd] API with a new update entry:

New release v1.6.3

• PHP 7.3 support
• Added GET /users/fields
• Added POST /lost-password
• Added GET /threads/:threadId/navigation
• Added GET /posts/unread
• Added POST /notifications/custom
• Added GET /threads/:threadId/poll
• Added param fields for POST /users
• Added param before and after for GET /conversation-messages...

Read the rest of this update entry...

 

[HomerJ]

This looks like a bug in one of the external library. It seems to be fixed here, I'll pull it in and release a new version soon.




I have addressed your issue regarding the trailing comma. Regarding the edit title permission, it is indeed a bug. It's checking for canEditThread instead of the correct one (canEditThreadTitle). A new version will be released soon to address this.

Great work man, thanks

xfrocks updated [bd] API with a new update entry:

New release v1.6.3
Read the rest of this update entry...

Did you address the trailing commas in this release or will this be done soon? Thanks

Edit: Ignore, I see you did, many thanks - appears to be working nicely.

 

[HomerJ]

Is it possible to remove/reduce the rate limiting?

 

[xfrocks]

Is it possible to remove/reduce the rate limiting?

This add-on doesn't impose a rate limit. Maybe your web server is blocking it?

 

[HomerJ]

This add-on doesn't impose a rate limit. Maybe your web server is blocking it?

Hmm. When I try to perform 2 api requests (e.g. posting a new thread) quickly, the JSON response asks to wait x number of seconds (about 20) before performing another request. I wonder if this is a Cloudflare setting? Or maybe an XF setting? I figured it was built into bdApi as the message is the JSON response.

I'll confirm by testing on my local machine again.

 

[xfrocks]

Hmm. When I try to perform 2 api requests (e.g. posting a new thread) quickly, the JSON response asks to wait x number of seconds (about 20) before performing another request. I wonder if this is a Cloudflare setting? Or maybe an XF setting? I figured it was built into bdApi as the message is the JSON response.

I'll confirm by testing on my local machine again.

Ah, that's XF built-in flood check. You can disable it in XF option or you can enable user group to bypass the flood check.

 

[Deleted member 91401]

@xfrocks

how to remove api end points? or stop anyone being able to query them?

 

[HomerJ]

@xfrocks

how to remove api end points? or stop anyone being able to query them?

How could that happen without valid tokens and the client secret?

 

[xfrocks]

@xfrocks

how to remove api end points? or stop anyone being able to query them?

You will need some custom add-on to disable end points. By default, this add-on doesn't let you toggle them individually.

Normally the API will response with the same permissions as guest. Similar to user browsing the web version. If you wants to require a valid token all the time, you can turn on the Restrict Access option in the add-on options page. If this is turned on, guest access will have to use One Time Token.

 

[otto]

This looks like a bug in one of the external library. It seems to be fixed here, I'll pull it in and release a new version soon.

Thanks a lot, and sorry for my real late feedback. Good job!

 

[HomerJ]

I hate to ask but, how is progress with 2.1 support coming along? Any way we can donate to speed things up?

 

[otto]

I am also interested in support for 2.1 or better 2.2.

 

[LuckyRiver]

@xfrocks, thanks for this great add-on.

I downloaded the latest beta from your site (Xfrocks-Api-2.0.1_Beta_1) to play with it using Postman to see if I can use it instead of Xenforo API since Authorization code is the most secure way to authenticate a user to the game as I have done successfully with an another provider.

The Oauth2 Authorization code works fine from authorize step to retrieve the token to access protected resource except when I try to use the token to access the API, I have the following error:

{
    "status": "error",
    "errors": [
        "You do not have permission to view this page or perform this action."
    ]
}

The Url I call is : http://localhost/community/api/users/me

Could you pinpoint where to look for?

I'm testing against Xenforo 2.1.5a version.

There is minor thing like not displaying the scope at the authorize screen and the auto authorize issue to display the the authorize screen but that's okay as long as it gets the token back.

Attach files so you can try to reproduce it!

Any help is appreciated!

EDIT: Please ignore my request, I made a patch in the beta code to go through the exception to get the response back. Now I can go ahead to work with custom client code to use this cool add-on to authenticate player to the poker game.

UPDATE: You can see a demo of it here: Oauth2 Authorization code using XFRocks bdAPI