hjalali
31 במאי, 2020, 10:31pm
1
I have a very simple function that “should” work but it is not for some reason. Can someone help me understand what we are doing wrong.
We keep getting the “BAD CSRF” error.
public function changeName()
{
$url = 'https://www.website.com/{username}.json';
$data = ['name'=>'James', 'api_key'=>DISCOURSE_API, 'api_username'=>'system'];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:multipart/form-data'));
curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query($data));
echo $response = curl_exec($ch);
if (!$response)
{
return false;
}
}
By the way I already tried moving the api_key and api_username to the URL above as GET but no difference.
לייק 1
simon
31 במאי, 2020, 11:49pm
2
You need to put the Api-Key and Api-Username values in the request header. There’s a curl example near the end of this topic that could be helpful: Sync SSO user data with the sync_sso route .
5 לייקים
hjalali
1 ביוני, 2020, 12:16am
3
Thanks a lot! That did the trick.
For anyone else with the same problem:
$url = 'https://www.website.com/{username}.json';
$data = ['name'=>'George'];
$api_key = CUSTOM_DISCOURSE_API;
$headers = array("Content-Type: multipart/form-data;","Api-Key: $api_key","Api-Username: system",);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers );
curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query($data));
$result = curl_exec( $ch );
if ( curl_errno( $ch ) !== 0 ) {
// Handle error, call curl_close( $ch ) and return.
}
curl_close( $ch );
$discourse_user = json_decode( $result );
4 לייקים
hjalali
1 ביוני, 2020, 12:29am
4
Just to add to that, if someone needs to update a “user_field” replace the $data with this:
$data = ['user_fields' => ['1' => 'Something']];
The number “1” being the first user_field I created (as they are assigned by number not name).
2 לייקים
brospars
5 באוקטובר, 2021, 9:32am
5
Since when it’s mandatory ?
blake
5 באוקטובר, 2021, 3:39pm
6
On April 6th, 2020 we dropped support for all non-HTTP header based authentication (excluding some rss, mail-receiver, and ics routes). This means that API requests that have an api_key and api_username in the query params or in the HTTP body of the request will soon stop working.
Sorry about any issues this caused, we did do a slow roll out of this change and notified people the best we could, but its hard to catch every deprecation use.
2 לייקים