hjalali
31 Maggio 2020, 10:31pm
1
I have a very simple function that “should” work but it is not for some reason. Can someone help me understand what we are doing wrong.
We keep getting the “BAD CSRF” error.
public function changeName()
{
$url = 'https://www.website.com/{username}.json';
$data = ['name'=>'James', 'api_key'=>DISCOURSE_API, 'api_username'=>'system'];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:multipart/form-data'));
curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query($data));
echo $response = curl_exec($ch);
if (!$response)
{
return false;
}
}
By the way I already tried moving the api_key and api_username to the URL above as GET but no difference.
1 Mi Piace
simon
31 Maggio 2020, 11:49pm
2
You need to put the Api-Key and Api-Username values in the request header. There’s a curl example near the end of this topic that could be helpful: Sync SSO user data with the sync_sso route .
5 Mi Piace
hjalali
1 Giugno 2020, 12:16am
3
Thanks a lot! That did the trick.
For anyone else with the same problem:
$url = 'https://www.website.com/{username}.json';
$data = ['name'=>'George'];
$api_key = CUSTOM_DISCOURSE_API;
$headers = array("Content-Type: multipart/form-data;","Api-Key: $api_key","Api-Username: system",);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers );
curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query($data));
$result = curl_exec( $ch );
if ( curl_errno( $ch ) !== 0 ) {
// Handle error, call curl_close( $ch ) and return.
}
curl_close( $ch );
$discourse_user = json_decode( $result );
4 Mi Piace
hjalali
1 Giugno 2020, 12:29am
4
Just to add to that, if someone needs to update a “user_field” replace the $data with this:
$data = ['user_fields' => ['1' => 'Something']];
The number “1” being the first user_field I created (as they are assigned by number not name).
2 Mi Piace
brospars
5 Ottobre 2021, 9:32am
5
Since when it’s mandatory ?
blake
5 Ottobre 2021, 3:39pm
6
On April 6th, 2020 we dropped support for all non-HTTP header based authentication (excluding some rss, mail-receiver, and ics routes). This means that API requests that have an api_key and api_username in the query params or in the HTTP body of the request will soon stop working.
Sorry about any issues this caused, we did do a slow roll out of this change and notified people the best we could, but its hard to catch every deprecation use.
2 Mi Piace