Using the Discourse API Ruby Gem

api

(cviebrock) #24

I’m trying to follow the instructions in the SSO thread to log a user out of Discourse from my other app.

First, I get the Discourse userId based on my app’s user id via GET /users/by-external/{MY_ID}.json. Then, I’m trying to log them out with POST /admin/users/{DISCOURSE_ID}/logout.

At first, this gave me a 403 Forbidden error. So I generated a global API key and passed that in my POST data as api_key=xxxxxx. That throws a 500 Internal Server Error. So I also tried adding api_username=xxxx to the POST data. There are several user accounts on our Discourse installation that are marked as Admin, so I’m not sure which I should use. I chose the system account. Now I get a 404 Not Found response.

I took a look through the list of endpoints as mentioned here, but don’t see anything for logout.

Help?


Official Single-Sign-On for Discourse (sso)
(Adam Capriola) #25

Try a user other than system as the admin – I think I had trouble using it before.


(Adam Capriola) #26

Oh, also: it’s /admin/users/{DISCOURSE_ID}/log_out (not logout, there should be an underscore).


(cviebrock) #27

Thanks @AdamCapriola … switching to the correct URL worked.

FWIW, I’m still using the system user (after having tried some other admin-level users).


(Руслан Корнев) #28

Hi, any news on this feature?


(Sam Saffron) #29

discourse api support write access just fine, there may be a few endpoints you need to decorate there PRs welcome.


(Руслан Корнев) #30

Ahh, today tried discourse_api and found that there is already this functionality. README on discourse_api gem seems outdated.

For those who also searhing this here is example.

$discourse.create_topic :title => 'Это еще одна тема созданная с использованием api', :raw => 'Я должен был придумать другой текст для того чтобы Discourse не считал, что текст темы такой же.'
[6] pry(main)> ls $discourse
DiscourseApi::API::Categories#methods: categories  category  category_latest_topics  create_category
DiscourseApi::API::Search#methods: search
DiscourseApi::API::SSO#methods: sync_sso
DiscourseApi::API::Topics#methods: create_topic  delete_topic  latest_topics  new_topics  recategorize_topic  rename_topic  topic  topics_by
DiscourseApi::API::Posts#methods: create_post  edit_post  get_post  wikify_post
DiscourseApi::API::Users#methods: 
  activate     grant_admin   list_users  revoke_admin   update_email        update_user      user
  create_user  invite_admin  log_out     update_avatar  update_trust_level  update_username
DiscourseApi::API::Groups#methods: create_group  group_add  group_remove  groups
DiscourseApi::API::Invite#methods: disposable_tokens  invite_user  invite_user_to_topic
DiscourseApi::API::PrivateMessages#methods: private_messages
DiscourseApi::API::Notifications#methods: notifications
DiscourseApi::API::Badges#methods: badges  grant_user_badge  user_badges
DiscourseApi::API::Email#methods: email_settings  list_email
DiscourseApi::API::ApiKey#methods: api  generate_master_key  generate_user_api_key  regenerate_api_key  revoke_api_key  revoke_user_api_key
DiscourseApi::API::Backups#methods: backups
DiscourseApi::Client#methods: api_key  api_key=  api_username  api_username=  connection_options  delete  get  host  patch  post  put  ssl  user_agent
instance variables: @api_key  @api_username  @connection  @connection_options  @host  @user_agent

Thank you @sam for all you work!


#31

For those of us that installed discourse using Docker, how do we do the following?

Open the discourse_api/examples/example.rb file, and modify following information:


(Sam Saffron) #32

Thats actually in the API gem:


#33

Thanks Sam for getting back to me. Where do we insert this?

$LOAD_PATH.unshift File.expand_path(’…/…/lib’, FILE)


(Sam Saffron) #34

you should not need that … just replace that with require 'discourse_api'


#35

Sorry for being unclear. I’m using the docker install, and I’m not familiar with the process of editing files within docker.

How would I navigate from
root@discourse: /var/discourse
to where I can edit the API?


(Jeff Atwood) #36

As I mentioned before, you need to have a complete Ruby and JavaScript software development environment set up. That is what “using the Discourse API Ruby Gem” means.

@techapj I think this guide could use some updating since it is confusing people.


(Arpit Jalan) #37

Okay, I updated the first post to make it clear that Discourse development environment is required for installing and using Discourse API Ruby Gem.


(M Zain Damlag) #38

@techAPJ Is there a way or a command to generate the master API key via console

like disabling sso: SiteSetting.enable_sso = false


(Ryan Wanger) #39

I’m getting invalid access (“You are not permitted to view the requested resource.”) when trying to update a user email using this:

@discourse_client.update_email(discourse_username, new_email)

This is my first attempt at a Put, but I’m using the same username and api_key that work properly for all my Gets:

@discourse_client.get("/users/by-external/#{user_id}") @discourse_client.latest_topics @discourse_client.get('/search/query', {term: terms})

I’ve tried both of the different api keys we have. Tried updating the email of different users. Tried updating the email address of the user who matches the api_username. No luck.

We are using an older version of the gem, if that matters.

Any ideas?


(Ryan Wanger) #40

Ah, figured it out! Since I’m overriding email with sso payload, I should be using the sync_sso method.


(Michael Brown) #41

One of the things that I would expect to work is changing the api_username after initialization, but it silently fails:

client = DiscourseApi::Client.new("http://discoursedev:3000")
client.api_key = api_key
client.api_username = 'michael'
# make some calls
client.api_username = 'system'
# make some more calls, whoops it's still using 'michael' as the username

(Jeff Atwood) #42

Why does username matter? Isn’t the key the only thing that matters?


(Sam Saffron) #43

Nope, if you have a global key you can switch usernames and impersonate whoever you want. @blake you should review this.