Work Around to posting

(Jeron Paraiso) #1

I’m noticing a couple api calls I can’t make without a csrf token:

Wanting to initialize a new user here:
client.sync_sso (new_user_info)
Wanting to change an existing username here:
client.put("/users/#{old_un}/preferences/username", {new_username: new_un, username: old_un})

Both of these are rejected by my discourse server noting lack of csrf token.
Is there a workaround for this or is this just an inherently wrong approach?

(Dean Taylor) #2

Can you confirm you are using the API key and username as specified here?

(Jeron Paraiso) #3

I believe so. The discourse client class instance stores that info after I set it with client.api_username= and client.api_key=

Here’s a snapshot of my discourse server logs:

Started PUT “/users/mrB3/preferences/username?api_key=[key was here]&api_username=1D20” for at 2016-05-18 11:59:45 -0700
I, [2016-05-18T11:59:45.268153 #36224] INFO – : Processing by UsersController#username as JSON
I, [2016-05-18T11:59:45.270251 #36224] INFO – : Parameters: {“new_username”=>“mrB8”, “username”=>“mrB3”, “api_key”=>"[key was here]", “api_username”=>“1D20”}

(Jeron Paraiso) #4

Thanks for your help, I ended up figuring out the problem. My client was not given an admin username.