I’m noticing a couple api calls I can’t make without a csrf token:
Wanting to initialize a new user here:
client.sync_sso (new_user_info)
-and- Wanting to change an existing username here:
client.put("/users/#{old_un}/preferences/username", {new_username: new_un, username: old_un})
Both of these are rejected by my discourse server noting lack of csrf token.
Is there a workaround for this or is this just an inherently wrong approach?
I believe so. The discourse client class instance stores that info after I set it with client.api_username= and client.api_key=
Here’s a snapshot of my discourse server logs:
Started PUT “/users/mrB3/preferences/username?api_key=[key was here]&api_username=1D20” for 127.0.0.1 at 2016-05-18 11:59:45 -0700
I, [2016-05-18T11:59:45.268153 #36224] INFO – : Processing by UsersController#username as JSON
I, [2016-05-18T11:59:45.270251 #36224] INFO – : Parameters: {“new_username”=>“mrB8”, “username”=>“mrB3”, “api_key”=>"[key was here]", “api_username”=>“1D20”}