Work Around to posting

balthatrix · May 17, 2016, 11:42pm

I’m noticing a couple api calls I can’t make without a csrf token:

Wanting to initialize a new user here:
client.sync_sso (new_user_info)
-and-
Wanting to change an existing username here:
client.put("/users/#{old_un}/preferences/username", {new_username: new_un, username: old_un})

Both of these are rejected by my discourse server noting lack of csrf token.
Is there a workaround for this or is this just an inherently wrong approach?

DeanMarkTaylor · May 18, 2016, 12:31am

Can you confirm you are using the API key and username as specified here?

balthatrix · May 18, 2016, 7:03pm

I believe so. The discourse client class instance stores that info after I set it with client.api_username= and client.api_key=

Here’s a snapshot of my discourse server logs:
Started PUT “/users/mrB3/preferences/username?api_key=[key was here]&api_username=1D20” for 127.0.0.1 at 2016-05-18 11:59:45 -0700 I, [2016-05-18T11:59:45.268153 #36224] INFO – : Processing by UsersController#username as JSON I, [2016-05-18T11:59:45.270251 #36224] INFO – : Parameters: {“new_username”=>“mrB8”, “username”=>“mrB3”, “api_key”=>"[key was here]", “api_username”=>“1D20”}

balthatrix · May 18, 2016, 7:49pm

@DeanMarkTaylor
Thanks for your help, I ended up figuring out the problem. My client was not given an admin username.