Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[4.0] [NO CACHE] Web Services #23424

Merged
merged 1 commit into from Mar 7, 2019
Merged

Conversation

@wilsonge
Copy link
Contributor

@wilsonge wilsonge commented Jan 1, 2019

This is a base for a web services implementation for Joomla 4

What this has got in

Core

  • Content Negotiation (core provides a basic api integration using the https://github.com/tobscure/json-api library)
  • Plugin based routes to allow custom endpoints to be added
  • Authentication on endpoints using users basic auth (through plugins to allow future oAuth integrations)
  • Exceptions added to allow quality error handling

Integrations/Testing

  • Sample com_content integration
  • Basic system tests

What does this not have in

  • oAuth authentication
  • Ability to turn off web services - although there is an auth layer in front of it
  • Some sort of fundamental change to our error handling (the way we set up errors in JTable and JModel mean we'll likely never be able to have nice error handling with the current model system. In many places we're likely going to need to add 500's just because we won't be able to detect the right exceptions. In the future we should consider a new mvc layer based on the new entity layer https://github.com/joomla-framework/entities but this will take longer and be much harder to implement. The fundamental base application would not be expected to change but extension MVC's will have to to have a nice working integration.

Thanks

  • @mbabker for large amounts of consulting and framework contributions especially around the router as well as for the code for api part of the ComponentInstaller Adapter
  • @muhakh and @cokencorn for their work on their GSOC project which formed a large amount of the base application
  • @isacandrei for work bug testing and working on various next gen parts

Before moaning about a lack of feature X

Please read the specification https://joomla-projects.github.io/gsoc18_webservices/ - this has long been agreed on and is by no means perfect. Think about if it's absolutely essential for a day 1 integration or not. What we have in this PR is already significantly more than wordpress has and is probably equal to what's available in the other top level CMS'

Testing

  • When applying the patch either do a fresh install of Joomla or discover install the new plugins
  • In the specification docs above there's a "installing the latest codebase" menu item which contains sample API calls you can make (currently this is just for com_content)
  • Please ensure with all the library changes that nothing has broken in the backend/frontend too
@dgrammatiko
Copy link
Contributor

@dgrammatiko dgrammatiko commented Jan 1, 2019

Merge it!

defined('JPATH_PLATFORM') or die;

/**
* Exception class defining a authentication failed event

This comment has been minimized.

@brianteeman

brianteeman Jan 1, 2019
Member

==> an not a

This comment has been minimized.

@wilsonge

wilsonge Jan 1, 2019
Author Contributor

Thanks :) Fixed

/**
* Exception class defining a authentication failed event
*
* @since 3.6.3

This comment has been minimized.

@brianteeman

brianteeman Jan 1, 2019
Member

3.6.3 ??

This comment has been minimized.

@wilsonge

wilsonge Jan 1, 2019
Author Contributor

Thanks :) Fixed

@brianteeman
Copy link
Member

@brianteeman brianteeman commented Jan 1, 2019

Sorry to be pedantic but the correct term according to the w3c it is "Web Services" not "webservices"

As this is new to Joomla its best to get it right from the beginning

@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch from e3a131f to 9cbc242 Jan 1, 2019
@wilsonge wilsonge changed the title [4.0] Webservices [4.0] Web Services Jan 1, 2019
@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch from 9cbc242 to 302291d Jan 1, 2019
@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Jan 1, 2019

@brianteeman I've amended the language strings and the doc blocks where we refer to web services as a noun. I've left the plugin type as it is - because obviously it can't have spaces and i've found from practical experience with editors-xtd that most people struggle with the concept of removing the - from the plugin class names - so it's more practical to keep the group as a single word I think. Happy to be challenged on that if that's the majority tho

@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch from 302291d to 4a44683 Jan 1, 2019
api/index.php Outdated Show resolved Hide resolved
api/includes/framework.php Outdated Show resolved Hide resolved
api/includes/framework.php Outdated Show resolved Hide resolved
@mbabker
Copy link
Contributor

@mbabker mbabker commented Jan 2, 2019

App needs to be registered in Joomla\CMS\Application\ApplicationHelper::getClientInfo()

(Side note, this method should be redone to use the event system instead of hardcoding a list...)

* @var string
* @since __DEPLOY_VERSION__
*/
protected $fieldsToRender = ['id', 'typeAlias', 'asset_id', 'title', 'introtext', 'state', 'catid', 'created'];

This comment has been minimized.

@bembelimen

bembelimen Jan 5, 2019
Contributor

Don't trust state :)

This comment has been minimized.

@wilsonge

wilsonge Jan 5, 2019
Author Contributor

Why?

@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch 5 times, most recently from c493b01 to 33e9957 Jan 5, 2019
@Hackwar
Copy link
Member

@Hackwar Hackwar commented Jan 7, 2019

I like this, but we would indeed need at least a way to switch it off. Maybe simply adding a switch in configuration.php?

@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch from 33e9957 to 58e6c44 Jan 7, 2019
@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 5, 2019

Thanks @alikon

@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 5, 2019

@SniperSister @zero-24 looks like still some RIPS issues - although most have been solved elsewhere

@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch from dfeb85d to 864ec20 Mar 5, 2019
@zero-24
Copy link
Member

@zero-24 zero-24 commented Mar 5, 2019

Rips has been cancelled just restarted it here: http://ci.joomla.org/joomla/joomla-cms/15490

@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 5, 2019

@zero-24 Sorry my bad I started playing around with the API tests -fixed again now. http://ci.joomla.org/joomla/joomla-cms/15495/19 contains rips

@Oracions2410
Copy link

@Oracions2410 Oracions2410 commented Mar 7, 2019

Hello everyone .. I am interested in this project and wish to participate. Can you guide me please?

@Oracions2410
Copy link

@Oracions2410 Oracions2410 commented Mar 7, 2019

I have exceptional skills in PHP. And a good dose of motivation. Help me please !

@alikon
Copy link
Contributor

@alikon alikon commented Mar 7, 2019

@wilsonge wilsonge force-pushed the wilsonge:webservices-version2 branch from 864ec20 to 276cb5d Mar 7, 2019
@wilsonge wilsonge merged commit d795a92 into joomla:4.0-dev Mar 7, 2019
3 checks passed
3 checks passed
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/drone/pr the build was successful
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@wilsonge wilsonge deleted the wilsonge:webservices-version2 branch Mar 7, 2019
@wilsonge wilsonge added this to the Joomla 4.0 milestone Mar 7, 2019
@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 7, 2019

Merging. Thanks again to all those who gave input, and the gsoc students who worked on this project. It's hugely appreciated!

@Oracions2410
Copy link

@Oracions2410 Oracions2410 commented Mar 7, 2019

Yes. I just discovered the world of open source and I think Gsoc is a good start!

@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 7, 2019

@Oracions2410 that's awesome. If you drop one of the GSOC admins on that page a email they'll drop you in some of our chat channels where we can discuss details of the project etc :)

@Oracions2410
Copy link

@Oracions2410 Oracions2410 commented Mar 7, 2019

@wilsonge
Excuse me, on the project you are mentioned as a main mentor. Can you give me the chanels where I can find help please

@Sandra97
Copy link

@Sandra97 Sandra97 commented Mar 10, 2019

@Oracions2410 So that we can add you to our communication channel, please drop us your email on our mailing list https://groups.google.com/forum/#!forum/jgsoc

@anibalsanchez
Copy link
Contributor

@anibalsanchez anibalsanchez commented Mar 14, 2019

Preparing the talk for the Mastermind Podcast, these are my notes about Web Services quick testing 101:

  • Step 1: Download and Install Joomla 4 Alpha 7
  • Step 2: Notice that there two new plugin groups: api-authentication and webservices
  • Step 3: Notice that there two new plugins: API Authentication - Basic Auth and Web Services - Content
  • Step 4: J4 A7 has API Authentication based on Http Basic Authentication. So, yes, you have to configure .htpasswd to test the API. Ref: http://httpd.apache.org/docs/2.4/programs/htpasswd.html
  • Step 5: Of course, if you are a little bit lazy, you can go straight to plugins/api-authentication/basic/basic.php, and change the authentication or create your own plugin.
  • Step 6: Create an article and access the REST API for the Content component. For instance: http://mytest.com/api/index.php/v1/article/1

For more information:

@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 14, 2019

@Oracions2410 I am - but i was preparing for a presentation i was giving in paris so I wasn't really available. I'm now back up and running. either way however you needed to be added into glip :)

@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 14, 2019

@anibalsanchez i don't think you need to configure .htpasswd to test the api? i certainly don't need to locally. it's using the joomla user accounts username and password. apache shouldn't need to be aware of them as far as i know

@anibalsanchez
Copy link
Contributor

@anibalsanchez anibalsanchez commented Mar 14, 2019

In my tests, it's been giving me Forbidden errors until I configured the auth.

Carlos has a similar experience.

@carcam
Copy link

@carcam carcam commented Mar 14, 2019

Thanks everyone for this awesome feature!!

I can confirm the server doesn't ask me for Username and Password as it's supposed to. I'm using a Lando box using Anibal Lando Recipe for Joomla 4 so I guess this has to do with the server configuration as stated in some comments I found on the internet about this auth method not working out of the box in CGI servers.

In any case I would point out just 2 issues:

  1. with some server configurations you cannot authenticate out of the box and also
  2. Probably checking if user has an account for public content should avoided. I understand the idea of this is to be a "content leak stopper" but we can do better ;)

In any case, again, I was really excited with having this feature when you announced it and I event made a whole episode of my podcast about it because it's awesome to keep creating great solutions for our community and our clients.

@wilsonge
Copy link
Contributor Author

@wilsonge wilsonge commented Mar 14, 2019

I can confirm the server doesn't ask me for Username and Password as it's supposed to

Wait are you making requests in the browser or something? Nothing is supposed to prompt you for a password?

@anibalsanchez
Copy link
Contributor

@anibalsanchez anibalsanchez commented Mar 14, 2019

I already told him that he has to configure the .htpassword file to enable the Apache Http Basic Authentication.

I agree with Carlos that if the plugin is enabled, then public content (articles) must be allowed to the Guest user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet