[4.0] [NO CACHE] Web Services

[wilsonge]

This is a base for a web services implementation for Joomla 4

What this has got in

Core

• Content Negotiation (core provides a basic api integration using the https://github.com/tobscure/json-api library)
• Plugin based routes to allow custom endpoints to be added
• Authentication on endpoints using users basic auth (through plugins to allow future oAuth integrations)
• Exceptions added to allow quality error handling

Integrations/Testing

• Sample com_content integration
• Basic system tests

What does this not have in

• oAuth authentication
• Ability to turn off web services - although there is an auth layer in front of it
• Some sort of fundamental change to our error handling (the way we set up errors in JTable and JModel mean we'll likely never be able to have nice error handling with the current model system. In many places we're likely going to need to add 500's just because we won't be able to detect the right exceptions. In the future we should consider a new mvc layer based on the new entity layer https://github.com/joomla-framework/entities but this will take longer and be much harder to implement. The fundamental base application would not be expected to change but extension MVC's will have to to have a nice working integration.

Thanks

• @mbabker for large amounts of consulting and framework contributions especially around the router as well as for the code for api part of the ComponentInstaller Adapter
• @muhakh and @cokencorn for their work on their GSOC project which formed a large amount of the base application
• @isacandrei for work bug testing and working on various next gen parts

Before moaning about a lack of feature X

Please read the specification https://joomla-projects.github.io/gsoc18_webservices/ - this has long been agreed on and is by no means perfect. Think about if it's absolutely essential for a day 1 integration or not. What we have in this PR is already significantly more than wordpress has and is probably equal to what's available in the other top level CMS'

Testing

• When applying the patch either do a fresh install of Joomla or discover install the new plugins
• In the specification docs above there's a "installing the latest codebase" menu item which contains sample API calls you can make (currently this is just for com_content)
• Please ensure with all the library changes that nothing has broken in the backend/frontend too

[dgrammatiko]

Merge it!

[brianteeman]

==> an not a

[wilsonge]

Thanks :) Fixed

[brianteeman]

3.6.3 ??

[wilsonge]

Thanks :) Fixed

[brianteeman]

Sorry to be pedantic but the correct term according to the w3c it is "Web Services" not "webservices"

As this is new to Joomla its best to get it right from the beginning

[wilsonge]

@brianteeman I've amended the language strings and the doc blocks where we refer to web services as a noun. I've left the plugin type as it is - because obviously it can't have spaces and i've found from practical experience with editors-xtd that most people struggle with the concept of removing the - from the plugin class names - so it's more practical to keep the group as a single word I think. Happy to be challenged on that if that's the majority tho

[mbabker]

App needs to be registered in Joomla\CMS\Application\ApplicationHelper::getClientInfo()

(Side note, this method should be redone to use the event system instead of hardcoding a list...)

[bembelimen]

Don't trust state :)

[wilsonge]

Why?

[Hackwar]

I like this, but we would indeed need at least a way to switch it off. Maybe simply adding a switch in configuration.php?

[wilsonge]

Thanks @alikon

[wilsonge]

@SniperSister @zero-24 looks like still some RIPS issues - although most have been solved elsewhere

[zero-24]

Rips has been cancelled just restarted it here: http://ci.joomla.org/joomla/joomla-cms/15490

[wilsonge]

@zero-24 Sorry my bad I started playing around with the API tests -fixed again now. http://ci.joomla.org/joomla/joomla-cms/15495/19 contains rips

[will-oracions]

Hello everyone .. I am interested in this project and wish to participate. Can you guide me please?

[will-oracions]

I have exceptional skills in PHP. And a good dose of motivation. Help me please !

[alikon]

@Oracions2410 did you mean the gsoc 2019 project https://docs.joomla.org/GSOC_2019_Project_Ideas#Project_I:_Webservices_in_Joomla ?

[wilsonge]

Merging. Thanks again to all those who gave input, and the gsoc students who worked on this project. It's hugely appreciated!

[will-oracions]

Yes. I just discovered the world of open source and I think Gsoc is a good start!

[wilsonge]

@Oracions2410 that's awesome. If you drop one of the GSOC admins on that page a email they'll drop you in some of our chat channels where we can discuss details of the project etc :)

[will-oracions]

@wilsonge
Excuse me, on the project you are mentioned as a main mentor. Can you give me the chanels where I can find help please

[Sandra97]

@Oracions2410 So that we can add you to our communication channel, please drop us your email on our mailing list https://groups.google.com/forum/#!forum/jgsoc

[anibalsanchez]

Preparing the talk for the Mastermind Podcast, these are my notes about Web Services quick testing 101:

• Step 1: Download and Install Joomla 4 Alpha 7
• Step 2: Notice that there two new plugin groups: api-authentication and webservices
• Step 3: Notice that there two new plugins: API Authentication - Basic Auth and Web Services - Content
• Step 4: J4 A7 has API Authentication based on Http Basic Authentication. So, yes, you have to configure .htpasswd to test the API. Ref: http://httpd.apache.org/docs/2.4/programs/htpasswd.html
• Step 5: Of course, if you are a little bit lazy, you can go straight to plugins/api-authentication/basic/basic.php, and change the authentication or create your own plugin.
• Step 6: Create an article and access the REST API for the Content component. For instance: http://mytest.com/api/index.php/v1/article/1

For more information:

• Joomla! Webservices Specification - https://joomla-projects.github.io/gsoc18_webservices/

[wilsonge]

@Oracions2410 I am - but i was preparing for a presentation i was giving in paris so I wasn't really available. I'm now back up and running. either way however you needed to be added into glip :)

[wilsonge]

@anibalsanchez i don't think you need to configure .htpasswd to test the api? i certainly don't need to locally. it's using the joomla user accounts username and password. apache shouldn't need to be aware of them as far as i know

[anibalsanchez]

In my tests, it's been giving me Forbidden errors until I configured the auth.

Carlos has a similar experience.

[carcam]

Thanks everyone for this awesome feature!!

I can confirm the server doesn't ask me for Username and Password as it's supposed to. I'm using a Lando box using Anibal Lando Recipe for Joomla 4 so I guess this has to do with the server configuration as stated in some comments I found on the internet about this auth method not working out of the box in CGI servers.

In any case I would point out just 2 issues:

1. with some server configurations you cannot authenticate out of the box and also
2. Probably checking if user has an account for public content should avoided. I understand the idea of this is to be a "content leak stopper" but we can do better ;)

In any case, again, I was really excited with having this feature when you announced it and I event made a whole episode of my podcast about it because it's awesome to keep creating great solutions for our community and our clients.

[wilsonge]

I can confirm the server doesn't ask me for Username and Password as it's supposed to

Wait are you making requests in the browser or something? Nothing is supposed to prompt you for a password?

[anibalsanchez]

I already told him that he has to configure the .htpassword file to enable the Apache Http Basic Authentication.

I agree with Carlos that if the plugin is enabled, then public content (articles) must be allowed to the Guest user.