Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[4.0] [NO CACHE] Web Services #23424

Merged
merged 1 commit into from Mar 7, 2019
Merged

Conversation

wilsonge
Copy link
Contributor

@wilsonge wilsonge commented Jan 1, 2019

This is a base for a web services implementation for Joomla 4

What this has got in

Core

  • Content Negotiation (core provides a basic api integration using the https://github.com/tobscure/json-api library)
  • Plugin based routes to allow custom endpoints to be added
  • Authentication on endpoints using users basic auth (through plugins to allow future oAuth integrations)
  • Exceptions added to allow quality error handling

Integrations/Testing

  • Sample com_content integration
  • Basic system tests

What does this not have in

  • oAuth authentication
  • Ability to turn off web services - although there is an auth layer in front of it
  • Some sort of fundamental change to our error handling (the way we set up errors in JTable and JModel mean we'll likely never be able to have nice error handling with the current model system. In many places we're likely going to need to add 500's just because we won't be able to detect the right exceptions. In the future we should consider a new mvc layer based on the new entity layer https://github.com/joomla-framework/entities but this will take longer and be much harder to implement. The fundamental base application would not be expected to change but extension MVC's will have to to have a nice working integration.

Thanks

  • @mbabker for large amounts of consulting and framework contributions especially around the router as well as for the code for api part of the ComponentInstaller Adapter
  • @muhakh and @cokencorn for their work on their GSOC project which formed a large amount of the base application
  • @isacandrei for work bug testing and working on various next gen parts

Before moaning about a lack of feature X

Please read the specification https://joomla-projects.github.io/gsoc18_webservices/ - this has long been agreed on and is by no means perfect. Think about if it's absolutely essential for a day 1 integration or not. What we have in this PR is already significantly more than wordpress has and is probably equal to what's available in the other top level CMS'

Testing

  • When applying the patch either do a fresh install of Joomla or discover install the new plugins
  • In the specification docs above there's a "installing the latest codebase" menu item which contains sample API calls you can make (currently this is just for com_content)
  • Please ensure with all the library changes that nothing has broken in the backend/frontend too

@dgrammatiko
Copy link
Contributor

Merge it!

defined('JPATH_PLATFORM') or die;

/**
* Exception class defining a authentication failed event
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

==> an not a

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks :) Fixed

/**
* Exception class defining a authentication failed event
*
* @since 3.6.3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.6.3 ??

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks :) Fixed

@brianteeman
Copy link
Contributor

Sorry to be pedantic but the correct term according to the w3c it is "Web Services" not "webservices"

As this is new to Joomla its best to get it right from the beginning

@wilsonge wilsonge changed the title [4.0] Webservices [4.0] Web Services Jan 1, 2019
@wilsonge
Copy link
Contributor Author

wilsonge commented Jan 1, 2019

@brianteeman I've amended the language strings and the doc blocks where we refer to web services as a noun. I've left the plugin type as it is - because obviously it can't have spaces and i've found from practical experience with editors-xtd that most people struggle with the concept of removing the - from the plugin class names - so it's more practical to keep the group as a single word I think. Happy to be challenged on that if that's the majority tho

api/index.php Outdated Show resolved Hide resolved
api/includes/framework.php Outdated Show resolved Hide resolved
api/includes/framework.php Outdated Show resolved Hide resolved
@mbabker
Copy link
Contributor

mbabker commented Jan 2, 2019

App needs to be registered in Joomla\CMS\Application\ApplicationHelper::getClientInfo()

(Side note, this method should be redone to use the event system instead of hardcoding a list...)

* @var string
* @since __DEPLOY_VERSION__
*/
protected $fieldsToRender = ['id', 'typeAlias', 'asset_id', 'title', 'introtext', 'state', 'catid', 'created'];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't trust state :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

@wilsonge wilsonge force-pushed the webservices-version2 branch 5 times, most recently from c493b01 to 33e9957 Compare January 5, 2019 21:50
@Hackwar
Copy link
Member

Hackwar commented Jan 7, 2019

I like this, but we would indeed need at least a way to switch it off. Maybe simply adding a switch in configuration.php?

@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 5, 2019

Thanks @alikon

@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 5, 2019

@SniperSister @zero-24 looks like still some RIPS issues - although most have been solved elsewhere

@zero-24
Copy link
Contributor

zero-24 commented Mar 5, 2019

Rips has been cancelled just restarted it here: http://ci.joomla.org/joomla/joomla-cms/15490

@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 5, 2019

@zero-24 Sorry my bad I started playing around with the API tests -fixed again now. http://ci.joomla.org/joomla/joomla-cms/15495/19 contains rips

@will-oracions
Copy link

Hello everyone .. I am interested in this project and wish to participate. Can you guide me please?

@will-oracions
Copy link

I have exceptional skills in PHP. And a good dose of motivation. Help me please !

@alikon
Copy link
Contributor

alikon commented Mar 7, 2019

@Oracions2410 did you mean the gsoc 2019 project https://docs.joomla.org/GSOC_2019_Project_Ideas#Project_I:_Webservices_in_Joomla ?

@wilsonge wilsonge merged commit d795a92 into joomla:4.0-dev Mar 7, 2019
@wilsonge wilsonge deleted the webservices-version2 branch March 7, 2019 18:16
@wilsonge wilsonge added this to the Joomla 4.0 milestone Mar 7, 2019
@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 7, 2019

Merging. Thanks again to all those who gave input, and the gsoc students who worked on this project. It's hugely appreciated!

@will-oracions
Copy link

Yes. I just discovered the world of open source and I think Gsoc is a good start!

@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 7, 2019

@Oracions2410 that's awesome. If you drop one of the GSOC admins on that page a email they'll drop you in some of our chat channels where we can discuss details of the project etc :)

@will-oracions
Copy link

@wilsonge
Excuse me, on the project you are mentioned as a main mentor. Can you give me the chanels where I can find help please

@Sandra97
Copy link

@Oracions2410 So that we can add you to our communication channel, please drop us your email on our mailing list https://groups.google.com/forum/#!forum/jgsoc

@anibalsanchez
Copy link
Contributor

Preparing the talk for the Mastermind Podcast, these are my notes about Web Services quick testing 101:

  • Step 1: Download and Install Joomla 4 Alpha 7
  • Step 2: Notice that there two new plugin groups: api-authentication and webservices
  • Step 3: Notice that there two new plugins: API Authentication - Basic Auth and Web Services - Content
  • Step 4: J4 A7 has API Authentication based on Http Basic Authentication. So, yes, you have to configure .htpasswd to test the API. Ref: http://httpd.apache.org/docs/2.4/programs/htpasswd.html
  • Step 5: Of course, if you are a little bit lazy, you can go straight to plugins/api-authentication/basic/basic.php, and change the authentication or create your own plugin.
  • Step 6: Create an article and access the REST API for the Content component. For instance: http://mytest.com/api/index.php/v1/article/1

For more information:

@wilsonge
Copy link
Contributor Author

@Oracions2410 I am - but i was preparing for a presentation i was giving in paris so I wasn't really available. I'm now back up and running. either way however you needed to be added into glip :)

@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 14, 2019

@anibalsanchez i don't think you need to configure .htpasswd to test the api? i certainly don't need to locally. it's using the joomla user accounts username and password. apache shouldn't need to be aware of them as far as i know

@anibalsanchez
Copy link
Contributor

In my tests, it's been giving me Forbidden errors until I configured the auth.

Carlos has a similar experience.

@carcam
Copy link

carcam commented Mar 14, 2019

Thanks everyone for this awesome feature!!

I can confirm the server doesn't ask me for Username and Password as it's supposed to. I'm using a Lando box using Anibal Lando Recipe for Joomla 4 so I guess this has to do with the server configuration as stated in some comments I found on the internet about this auth method not working out of the box in CGI servers.

In any case I would point out just 2 issues:

  1. with some server configurations you cannot authenticate out of the box and also
  2. Probably checking if user has an account for public content should avoided. I understand the idea of this is to be a "content leak stopper" but we can do better ;)

In any case, again, I was really excited with having this feature when you announced it and I event made a whole episode of my podcast about it because it's awesome to keep creating great solutions for our community and our clients.

@wilsonge
Copy link
Contributor Author

wilsonge commented Mar 14, 2019

I can confirm the server doesn't ask me for Username and Password as it's supposed to

Wait are you making requests in the browser or something? Nothing is supposed to prompt you for a password?

@anibalsanchez
Copy link
Contributor

anibalsanchez commented Mar 14, 2019

I already told him that he has to configure the .htpassword file to enable the Apache Http Basic Authentication.

I agree with Carlos that if the plugin is enabled, then public content (articles) must be allowed to the Guest user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet