You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When users are created using the API, they are not set up correctly with the required permissions, e.g. getting a list of assets doesn't work (403 response). Furthermore, the activation URL is different. It points to kobocat not kpi. Activation seems to work, and it is also possible to use the kf.kobotoolbox.org activation URL and substitute the token. But in both cases the users don't have the permissions they need. The following curl instructions demonstrate the problem:
## creating user via the frontend
REGISTER_URL="https://kf.kobotoolbox.org/forms/accounts/register/"
ASSETS_URL="https://kf.kobotoolbox.org/forms/assets/?limit=1"
# get the csrftoken
curl -k -s -c cookies.txt -b cookies.txt $REGISTER_URL > /dev/null
DJANGO_TOKEN="csrfmiddlewaretoken=$(grep csrftoken cookies.txt | awk {'print $7'})"
# register the user. /tmp/register_output.html will be empty on success (redirect)
curl -k -s -c cookies.txt -b cookies.txt -e $REGISTER_URL -d "$DJANGO_TOKEN&username=jesaja_form_registered&password1=jesaja_form_registered&password2=jesaja_form_registered&email=jesaja.everling@kimetrica.com&default_language=en" $REGISTER_URL > /tmp/register_output.html
# do a request to /assets/ endpoint to check the status code
# should be 403 here
curl -k -I -u "jesaja_form_registered:jesaja_form_registered" $ASSETS_URL | grep "HTTP/1.1" | awk {'print $2'}
# this URL needs to be copied from the activation email (or the token substituted from email/admin)
ACTIVATION_URL="https://kf.kobotoolbox.org/accounts/activate/{ACTIVATION_TOKEN}/"
# activate the user
curl -k -L $ACTIVATION_URL > /dev/null
# do another request to /assets/ endpoint to check the status code
# should be 200 now
curl -k -I -u "jesaja_form_registered:jesaja_form_registered" $ASSETS_URL | grep "HTTP/1.1" | awk {'print $2'}
## creating a user via the API
curl -k -u "jesaja_form_registered:jesaja_form_registered" -d '{"username": "jesaja_api_registered", "password": "jesaja_api_registered", "name": "jesaja_api_registered", "email": "jesaja.everling@kimetrica.com"}' -H "content-type: application/json" "https://kc.kobotoolbox.org/api/v1/profiles"
# do a request to /assets/ endpoint to check the status code
# should be 403 here
curl -k -I -u "jesaja_api_registered:jesaja_api_registered" $ASSETS_URL | grep "HTTP/1.1" | awk {'print $2'}
# this needs to be copied from the activation email (or the token substituted from the admin).
# It points to `kc.kobotoolbox.org` instead of `kf.kobotoolbox.org` for api created users though
ACTIVATION_URL="http://kc.kobotoolbox.org/accounts/activate/{ACTIVATION_TOKEN}/"
# activate the user
curl -k -L $ACTIVATION_URL > /dev/null
# do another request to /assets/ endpoint to check the status code
# should be 200 now, but isn't for API registered user
curl -k -I -u "jesaja_api_registered:jesaja_api_registered" $ASSETS_URL | grep "HTTP/1.1" | awk {'print $2'}
I haven't been able to find out where exactly the necessary permissions like 'kpi.view_asset' are assigned in the user creation/activation process.
The text was updated successfully, but these errors were encountered:
When users are created using the API, they are not set up correctly with the required permissions, e.g. getting a list of assets doesn't work (403 response). Furthermore, the activation URL is different. It points to
kobocatnotkpi. Activation seems to work, and it is also possible to use thekf.kobotoolbox.orgactivation URL and substitute the token. But in both cases the users don't have the permissions they need. The following curl instructions demonstrate the problem:I haven't been able to find out where exactly the necessary permissions like
'kpi.view_asset'are assigned in the user creation/activation process.The text was updated successfully, but these errors were encountered: