REST API

Resolved bikecrazyy
(@bikecrazyy)

8 years, 5 months ago

Please make the “Disable REST API” a setting you can turn on and off, updating the plugin broke our REST API because we have REST API’s that you don’t need to be logged in to trigger, there are many other plugins like Disable JSON API that will allow you to manage your REST API in the way you see fit.

Example:
We force ever user to login with your plugin, but then we have a scrapper that gets triggered via the REST API that doesn’t give any information out but that runs a script.

Viewing 7 replies - 16 through 22 (of 22 total)

← 1 2

bryanrego
(@bryanrego)

8 years, 3 months ago

@kevinvess The Gravity Forms API hooks into the template_redirect action to intercept the request and then performs its authentication, here’s the webapi –

https://github.com/wp-premium/gravityforms/blob/master/includes/webapi/webapi.php
jvandenbos
(@jvandenbos)

8 years, 3 months ago
I’m having a similar problem.

Gravity Forms 2.2.5.21, Force Login Version 5.1.1 on WordPress 4.9.4.

Wrote a python client that tries to download all the entries for a particular form.

When the python client tries to log in, it gets redirected to the Site’s login page, BUT – pasting the same URL the python client is using into an already authenticated browser window works perfectly.

I first tried the whitelisting, and then I found this thread and replaced the whitelist by adding:

remove_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );

to the bottom of the functions.php file (for the theme I’m using), and clicking Update.

Still getting the same issue – it’s trying to redirect to the login page. The bypass doesn’t seem to work.

The link I’m using (HTTP GET) is of the form:

http://MYFQDNHERE/gravityformsapi/forms/1/entries?api_key=XXXXXXX&signature=snV3FW7qWyvGfv6vE0j9ycLSfIM%3D&expires=1519029188&paging%5Bpage_size%5D=10000

The client I wrote works fine if I disable Force Login.

Ideas? Appreciate any help.
- This reply was modified 8 years, 3 months ago by jvandenbos.
- This reply was modified 8 years, 3 months ago by jvandenbos.
- This reply was modified 8 years, 3 months ago by jvandenbos.
- This reply was modified 8 years, 3 months ago by jvandenbos.
nancyrai37
(@nancyrai37)

8 years, 3 months ago
Hello Everyone
Hope you all doing good.
I saw the discussion, Sadly I don’t have any opinion on this but I found an wonderful article which is for REST API.Check it out.
Hope it helps:)
- This reply was modified 8 years, 3 months ago by nancyrai37.
Plugin Author Kevin Vess
(@kevinvess)

8 years, 3 months ago
@bryanrego @jvandenbos

What exactly is the error you’re seeing? And/or what does your logs show?

Here is what I’m thinking– the Gravity Forms plugin is not using the WordPress’ built-in cookie authentication method, rest_cookie_check_errors().

If @bryanrego is correct that the Gravity Forms plugin is running at the template_redirect hook, then you guys might need a combination of both the remove_filter() function and the v_forcelogin_bypass filter.

For example:

remove_filter( 'rest_authentication_errors', 'v_forcelogin_rest_access', 99 );
```
/**
 * Bypass Force Login to allow for exceptions.
 *
 * @return bool Whether to disable Force Login. Default false.
 */
function my_forcelogin_bypass( $bypass ) {
  if ( isset($_GET['api_key']) ) {
    $bypass = true;
  }
  return $bypass;
}
add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10 );
```
- This reply was modified 8 years, 3 months ago by Kevin Vess.
bryanrego
(@bryanrego)

8 years, 3 months ago

That worked like a charm @kevinvess Thanks!!

jvandenbos
(@jvandenbos)

8 years, 3 months ago

Totally awesome @kevinvess, that worked for me as well! Much appreciated.

Plugin Author Kevin Vess
(@kevinvess)

8 years, 3 months ago

@bryanrego @jvandenbos

Excellent! I’m glad that worked for you both.

Be sure to rate and review my plugin to let others know how you like it.

Thanks for using Force Login!

Viewing 7 replies - 16 through 22 (of 22 total)

← 1 2

The topic ‘REST API’ is closed to new replies.