Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: create user fails #145

Closed
thomas-mc-work opened this issue Dec 17, 2024 · 8 comments
Closed

API: create user fails #145

thomas-mc-work opened this issue Dec 17, 2024 · 8 comments

Comments

@thomas-mc-work
Copy link

Given the following request:

curl --request PUT \
  --url https://wanderer.mydomain.org/api/v1/user \
  --header 'Content-Type: application/json' \
  --cookie pb_auth=%257B%2522token%2522%253A%… \
  --data '{
  "username": "lenny",
    "password": "s3cr3t",
    "passwordConfirm": "s3cr3t",
    "email": "[email protected]"
}'

I always get a 401 response:

{
	"url": "",
	"status": 401,
	"response": {
		"messgage": "Forbidden"
	},
	"isAbort": false,
	"originalError": {
		"status": 401,
		"response": {
			"messgage": "Forbidden"
		}
	},
	"name": "ClientResponseError 401"
}

Other API endpoints are working (e.g. GET …/user/<id>). The log files aren't telling anything.

What could be the cause?
@Flomp
Copy link
Owner

Flomp commented Jan 5, 2025

Hi,

I completely reworked the API in v0.13.0. Could you please update and retry?
The relevant API reference section is here:
https://wanderer.to/api-reference/operations/createuser

@thomas-mc-work
Copy link
Author

Sorry for the delay, now I could test it. But sadly it still doesn't work. Status code is 401 and the result is:

{
    "message": "Something went wrong while processing your request."
}

Regarding the status code: I'm able to do a GET on /api/v1/user/anonymous to list all users. So the authentification is basically working.

Is there a way to enable debug logging on the server side? Or anything else I can do to help?

@Flomp
Copy link
Owner

Flomp commented Jan 30, 2025

The API definitely works in general. One problem with your request is that the password is too short. Other than that the follow command works against the demo server:

curl --request PUT \
  --url https://demo.wanderer.to/api/v1/user \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "lenny",
    "password": "s3cr3t123",
    "passwordConfirm": "s3cr3t123",
    "email": "[email protected]"
}'

Does anything come to mind that might be different in your setup?

@thomas-mc-work
Copy link
Author

thomas-mc-work commented Jan 30, 2025
edited
Loading

Mine looks like that:

curl --request PUT \
  --url https://wanderer.mydomain.org/api/v1/user \
  --header 'Content-Type: application/json' \
  --cookie pb_auth=%257B%2522token%2522%253A%2522eyJhbGc… \
  --data '{
  "username": "lenny",
    "password": "s3cr3t123f",
    "passwordConfirm": "s3cr3t123f",
    "email": "[email protected]"
}'

Just changed the password to length 10 and then 12 characters. But that didn't help.

@Flomp
Copy link
Owner

Flomp commented Jan 30, 2025
edited
Loading

At least for this endpoint you do not require the cookie. Could you please try without it?

@thomas-mc-work
Copy link
Author

How does the server then recognize me as an authorized entity? I've tried it and it was the same result.

@Flomp
Copy link
Owner

Flomp commented Jan 30, 2025
edited
Loading

With the cookie. However, for a lot of endpoints, you don't need to authorize because they are public. PUT /user is one of them because an unregistered user can of course not authorize.
This for example is the PUT /comment endpoint:

curl --location --request PUT 'http://localhost:5173/api/v1/comment' \
--header 'Content-Type: application/json' \
--header 'pb_auth;' \
--header 'Cookie: pb_auth=%7B%22token%22%3A%22eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJleHAiOjE3Mzk0Nzc2MDAsImlkIjoiM211Z2Y5NTN3NGE5Zmc1IiwidHlwZSI6ImF1dGhSZWNvcmQifQ.yo_7BZ2RcP5yC1Tm4G4hihUMGpNSUBU2f2hXlRrnXaE%22%2C%22model%22%3A%7B%22avatar%22%3A%2223xxesym0e9w18z2904frnpgy7_OzsVanAmWP.jpg%22%2C%22collectionId%22%3A%22_pb_users_auth_%22%2C%22collectionName%22%3A%22users%22%2C%22created%22%3A%222024-06-29%2019%3A23%3A47.731Z%22%2C%22email%22%3A%22%22%2C%22emailVisibility%22%3Afalse%2C%22id%22%3A%223mugf953w4a9fg5%22%2C%22token%22%3A%22eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXlVaWQiOiIzMjk3NmExMi03ODE1LTQ1NGQtYTU5Yi1hNzY0ZTE4NmJjNjIiLCJzZWFyY2hSdWxlcyI6eyJsaXN0cyI6eyJmaWx0ZXIiOiJwdWJsaWMgPSB0cnVlIE9SIGF1dGhvciA9IDNtdWdmOTUzdzRhOWZnNSBPUiBzaGFyZXMgPSAzbXVnZjk1M3c0YTlmZzUifSwidHJhaWxzIjp7ImZpbHRlciI6InB1YmxpYyA9IHRydWUgT1IgYXV0aG9yID0gM211Z2Y5NTN3NGE5Zmc1IE9SIHNoYXJlcyA9IDNtdWdmOTUzdzRhOWZnNSJ9fX0.yfjQTlZtOAYpwv4wyyzezUZ0330vje_TMXXG84lokeE%22%2C%22updated%22%3A%222025-01-26%2011%3A26%3A43.846Z%22%2C%22username%22%3A%22Flomp%22%2C%22verified%22%3Atrue%7D%7D' \
--data-raw '{
    "text": "Toll!",
    "trail": "b038f75b3b49176",
    "author": "3mugf953w4a9fg5"
}'

It requires authorization because only registered users are allowed to comment.

@thomas-mc-work
Copy link
Author

PUT /user is one of them because an unregistered user can of course not authorize.

Oh shit … now the penny is beginning to drop: I've disabled public user registrations 😅 And after enabling it the request is working as expected (even with the cookie payload).

Please excuse me for wasting your time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thomas-mc-work @Flomp