Extension - expose unauthenticated endpoint

Discussion in 'Extensions' started by stan911, Jun 6, 2018.

  1. stan911

    stan911 New Member

    Joined:
    May 15, 2018
    Messages:
    13
    Likes Received:
    1
    S.E:
    2018-10-24 17:06:58
    L.T:
    Regular
    L.C:
    1
    Is there a way to register a route for an extension, which doesn't require authentication? Eg:

    Yii::app()->urlManager->addRules(array(
    array('ext_webhook_index', 'pattern' => 'extensions/webhook/'),
    ));
    and then the resulting url, backend/index.php/webhook/index to not require authentication.

    I'm interesting on receiving some data from a web hook, from a third-party application.
     
  2. twisted1919

    twisted1919 Administrator Staff Member

    Joined:
    Dec 27, 2014
    Messages:
    9,106
    Likes Received:
    2,187
    @stan911 - Yes there is, just register your route in the unprotected controllers list before, like:
    PHP:
    // set the controller unprotected
    $unprotected = (array)Yii::app()->params->itemAt('unprotectedControllers');
    array_push($unprotected'ext_webhook_index');
    Yii::app()->params->add('unprotectedControllers'$unprotected);

    // your route registration.
    Yii::app()->urlManager->addRules(array(
        array(
    'ext_webhook_index''pattern' => 'extensions/webhook/'),
    ));
     
  3. stan911

    stan911 New Member

    Joined:
    May 15, 2018
    Messages:
    13
    Likes Received:
    1
    S.E:
    2018-10-24 17:06:58
    L.T:
    Regular
    L.C:
    1
    Works just fine :). Thank you for the information
     
  4. stan911

    stan911 New Member

    Joined:
    May 15, 2018
    Messages:
    13
    Likes Received:
    1
    S.E:
    2018-10-24 17:06:58
    L.T:
    Regular
    L.C:
    1
    @twisted1919 I have to get back to this. It works fine for GET requests. For POST requests it's trowing me an http 400 with the message "Error 400! The CSRF token could not be verified.". I've tried to find a way to disable CSRF validation at action level within the extension, but I cannot find a way to apply inside the extension.
    Any suggestions on how to disable CSRF validation at controller OR controller's action level?
     
  5. twisted1919

    twisted1919 Administrator Staff Member

    Joined:
    Dec 27, 2014
    Messages:
    9,106
    Likes Received:
    2,187
    Yup, do:
    PHP:
    // remove the csrf token validation
    $request Yii::app()->request;
    if (
    $request->isPostRequest && $request->enableCsrfValidation) {
        
    $url Yii::app()->urlManager->parseUrl($request);
        
    $routes = array('ext_webhook_index');
        foreach (
    $routes as $route) {
            if (
    strpos($url$route) === 0) {
                
    Yii::app()->detachEventHandler('onBeginRequest', array($request'validateCsrfToken'));
                
    Yii::app()->attachEventHandler('onBeginRequest', array($this'validateCsrfToken'));
                break;
            }   
        }
    }
     
  6. stan911

    stan911 New Member

    Joined:
    May 15, 2018
    Messages:
    13
    Likes Received:
    1
    S.E:
    2018-10-24 17:06:58
    L.T:
    Regular
    L.C:
    1
    This worked just fine, just at the end of run() method in the extension main file.

    Thank you.
     

Share This Page