Magento 2 REST身份验证出现问题 [英] Problem with Magento 2 REST authentication
问题描述
我正在使用一些Magento 2.3 REST调用,并且发现对于某些调用(似乎始终是GET),Magento返回了身份验证错误,而对于其他调用(似乎始终是POST/PUT),通话成功.我正在获取一个Admin令牌(没有任何问题-这是一个POST),并使用Bearer身份验证,然后在成功的调用和未成功的调用上使用相同的令牌.我的用户被定义为Magento,是管理员,可以访问全部.
I am using some Magento 2.3 REST calls, and I am finding that for certain calls (and it seems to be consistently GETs) Magento is returning an authentication error, while for others (which seem to be consistently POST/PUTs) the call is succeeding. I am getting an Admin token (without any problem - this is a POST) and using Bearer authentication, then using the same token on calls that succeed and ones that don't. My user is defined to Magento as an Administrator, with access to All.
我正在一个可能随时更改的测试环境中工作.我已经工作了几个月没有这个问题.然后,在服务器上打开了基本身份验证,这阻碍了所有事情,因为您不能将基本身份验证和承载身份验证详细信息都放在一个调用中.但是我的IP随后被列入了白名单,现在我可以浏览服务器,而无需点击基本身份验证屏幕,而且正如我所说的那样,一些REST调用是有效的,但并非全部.
I am working in a test environment which is subject to change. I have been working for some months without this problem. Then basic authentication was switched on on the server, which got in the way of everything, as you cannot put both Basic and Bearer authentication details into a single call. However my IP was then whitelisted, and I can now browse to the server without hitting the basic authentication screen, and as I say some of the REST calls work, but not all.
我已经设置了一个测试PHP程序:
I have a test PHP program set up that:
- 设置值,例如主机地址,用户,密码等
- 获取管理员令牌;
- 使用GET/rest/V1/orders/{id}获取订单的详细信息
- 使用POST/rest/V1/orders设置同一订单的状态
对于GET和POST调用,我打开了Verbose选项.
For the GET and POST calls I have the Verbose option switched on.
令牌代码为:
// Get handle for token retrieval
$userData = array("username" => $user, "password" => $pwd);
$ch = curl_init("https://" . $host . "/rest/V1/integration/admin/token/");
// Set options
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($userData));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json",
"Content-Length: " . strlen(json_encode($userData))));
// Get token
echo "<PRE>*** Getting Magento Token *** </PRE>";
$token = curl_exec($ch);
$magento_token = json_decode($token);
echo "Value returned: " . $token . "<BR><BR><BR><BR>";
GET代码为:
// Execute REST request to get order details
$ch = curl_init("https://" . $host . "/rest/V1/orders/" . $increment_id);
// Set options
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json",
"Authorization: Bearer " . $magento_token));
curl_setopt($ch, CURLOPT_VERBOSE, true);
$verbose = fopen('/tmp/curl.log', 'w+');
curl_setopt($ch, CURLOPT_STDERR, $verbose);
// Get details
echo "<PRE>*** Getting Order Details *** </PRE>";
$result = curl_exec($ch);
echo "Value returned: " . $result . "<BR><BR>";
// Display log
rewind($verbose);
$verboseLog = stream_get_contents($verbose);
echo "<BR>Verbose information 1:\n<pre>", htmlspecialchars($verboseLog), "</pre>\n";
POST代码为:
// Set up parameter array
$post_params = Array("entity" =>
Array("entity_id" => $entity_id,
"increment_id" => "$increment_id",
"state" => "processing",
"status" => "picked"));
$params = "fields=increment_id,state,status";
// Execute REST request to get order details
$ch = curl_init("https://" . $host . "/rest/V1/orders/?" . $params);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($post_params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json",
"Authorization: Bearer " . $magento_token,
"Content-Length: " . strlen(json_encode($post_params))));
curl_setopt($ch, CURLOPT_VERBOSE, true);
$verbose = fopen('/tmp/curl.log', 'w+');
curl_setopt($ch, CURLOPT_STDERR, $verbose);
// Get details
echo "<BR><BR><BR><PRE>*** Setting Order Status *** </PRE>";
$result = curl_exec($ch);
echo "Value returned: " . $result . "<BR><BR>";
// Display log
rewind($verbose);
$verboseLog = stream_get_contents($verbose);
echo "<BR>Verbose information 2:\n<pre>", htmlspecialchars($verboseLog), "</pre>\n";
运行程序时的显示如下.可以看出,令牌没有问题地被返回,并且GET和POST都使用它,但是GET失败.
The display when I run the program is given below. As can be seen, the token is returned without problem, and both the GET and the POST use it, but the GET fails.
输出:
*** Getting Magento Token ***
Value returned: "ghai1n05532d9rztojfv2cuxfrw7gcw5"
*** Getting Order Details ***
Value returned: {"message":"The consumer isn't authorized to access
%resources.","parameters":{"resources":"Magento_Sales::actions_view"},"trace":"#0
\/var\/www\/sand2\/public_html\/vendor\/magento\/module-webapi\/Controller\/Rest\/RequestValidator.php(68):
Magento\\Webapi\\Controller\\Rest\\RequestValidator->checkPermissions()\n#1
\/var\/www\/sand2\/public_html\/vendor\/magento\/module-webapi\/Controller\/Rest\/InputParamsResolver.php(80):
Magento\\Webapi\\Controller\\Rest\\RequestValidator->validate()\n#2
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/Interception\/Interceptor.php(58):
Magento\\Webapi\\Controller\\Rest\\InputParamsResolver->resolve()\n#3
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/Interception\/Interceptor.php(138):
Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->___callParent('resolve', Array)\n#4
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/Interception\/Interceptor.php(153):
Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->Magento\\Framework\\Interception\\{closure}()\n#5
\/var\/www\/sand2\/public_html\/generated\/code\/Magento\/Webapi\/Controller\/Rest\/InputParamsResolver\/Interceptor.php(26):
Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->___callPlugins('resolve', Array, Array)\n#6
\/var\/www\/sand2\/public_html\/vendor\/magento\/module-webapi\/Controller\/Rest\/SynchronousRequestProcessor.php(85):
Magento\\Webapi\\Controller\\Rest\\InputParamsResolver\\Interceptor->resolve()\n#7
\/var\/www\/sand2\/public_html\/vendor\/magento\/module-webapi\/Controller\/Rest.php(188):
Magento\\Webapi\\Controller\\Rest\\SynchronousRequestProcessor->process(Object(Magento\\Framework\\Webapi\\Rest\\Request\\
Proxy))\n#8 \/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/Interception\/Interceptor.php(58):
Magento\\Webapi\\Controller\\Rest->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#9
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/Interception\/Interceptor.php(138):
Magento\\Webapi\\Controller\\Rest\\Interceptor->___callParent('dispatch', Array)\n#10
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/Interception\/Interceptor.php(153):
Magento\\Webapi\\Controller\\Rest\\Interceptor->Magento\\Framework\\Interception\\{closure}(Object(Magento\\Framework\\App\\
Request\\Http))\n#11
\/var\/www\/sand2\/public_html\/generated\/code\/Magento\/Webapi\/Controller\/Rest\/Interceptor.php(26):
Magento\\Webapi\\Controller\\Rest\\Interceptor->___callPlugins('dispatch', Array, Array)\n#12
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/App\/Http.php(137):
Magento\\Webapi\\Controller\\Rest\\Interceptor->dispatch(Object(Magento\\Framework\\App\\Request\\Http))\n#13
\/var\/www\/sand2\/public_html\/vendor\/magento\/framework\/App\/Bootstrap.php(261):
Magento\\Framework\\App\\Http->launch()\n#14 \/var\/www\/sand2\/public_html\/pub\/index.php(40):
Magento\\Framework\\App\\Bootstrap->run(Object(Magento\\Framework\\App\\Http\\Interceptor))\n#15 {main}"}
Verbose information 1:
* About to connect() to [my_host] port 443 (#5)
* Trying [host_ip]...
* Connected to [my_host] ([host_ip]) port 443 (#5)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=ssl379212.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
* start date: Jun 07 00:00:00 2019 GMT
* expire date: Dec 14 23:59:59 2019 GMT
* common name: ssl379212.cloudflaressl.com
* issuer: CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> GET /rest/V1/orders/1000099861 HTTP/1.1
Host: [my_host]
Accept: */*
Content-Type: application/json
Authorization: Bearer ghai1n05532d9rztojfv2cuxfrw7gcw5
< HTTP/1.1 401 Unauthorized
< Date: Sun, 14 Jul 2019 12:14:40 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 3034
< Connection: keep-alive
< Set-Cookie: __cfduid=d7f7294db28f5aa2210b0d4349cc484fc1563106480; expires=Mon, 13-Jul-20 12:14:40 GMT; path=/; domain=[my_domain]; HttpOnly
< X-UA-Compatible: IE=edge
< Pragma: no-cache
< Expires: -1
< Cache-Control: no-store, no-cache, must-revalidate, max-age=0
< Set-Cookie: PHPSESSID=8fuvj627r81k74iv5gs1oofv8s; expires=Sun, 14-Jul-2019 13:14:40 GMT; Max-Age=3600; path=/; domain=[my_host]; secure; HttpOnly
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 4f636aed1bcc35a0-LHR
<
* Connection #5 to host [my_host] left intact
*** Setting Order Status ***
Value returned: {"increment_id":"1000099861","state":"processing","status":"picked"}
Verbose information 2:
* About to connect() to [my_host] port 443 (#6)
* Trying [host_ip]...
* Connected to [my_host] ([host_ip]) port 443 (#6)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=ssl379212.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
* start date: Jun 07 00:00:00 2019 GMT
* expire date: Dec 14 23:59:59 2019 GMT
* common name: ssl379212.cloudflaressl.com
* issuer: CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> POST /rest/V1/orders/ HTTP/1.1
Host: [my_host]
Accept: */*
Content-Type: application/json
Authorization: Bearer ghai1n05532d9rztojfv2cuxfrw7gcw5
Content-Length: 90
* upload completely sent off: 90 out of 90 bytes
< HTTP/1.1 200 OK
< Date: Sun, 14 Jul 2019 12:14:40 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 2164
< Connection: keep-alive
< Set-Cookie: __cfduid=d9b640ef9a03429671731b1d18271062b1563106480; expires=Mon, 13-Jul-20 12:14:40 GMT; path=/; domain=[my_domain]; HttpOnly
< X-Frame-Options: SAMEORIGIN
< X-UA-Compatible: IE=edge
< Pragma: no-cache
< Expires: -1
< Cache-Control: no-store, no-cache, must-revalidate, max-age=0
< Accept-Ranges: bytes
< Set-Cookie: PHPSESSID=1hvd98s6lmd0ajqjlk6qpmk6lq; expires=Sun, 14-Jul-2019 13:14:40 GMT; Max-Age=3600; path=/; domain=[my_host]; secure; HttpOnly
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 4f636aee1d4adc4b-LHR
<
* Connection #6 to host [my_host] left intact
*添加了注释* 为了使问题变得更怪异,我发现我可以以一种稍微绕行的方式获得我想要的信息(在本示例中,无论如何).像Magento 2 REST API中的许多POST/PUT调用一样,上面的POST实际上返回了所讨论订单的所有数据(如果我添加了字段"查询参数,则返回一个子集).因此,我可以使用POST将订单的某些已知属性设置为我知道的值,然后以与从GET读取数据完全相同的方式,从返回的JSON字符串中读取所需的数据.如果成功,请致电.由于某种原因,Magento对我很高兴通过POST而不是通过GET访问数据.这有意义吗?
* Added Note * To make the problem a bit weirder, I've found that I can get the information I want (in this example at any rate) in a slightly roundabout way. Like many of the POST/PUT calls in the Magento 2 REST API, the POST above actually returns all the data for the order in question (or a subset if I add a 'fields' query parameter). So I can use the POST to set some known attribute of the order to the value that I know it has already, then read off the data I want from the returned JSON string in exactly the same way as I would read it off from the GET call if that succeeded. For some reason Magento is quite happy for me to access the data through the POST, but not through the GET. Does that make any sense???
推荐答案
将PHP处理程序从cgi更改为suphp解决了该问题. GET请求现在可以与POST请求一起使用.我不知道处理程序如何对这个晦涩的问题负责,所以如果有人可以提供任何帮助,我将不胜感激.
Changing the PHP handler from cgi to suphp solved the problem. The GET requests now work along with the POST requests. I have no idea how the handler can be responsible for this obscure problem, so if anyone can shed any light, I would be grateful.
这篇关于Magento 2 REST身份验证出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
