Closed neillbell closed 5 years ago
Turning off ENABLE_CSRF_MAGIC appears to make this work for zmNinja although something odd seems to be happening in the logs.
My command line tool that uses the API still fails to log in:
I tried the example using curl from the API docs. It didn't work either.
ransom (133) curl -XPOST -d "user=neill&pass=******" -c cookies.txt https://zm.example.org/zm/api/host/login.json
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJab25lTWluZGVyIiwiaWF0IjoxNTU5MDg3Njc5LCJleHAiOjE1NTkwOTEyNzksInVzZXIiOiJuZWlsbCIsInR5cGUiOiJhY2Nlc3MifQ.Q2OWSC8nb6tCcNcIeoQ62kG1Ij0GoRA4nHcpPJAJA0U",
"access_token_expires": 3600,
"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJab25lTWluZGVyIiwiaWF0IjoxNTU5MDg3Njc5LCJleHAiOjE1NTkxNzQwNzksInVzZXIiOiJuZWlsbCIsInR5cGUiOiJyZWZyZXNoIn0.gnaAQPPnNn3V9rCVoo65qlnuX5T7__ku0wsJtPBYOn0",
"refresh_token_expires": 86400,
"credentials": "auth=c1c94785a0e6d7f37d10338ee038d563",
"append_password": 0,
"version": "1.33.9",
"apiversion": "2.0"
}
ransom (134) curl -b cookies.txt https://zm.example.org/zm/api/monitors.json
{
"success": false,
"data": {
"name": "Not Authenticated",
"message": "Not Authenticated",
"url": "\/zm\/api\/monitors.json",
"exception": {
"class": "UnauthorizedException",
"code": 401,
"message": "Not Authenticated",
"trace": [
"#0 \/usr\/share\/zoneminder\/www\/api\/app\/Controller\/MonitorsController.php(23): AppController->beforeFilter()",
"#1 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Event\/CakeEventManager.php(243): MonitorsController->beforeFilter(Object(CakeEvent))",
"#2 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Controller\/Controller.php(677): CakeEventManager->dispatch(Object(CakeEvent))",
"#3 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Routing\/Dispatcher.php(189): Controller->startupProcess()",
"#4 \/usr\/share\/zoneminder\/www\/api\/lib\/Cake\/Routing\/Dispatcher.php(167): Dispatcher->_invoke(Object(MonitorsController), Object(CakeRequest))",
"#5 \/usr\/share\/zoneminder\/www\/api\/app\/webroot\/index.php(107): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))",
"#6 {main}"
]
},
"queryLog": {
"default": {
"log": [],
"count": 0,
"time": null
}
}
}
}
}
ransom (135) cat cookies.txt
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_zm.example.org FALSE / FALSE 1559091279 ZMSESSID eanu4oopktsf7jfah36bmra0sp
I didn't know about the new token system. Sorry about that.
Describe Your Environment
Describe the bug Logging in via the API is non-functional. Tools like zmNinja cannot access ZoneMinder. Turning off authentication via OPT_USE_AUTH restores access.
To Reproduce Steps to reproduce the behavior:
Expected behavior ZmNinja should start normally and be able to access the system. Instead zmNinja reports an "API Access Error.
Debug Logs web_php.log cake_error.log