colymba
commented
8 years ago So... maybe best way to do it is to create your own Authenticator, so we can leave authentication on all methods, but skip it in some cases....
The config would look something like:
RESTfulAPI:
authentication_policy: true
dependencies:
authenticator: '%$RESTfulAPI_CustomTokenAuthenticator'
authority: '%$RESTfulAPI_DefaultPermissionManager'
queryHandler: '%$RESTfulAPI_DefaultQueryHandler'
serializer: '%$RESTfulAPI_BasicSerializer'
Member:
api_access: 'GET,POST,PUT'
extensions:
- RESTfulAPI_TokenAuthExtensionThis is just the basic config except this replaces the authenticator dependency with a custom class RESTfulAPI_CustomTokenAuthenticator, but you can call it whatever...
Then create the RESTfulAPI_CustomTokenAuthenticator class that extends RESTfulAPI_TokenAuthenticator and all that should be needed is to overload the authenticate method:
class RESTfulAPI_CustomTokenAuthenticator extends RESTfulAPI_TokenAuthenticator
{
public function authenticate(SS_HTTPRequest $request)
{
if ($request->httpMethod() === 'POST' && $request->param('ClassName') === 'Member')
{
return true;
} else {
return parent::authenticate($request);
}
}
}This should always allow POST request on the Member DataOBject, otherwise just do the normal authentication. Of course you could do more test etc before return true;...
That's the basics of it... you might to test things out and see how it goes...
MarkyParkyJozi
Im still pretty new to silverstripe so maybe Im missing some fundamentals? Surely this pattern or something similar has been done before but I would like to be able to implement a registration page. So for a new user to create a profile in order to login. At this point in the journey he (the user) would not have a token but would require one only after registering and a new member has been created.
I would like to be able to create a new member by posting to a url: "http://mysite.local/api/Member" with data like : {"FirstName":"test1"}.
When I try the above I get a "Token invalid" response.
Heres the config.yml: