When and where is actionUpdate() used?

humhub / humhub-modules-fcm-push

5 stars 1 forks source link

When and where is actionUpdate() used? #1

Open steffes opened 4 years ago

steffes commented 4 years ago

I am building an iOS client using the RESTful API module and Firebase module. When is the actionUpdate() used? How do I invoke the saving of a new user in the fcmpush_user table? https://github.com/humhub/humhub-modules-fcm-push/blob/955db9730f07e51ddeda0b5a7d6dbe2631b009ae/controllers/TokenController.php#L30-L37

I have added all the credentials in the Firebase module. After checking the Mobile options, I am still not added to the fcmpush_user table 2020-04-10 11_59_22-(2) My Account - UW Orthopedics Faculty Enhancement

How can I add the fcm token, created on my iOS device, to the fcmpush_user table? Is this available through the RESTful API module? If not how can I refactor to make this possible?

steffes commented 4 years ago

@luke- how can I access the POST endpoint of fcm-push/token/update without being on a web browser on android? What needs to be in the header? is https://github.com/humhub/humhub-modules-fcm-push/blob/955db9730f07e51ddeda0b5a7d6dbe2631b009ae/Events.php#L133 the only thing that needs to be in body?

luke- commented 4 years ago

@steffes if you plan to use the action outside of the browser context, you may also need to disable the CSRF protection (additional random param)

https://github.com/humhub/humhub-modules-fcm-push/blob/955db9730f07e51ddeda0b5a7d6dbe2631b009ae/controllers/TokenController.php

class TokenController extends Controller
{
    public $enableCsrfValidation = false;

    public function actionUpdate() {
        //...

Otherwise you’ll get a 403 error.

Otherwise it is a simple POST request with a single parameter named "token". So no JSON body or something like that is used. The current user is read from the session.

Do we need to change something?

steffes commented 4 years ago

Applying the latest commit about CSP from @buddh4 to my /protected/humhub/config/web.php fixed my issue of the browser successfully updating the token. Adding

public $enableCsrfValidation = false;

to my TokenController helped from getting 404 as a POST response, to a 401 with {"success": false} response.

If I am outside of the browser context is there anyway to use the auth_token I get with the RESTful API Module (/api/v1/auth/login) to use in place of the browser session to get the current user so it can save the fcm token?

luke- commented 4 years ago

Unfortunately there is currently no link between the rest of the module and the FCM Push module yet.

You can either add FCM Push (add/update token) stuff to the existing Rest Module or add some basic auth to the FCM module (preferred).