2

I am trying to integrate REST services on my site. I am using this https://github.com/chriskacerguis/codeigniter-restserver example. So far I was able to successfully call the required data. However, when I wanted to add authorization to it and when I try to access it from Postman I get this error:

{
  "status": false,
  "error": "Unauthorized"
}

If I remove the auth, it works again. Does anyone know if this is a bug or is there something I'm missing?? This is my configuration: 

-------------------------------------------------------------------------
| REST Login
|--------------------------------------------------------------------------
|
| Set to specify the REST API requires to be logged in
|
| FALSE     No login required
| 'basic'   Unsecured login
| 'digest'  More secured login
| 'session' Check for a PHP session variable. See 'auth_source' to set the
|           authorization key
|
*/
$config['rest_auth'] = 'basic';

|--------------------------------------------------------------------------
| REST Login Usernames
|--------------------------------------------------------------------------
|
| Array of usernames and passwords for login, if ldap is configured this is ignored
|
*/
$config['rest_valid_logins'] = ['admin' => '1234'];

I can't access it through the url as well. The authentication popup keeps appearing even though I have entered the credentials. Please help

Improve this question
2
  • Did you check the "Array of usernames and passwords for login, if ldap is configured this is ignored" ? Commented May 15, 2017 at 14:39
  • I have removed ldap when setting it up Commented May 15, 2017 at 14:44

3 Answers 3

Reset to default
7

I struggled with this and I managed to get it working by appending the following to my .htaccess (after the index.php bit):

RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

In your situation I'm suspecting that the headers don't make it, this will ensure they do.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

It is checking for username and password from PHP Server variables

$username = $this->input->server('PHP_AUTH_USER'); and 

$password = $this->input->server('PHP_AUTH_PW');

In application/libraries/REST_Controller.php Line:1971

protected function _prepare_basic_auth()
    {
        // If whitelist is enabled it has the first chance to kick them out
        if ($this->config->item('rest_ip_whitelist_enabled'))
        {
            $this->_check_whitelist_auth();
        }
        // Returns NULL if the SERVER variables PHP_AUTH_USER and HTTP_AUTHENTICATION don't exist
        $username = $this->input->server('PHP_AUTH_USER');
        $http_auth = $this->input->server('HTTP_AUTHENTICATION');
        $password = NULL;
        if ($username !== NULL)
        {
            $password = $this->input->server('PHP_AUTH_PW');
        }
        elseif ($http_auth !== NULL)
        {
            // If the authentication header is set as basic, then extract the username and password from
            // HTTP_AUTHORIZATION e.g. my_username:my_password. This is passed in the .htaccess file
            if (strpos(strtolower($http_auth), 'basic') === 0)
            {
                // Search online for HTTP_AUTHORIZATION workaround to explain what this is doing
                list($username, $password) = explode(':', base64_decode(substr($this->input->server('HTTP_AUTHORIZATION'), 6)));
            }
        }
        // Check if the user is logged into the system
        if ($this->_check_login($username, $password) === FALSE)
        {
            $this->_force_login();
        }
    }

You can configure PHP_AUTH_USER and PHP_AUTH_PW Server variable as configured in API configuration to authenticate and solve this error or you can use API keys as alternative authentication method.

Improve this answer

2 Comments

Hi! Thanks for replying! Unfortunately it still doesn't work even with this addition. The same error is there.
You can set server vars as $_SERVER['PHP_AUTH_USER'] = 'admin'; and verify by echo $_SERVER['PHP_AUTH_USER']; similar for password. Also you can set $config['rest_auth'] = false; if you dont want to use this basic auth and you can use API key for auth purpose.
0

I managed to find out what the issue was! Turns out my server api was fastcgi and so the solution was to change the REST_Controller file. I found this link that works for fast cgi users

https://forum.codeigniter.com/thread-36015.html

Hope this helps someone!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.