I didn't quite like I didn't get the token as JSON.

This patch was sponsored by Tag1 Consulting .

token_service.patch1.57 KBchx
PASSED: [[SimpleTest]]: [MySQL] 1,589 pass(es). View
Members fund testing for the Drupal project. Drupal Association Learn more


chx’s picture

Title: Add a token service » Add a CSRF token service

Status: Needs review » Needs work

The last submitted patch, token_service.patch, failed testing.

chx’s picture

Status: Needs work » Needs review

Bot fluke.

ygerasimov’s picture

Status: Needs review » Fixed

I have added some changes to the patch and committed it. Main change is:

-function _services_sessions_authenticate_call() {
+function _services_sessions_authenticate_call($module, $controller) {
   global $user;
   $original_user = services_get_server_info('original_user');
-  if ($original_user->uid != 0) {
+  if ($original_user->uid != 0 && $controller['callback'] != '_user_resource_get_token') {

As in case we are calling XMLRPC server we cannot depend on url.

joachim’s picture

Could we possibly have a new release with this service? Without it, you need to know the base URL to a site, which is impossible to determine from the endpoint URL. That's a big problem for Clients module.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.