Hi,

I am developing a project similar to this which it is a React component which gives the user the ability to 'like' a node or in my case a custom entity. That entity it's saved in the user profile with an entity_reference field.

Therefore, I defined a new Profile type, and I created an entity_reference field. Then, I logged in as administrator, I went to my profile, and add one entity with the autocomplete widget.

Now, I am trying to delete this 'like' in my app.

However, according to the documentation in order to request a delete operation you need a header called Authorization.

In PHP/Drupal, you could build this by something like this:

  function formatBasicAuth($account) {
    $basicAuthCredential = $account->getUsername() . ':' . $account->getPassword();
    $base64              = base64_encode($basicAuthCredential);
    return 'Basic ' . $base64;
  }

However, the $account->getPassword() is hashed, and that's why I think my request is not working. Also in this question they are saying that it is not possible to decrypt the password and still suggesting not to do so.

Furthermore, in this example I am following did not use that particular Header, and I assumed the example works.

Is it not necessary that header? how do you build the Basic username:password programmatically?

My request:

http://d8.local/jsonapi/profile/custom-profile/54c30d12-a6b0-4c5e-9760-whatever/relationships/field_entity_reference

Body:

{  
    "data": 
        {
            "type": "entity--and-type",
            "id": "8b6907b4-9390-4740-b4f6-whatever"
        }
}

Headers: 

Accept: application/vnd.api+json
Content-Type: application/vnd.api+json
Authorization: result from the function above

Response:

{
    "jsonapi": {
        "version": "1.0",
        "meta": {
            "links": {
                "self": {
                    "href": "http://jsonapi.org/format/1.0/"
                }
            }
        }
    },
    "errors": [
        {
            "title": "Forbidden",
            "status": "403",
            "detail": "The current user is not allowed to edit this relationship.",
            "links": {
                "via": {
                    "href": "http://d8.local/jsonapi/profile/fairs/54c30d12-a6b0-4c5e-whatever/relationships/field_entity_reference"
                },
                "info": {
                    "href": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4"
                }
            }
        }
    ]
}

Although, it says "The current user is not allowed to edit this relationship." I am login as Administrator and also got enabled the HTTP Basic Authentication module.

Comments

thetwentyseven created an issue. See original summary.

thetwentyseven’s picture

thetwentyseven commented
Issue summary: View changes
thetwentyseven’s picture

thetwentyseven commented
Issue summary: View changes
thetwentyseven’s picture

thetwentyseven commented
Issue summary: View changes