Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable requests to o2r server via ojs, which require a login #27

Open
1 of 6 tasks
Tracked by #5
tomniers opened this issue Nov 28, 2021 · 4 comments
Open
1 of 6 tasks
Tracked by #5

Enable requests to o2r server via ojs, which require a login #27

tomniers opened this issue Nov 28, 2021 · 4 comments
Assignees

Comments

@tomniers
Copy link
Collaborator

tomniers commented Nov 28, 2021

The idea here is that the user needs to be logged in on the o2r server in the same browser session where he is using OJS. Then the connect.sidof the o2r cookie can be used in OJS to enable requests to the o2r server.

old idea:

  • search for o2r cookie and extract connect.sid
  • use connect.sid in request whoami to control if the user is currently login on the o2r sever
  • if not explain user that he needs to relogin on the o2r server
  • repeat this until user is logged in on the o2r server

idea currently used:

  • try out request with currently working connect.sid
  • remember user if the user not inserted the connect.sid, so catch the corresponding error
@tomniers
Copy link
Collaborator Author

tomniers commented Nov 28, 2021

@tomniers
Copy link
Collaborator Author

tomniers commented Dec 10, 2021

  • there is still the "problem", that cookies can not be requested from different origins, difficult to request cookies from client
  • idea: OJS and o2r-Ui are running on the same origin. User needs to be logged in on o2r-Ui. If there is then a request to the o2r API from OJS the user is automatically logged in via the cookie and the request will work, because both services have the same origin
  • this can be tested e.g. if both o2r-ui and OJS are running locally on localhost
  • for the final solution on the server OJS needs to run on the server. The current plan is to create a container with OJS and the ojs-erc-plugin included. (https://github.com/Fmazin/ojs-erc-plugin/blob/master/test/docker-compose.yml, https://github.com/Fmazin/ojs-erc-plugin/blob/master/test/.env)

@tomniers
Copy link
Collaborator Author

tomniers commented Dec 19, 2021

  • so that the above idea works, there need to be some adaptions in the nginx-cors.conf of the o2r-ui
  • for both POST and GET add_header 'Access-Control-Allow-Origin' 'http://localhost:8000' always; and add_header 'Access-Control-Allow-Credentials' 'true' always; needs to be set
  • the limitation here is that the origin is clearly set, so if other people than us want to use this service, they need to inform us, that we set also their origin in the header
  • with this configuration request from OJS to the o2r API are possible, if both is running on the same origin so in this case localhost whereby OJS is running on http://localhost:8000
  • a example request could be
var data = new FormData(); 
    data.append("compendium_id", "COMPENDIUM_ID"); 
    
    $.ajax({
        type: 'POST',
        data: data,
        processData: false, 
        contentType: false, 
        url: 'http://localhost/api/v1/job',
        xhrFields: {
            withCredentials: true
    }}).done(function(res) {
        console.log(res);
    });

@tomniers
Copy link
Collaborator Author

6fa26d7
At the moment this is solved by a input by the user. The user needs to input the current connect.sid of the o2r service in the plugin settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants