Billow
November 27, 2020, 8:10am
1
I’m writing a PHP class to connect to GraphiQL. I got to the point of obtaining an access token, but when I try to execute a query, I get Authorization has been denied for this request.
Here is my method:
public function query($q)
{
// Check if access token is expired
if (time() >= $this->conf->get_val('expires')) $this->login();
$payload = http_build_query($q);
$opts = [
'http' => [
'method' => 'POST',
'ignore_errors' => true,
'header'=> "Authorization: bearer ".$this->conf->get_val('atoken')
."dataType: json"
."Content-type: application/json\r\n"
."Content-Length: " . strlen($payload) . "\r\n",
'content' => $payload
]
];
$c = stream_context_create($opts);
$res = file_get_contents($this->build_url('api/graphql'), false, $c);
print_r($res);
}
Anyone familiar enough with PHP to help? Or do you think this is a setting in Samba?
Billow
November 27, 2020, 8:12am
2
Here is my entire class:
<?php
class Samba
{
var $conf, $error_mess, $http_status;
const HTTP_STATUS_OK = "HTTP/1.1 200 OK";
function __construct()
{
$s = new Settings('SAMBA_CONFIG');
$this->conf = $s;
return true;
}
private function check_status($h = null)
{
if ($h)
{
if (is_array($h))
{
$this->http_status = $h[0];
if ($this->http_status == self::HTTP_STATUS_OK)
{
return true;
}
}
}else{
$this->error_mess = "Failed to connect to POS server!";
return false;
}
}
private function build_url($endpoint)
{
return $this->conf->get_val('proto')
."://".$this->conf->get_val('host')
.":".$this->conf->get_val('port')
."/".$endpoint;
}
private function login()
{
$data = [
'grant_type' => 'password',
'username' => $this->conf->get_val('user'),
'password' => $this->conf->get_val('pass'),
'client_id' => $this->conf->get_val('client_id'),
'client_secret' => $this->conf->get_val('client_secret')
];
$payload = http_build_query($data);
$opts = [
'http' => [
'method' => 'POST',
'ignore_errors' => true,
'header'=> "Content-type: application/x-www-form-urlencoded\r\n"
."Content-Length: " . strlen($payload) . "\r\n",
'content' => $payload
]
];
$c = stream_context_create($opts);
$res = file_get_contents($this->build_url('token'), false, $c);
if($this->check_status($http_response_header))
{
$json = json_decode($res);
$this->conf->set('atoken', $json->access_token);
$this->conf->set('rtoken', $json->refresh_token);
$this->conf->set('expires', time()+$json->expires_in);
if ($this->conf->update())
{
return true;
}else{
$this->error_mess = $this->conf->error_mess;
return false;
}
}
}
public function query($q)
{
// Check if access token is expired
if (time() >= $this->conf->get_val('expires')) $this->login();
$payload = http_build_query($q);
$opts = [
'http' => [
'method' => 'POST',
'ignore_errors' => true,
'header'=> "Authorization: bearer ".$this->conf->get_val('atoken')
."dataType: json"
."Content-type: application/json\r\n"
."Content-Length: " . strlen($payload) . "\r\n",
'content' => $payload
]
];
$c = stream_context_create($opts);
$res = file_get_contents($this->build_url('api/graphql'), false, $c);
print_r($res);
}
}
?>
Billow
November 27, 2020, 8:14am
3
And here is my class instantiation:
$sam = new Samba;
$sam->query([
"query" => "{getTickets{id}}",
"variables" => null,
"operationName" => null
]);
print_r($sam);
Result:
{
"message": "Authorization has been denied for this request."
}
Memo
November 27, 2020, 1:56pm
4
If you’re able to successfully obtain an access token but fail on the query it may because a) the access token is expired, or b) the access token is malformed.
What method are you using inside the http_build_query() wrapper?
Billow
November 27, 2020, 4:47pm
5
Hi. Here is the usage for http_build_query from php.net :
http_build_query ( mixed $query_data [, string $numeric_prefix [, string $arg_separator [, int $enc_type = PHP_QUERY_RFC1738 ]]] ) : string
I’m not sure what you mean by method. I’m using POST for the http request, which is defined in the steam context function. I’m wondering about en_type though. It looks like the default is RFC1738. PHP says RFC3986 is also an option.
Memo
November 27, 2020, 5:40pm
6
sorry, method = function
I’m not familiar with http_build_query
<?php
$query = '';
$accessToken = '';
$url = 'http://127.0.0.1:9000/api/graphql';
$method = 'POST';
$responseString = gqlApiQuery($query, $accessToken, $url, $method);
if ($responseString)
{
$responseObj = json_decode($responseString);
$jsonErrorMessage = '';
switch (json_last_error())
{
case JSON_ERROR_NONE:
break;
case JSON_ERROR_DEPTH:
$jsonErrorMessage = 'Maximum stack depth exceeded';
break;
case JSON_ERROR_STATE_MISMATCH:
$jsonErrorMessage = 'Underflow or the modes mismatch';
break;
case JSON_ERROR_CTRL_CHAR:
$jsonErrorMessage = 'Unexpected control character found';
break;
case JSON_ERROR_SYNTAX:
$jsonErrorMessage = 'Malformed JSON';
break;
case JSON_ERROR_UTF8:
$jsonErrorMessage = 'Malformed UTF-8 characters, possibly incorrectly encoded';
break;
default:
$jsonErrorMessage = 'JSON - Other';
break;
}
if ($jsonErrorMessage != '')
{
//LOG JSON ERROR
exit();
}
if (!$responseObj->message)
{
if (!$responseObj->errors)
{
print ($responseString);
}
else
{
//LOG API ERROR
print ($responseObj->errors->message);
}
}
else
{
//LOG API ERROR
print ($responseObj->message);
}
}
else
{
//LOG NULL RESPONSE ERROR
}
function gqlApiQuery($query, $accessToken, $url, $method)
{
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "$url",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "$method",
CURLOPT_POSTFIELDS =>"$query",
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
'dataType: json',
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
return $response;
}
Tested and verified working
EDIT:
1 Like
Billow
November 28, 2020, 1:49am
7
Yeah I think your function is accomplishing the same thing. My function is a special PHP wrapper to reduce lines of code. I got the same error unfortunately.
Here is my new class with your code adapted:
<?php
class Samba
{
var $conf, $error_mess, $http_status;
const HTTP_STATUS_OK = "HTTP/1.1 200 OK";
function __construct()
{
$s = new Settings('SAMBA_CONFIG');
$this->conf = $s;
return true;
}
private function check_status($h = null)
{
if ($h)
{
if (is_array($h))
{
$this->http_status = $h[0];
if ($this->http_status == self::HTTP_STATUS_OK)
{
return true;
}
}
}else{
$this->error_mess = "Failed to connect to POS server! [".$this->http_status."]";
return false;
}
}
private function build_url($endpoint)
{
return $this->conf->get_val('proto')
."://".$this->conf->get_val('host')
.":".$this->conf->get_val('port')
."/".$endpoint;
}
private function login()
{
$data = [
'grant_type' => 'password',
'username' => $this->conf->get_val('user'),
'password' => $this->conf->get_val('pass'),
'client_id' => $this->conf->get_val('client_id'),
'client_secret' => $this->conf->get_val('client_secret')
];
$payload = http_build_query($data);
$opts = [
'http' => [
'method' => 'POST',
'ignore_errors' => true,
'header'=> "Content-type: application/x-www-form-urlencoded\r\n"
."Content-Length: " . strlen($payload) . "\r\n",
'content' => $payload
]
];
$c = stream_context_create($opts);
$res = file_get_contents($this->build_url('token'), false, $c);
if($this->check_status($http_response_header))
{
$json = json_decode($res);
$this->conf->set('atoken', $json->access_token);
$this->conf->set('rtoken', $json->refresh_token);
$this->conf->set('expires', time()+$json->expires_in);
if ($this->conf->update())
{
return true;
}else{
$this->error_mess = $this->conf->error_mess;
return false;
}
}
}
function query($q)
{
// Check if access token is expired
if (time() >= $this->conf->get_val('expires')) $this->login();
// CURL setup
$url = $this->build_url('api/graphql');
$method = 'POST';
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_POSTFIELDS => $q,
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer ".$this->conf->atoken,
'dataType: json',
'Content-Type: application/json'
),
));
$responseString = curl_exec($curl);
curl_close($curl);
if ($responseString)
{
$responseObj = json_decode($responseString);
$jsonErrorMessage = '';
switch (json_last_error())
{
case JSON_ERROR_NONE:
break;
case JSON_ERROR_DEPTH:
$jsonErrorMessage = 'Maximum stack depth exceeded';
break;
case JSON_ERROR_STATE_MISMATCH:
$jsonErrorMessage = 'Underflow or the modes mismatch';
break;
case JSON_ERROR_CTRL_CHAR:
$jsonErrorMessage = 'Unexpected control character found';
break;
case JSON_ERROR_SYNTAX:
$jsonErrorMessage = 'Malformed JSON';
break;
case JSON_ERROR_UTF8:
$jsonErrorMessage = 'Malformed UTF-8 characters, possibly incorrectly encoded';
break;
default:
$jsonErrorMessage = 'JSON - Other';
break;
}
if (!empty($jsonErrorMessage))
{
$this->error_mess = $jsonErrorMessage;
return false;
}
if (!$responseObj->message)
{
if (!$responseObj->errors)
{
print_r($responseObj);
}
else
{
//LOG API ERROR
$this->error_mess = $responseObj->errors->message;
return false;
}
}
else
{
//LOG API ERROR
$this->error_mess = $responseObj->message;
return false;
}
}
else
{
//LOG NULL RESPONSE ERROR
}
}
}
?>
Billow
November 28, 2020, 2:04am
8
Are there any Samba log files I can look at? I have all functions turned on in Samba. This is driving my nuts!
Billow
November 28, 2020, 2:29am
9
Never mind. I was incorrectly calling atoken from setttings. That was not the original problem though. I’m no longer getting “Authorization denied”. Now I’m getting “An error occured”. More in a bit.
1 Like
Billow
November 28, 2020, 2:41am
10
I got it! It works!! I forgot to json_encode() the query lol.
I’ll publish my class once it’s done, with all handlers and such. Still need to detect invalid access token and exchange refresh for access.
Thanks Memo.
1 Like
Memo
November 28, 2020, 3:05am
11
When there is an invalid access token message will be the only thing returned in the JSON response which I handled here:
if (!$responseObj->message)
{
if (!$responseObj->errors)
{
print ($responseString);
}
else
{
//LOG API ERROR
print ($responseObj->errors->message);
}
}
else
{
//LOG API ERROR
print ($responseObj->message);
}
Regarding refresh tokens, I found it easier to just store the access token and expiration date (minus 5 mins) and compare the expiration datetime with now to see if a new access token is required.
Billow
November 28, 2020, 10:41pm
12
Here is my completed working PHP class:
<?php
class Samba
{
var $conf, $error_mess, $http_status;
var $auth_method = "access_token";
var $retries = 0;
var $res;
const HTTP_STATUS_OK = "HTTP/1.1 200 OK";
const HTTP_STATUS_BAD_REQ = "HTTP/1.1 400 Bad Request";
const CURL_HTTP_CODE_UNAUTH = 401;
const CURL_HTTP_CODE_OK = 200;
const MAX_RETRIES = 5;
function __construct()
{
$s = new Settings('SAMBA_CONFIG');
$this->conf = $s;
return true;
}
private function auth_log($stat)
{
$fields = [
'auth_method',
'auth_user',
'auth_status'
];
$vals = [
$this->auth_method,
$this->conf->get_val('user'),
$stat
];
global $db;
$db->insert('api_auth_log', $fields, $vals);
}
private function check_status($h = null)
{
if ($h)
{
if (is_array($h))
{
$this->http_status = $h[0];
switch ($this->http_status)
{
case self::HTTP_STATUS_OK:
$this->auth_log('OK');
return true;
break;
case self::HTTP_STATUS_BAD_REQ:
if ($this->retries < self::MAX_RETRIES)
{
$this->auth_log('FAIL');
$this->conf->set('atoken', '');
$this->conf->set('rtoken', '');
$this->conf->update();
return $this->login();
}else{
$this->error_mess = "Max login retries [".self::MAX_RETRIES."] exceeded!";
return false;
}
break;
default:
$this->error_mess = "An HTTP error occurred [".$this->http_status."]";
return false;
}
}
}else{
$this->error_mess = "Failed to connect to POS server! [".$this->http_status."]";
return false;
}
}
private function build_url($endpoint)
{
return $this->conf->get_val('proto')
."://".$this->conf->get_val('host')
.":".$this->conf->get_val('port')
."/".$endpoint;
}
private function login()
{
$do_refresh = false;
if (!empty($this->conf->get_val('rtoken')))
{
$this->auth_method = "refresh_token";
$data = [
'grant_type' => $this->auth_method,
'refresh_token' => $this->conf->get_val('rtoken')
];
$do_refresh = true;
}else{
$this->auth_method = "password";
$data = [
'grant_type' => $this->auth_method,
'username' => $this->conf->get_val('user'),
'password' => $this->conf->get_val('pass')
];
}
$data['client_id'] = $this->conf->get_val('client_id');
$data['client_secret'] = $this->conf->get_val('client_secret');
$payload = http_build_query($data);
$opts = [
'http' => [
'method' => 'POST',
'ignore_errors' => true,
'header'=> "Content-type: application/x-www-form-urlencoded\r\n"
."Content-Length: " . strlen($payload) . "\r\n",
'content' => $payload
]
];
$c = stream_context_create($opts);
$res = file_get_contents($this->build_url('token'), false, $c);
if($this->check_status($http_response_header))
{
$json = json_decode($res);
$this->conf->set('atoken', $json->access_token);
$this->conf->set('rtoken', $json->refresh_token);
$this->conf->set('expires', time()+$json->expires_in);
if ($this->conf->update())
{
return true;
}else{
$this->error_mess = $this->conf->error_mess;
return false;
}
}
}
function query($q, $from_file=1)
{
// Load query file
if ($from_file)
{
$qf = GQL_DIR."/".$q.".graphql";
if (file_exists($qf))
{
$q = file_get_contents($qf);
}else{
$this->error_mess = "Query file not found [".$q."]";
return false;
}
}
$query = [
"query" => $q,
"variables" => null,
"operationName" => null
];
// Check if access token is expired
if (time() >= $this->conf->get_val('expires')) $this->login();
// CURL setup
$url = $this->build_url('api/graphql');
$method = 'POST';
$curl = curl_init();
curl_setopt_array($curl, array(
CURLINFO_HEADER_OUT => true,
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_POSTFIELDS => json_encode($query),
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer ".$this->conf->get_val('atoken'),
'dataType: json',
'Content-Type: application/json'
),
));
$responseString = curl_exec($curl);
$info = curl_getinfo($curl);
//print_r($info); die();
// Check HTTP status
if ($info['http_code'] != self::CURL_HTTP_CODE_OK)
{
if ($info['http_code'] == self::CURL_HTTP_CODE_UNAUTH)
{
if (!$this->login()) return false;
return $this->query($q);
}else{
$this->error_mess = "An HTTP error occurred [".$info['http_code']."]";
return false;
}
}
curl_close($curl);
if ($responseString)
{
$responseObj = json_decode($responseString);
// Test for empty object
if (empty((array)$responseObj->data))
{
$this->error_mess = "Server returned no data!";
return false;
}
$jsonErrorMessage = '';
switch (json_last_error())
{
case JSON_ERROR_NONE:
break;
case JSON_ERROR_DEPTH:
$jsonErrorMessage = 'Maximum stack depth exceeded';
break;
case JSON_ERROR_STATE_MISMATCH:
$jsonErrorMessage = 'Underflow or the modes mismatch';
break;
case JSON_ERROR_CTRL_CHAR:
$jsonErrorMessage = 'Unexpected control character found';
break;
case JSON_ERROR_SYNTAX:
$jsonErrorMessage = 'Malformed JSON';
break;
case JSON_ERROR_UTF8:
$jsonErrorMessage = 'Malformed UTF-8 characters, possibly incorrectly encoded';
break;
default:
$jsonErrorMessage = 'JSON - Other';
break;
}
if (!empty($jsonErrorMessage))
{
$this->error_mess = $jsonErrorMessage;
return false;
}
if (!isset($responseObj->message) || empty($responseObj->message))
{
if (!$responseObj->errors)
{
$this->res = $responseObj;
return $this->res;
}
else
{
//LOG API ERROR
$this->error_mess = $responseObj->errors->message;
return false;
}
}
else
{
//LOG API ERROR
$this->error_mess = $responseObj->message;
return false;
}
}
else
{
//LOG NULL RESPONSE ERROR
$this->error_mess = "No response from server!";
return false;
}
}
}
?>
3 Likes