[limesurvey-developers] Best way to enhance the API

Discussion:

Gabriel Jenik

2015-10-13 13:23:50 UTC

Hi All,

Which do you think is the best way to enhance the API?
I would like to avoid adding method to the remotecontrol_handle.php.

Maybe a plugin way of doing it?
I thought the DirectRequest event, but it doesn't validate the sessionKey.

Thought? Comments?

Thanks!

Gabriel

Sam Mousa

2015-10-13 13:38:47 UTC

Permalink

You could add manual session key validation to the LimesurveyApi object
(which is available to plugins) and then validate the key from within your
plugin.

In general session keys don't make a lot of sense for stateless APIs, so it
would be even better to just pass the username / password on each request
(I'm assuming you use SSL).

That way you can just useless stateless authentication inside your plugin.

Post by Gabriel Jenik
Hi All,
Which do you think is the best way to enhance the API?
I would like to avoid adding method to the remotecontrol_handle.php.
Maybe a plugin way of doing it?
I thought the DirectRequest event, but it doesn't validate the sessionKey.
Thought? Comments?
Thanks!
Gabriel
------------------------------------------------------------------------------
_______________________________________________
limesurvey-developers mailing list
https://lists.sourceforge.net/lists/listinfo/limesurvey-developers

Gabriel Jenik

2015-10-13 13:42:37 UTC

Permalink

OK, great!! Thanks!

Post by Sam Mousa
You could add manual session key validation to the LimesurveyApi object
(which is available to plugins) and then validate the key from within your
plugin.
In general session keys don't make a lot of sense for stateless APIs, so
it would be even better to just pass the username / password on each
request (I'm assuming you use SSL).
That way you can just useless stateless authentication inside your plugin.

------------------------------------------------------------------------------
_______________________________________________
limesurvey-developers mailing list
https://lists.sourceforge.net/lists/listinfo/limesurvey-developers

Denis Chenu

2015-10-13 13:37:07 UTC

Permalink

Hi Gabriel,

Actually we NEED (i think ;), a good event to add function to our API. I
don't found time to find the best way to add this event.
See : https://bugs.limesurvey.org/view.php?id=9788
I don't know if the plugin event must goes to all plugin or only to
'target' plugin. Maybe $aParams can go to api->get('something') ? Unsure
here.

With 2.05 : http://extensions.sondages.pro/extendremotecontrol/
But : need to add whole 'plugins/direct' from CsrfValidation (see
documentation)

Denis

------------------------------------------------------------------------------

Gabriel Jenik

2015-10-13 13:59:04 UTC

Permalink

Thanks!!
I will review it !!

Post by Denis Chenu
Hi Gabriel,
Actually we NEED (i think ;), a good event to add function to our API. I
don't found time to find the best way to add this event.
See : https://bugs.limesurvey.org/view.php?id=9788
I don't know if the plugin event must goes to all plugin or only to
'target' plugin. Maybe $aParams can go to api->get('something') ? Unsure
here.
With 2.05 : http://extensions.sondages.pro/extendremotecontrol/
But : need to add whole 'plugins/direct' from CsrfValidation (see
documentation)
Denis

sessionKey.

Post by Gabriel Jenik
Thought? Comments?
Thanks!
Gabriel

Denis Chenu

2015-10-13 14:27:43 UTC

Permalink

The solution from Sam is reeaallllyy good ....

Why don't i think to use it directly .....

Denis

Post by Gabriel Jenik
Thanks!!
I will review it !!

------------------------------------------------------------------------------