You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Evgeny Bogdanov <ev...@epfl.ch> on 2010/03/25 17:51:27 UTC

/gagdets/metadata request doesn't work in PHP shindig

Hello,

I tried to execute POST request to shindig/gadgets/metadata. It does 
work for java version, but it doesn't work for php.

Here is a curl command
curl -i -X POST -H "Accept: application/json" -H "Content-Type: 
application/json"
         -d 
'{"context":{"country":"default","language":"default","view":"default","container":"default"},"gadgets":[{"url":"http://hosting.gmodules.com/ig/gadgets/file/108085167802252611023/wikipedia.xml", 
"moduleId":0}]}'
          http://shindig/gadgets/metadata

The output is:
{"gadgets":[{"errors":["Can't get ownerId from an anonymous 
token"],"moduleId":0,"url":"http:\/\/hosting.gmodules.com\/ig\/gadgets\/file\/108085167802252611023\/wikipedia.xml"}]}
If I supply a token ?st=1:1:1:1:1:1:1, it works

It seems as the problem is in BasicSecurityToken.php.

   public function isAnonymous() {
     return ($this->tokenData[$this->OWNER_KEY] === 
SecurityToken::$ANONYMOUS) && ($this->tokenData[$this->VIEWER_KEY] === 
SecurityToken::$ANONYMOUS);
   }
...
   public function getOwnerId() {
     if ($this->isAnonymous()) {
       throw new Exception("Can't get ownerId from an anonymous token");
     }
     return $this->tokenData[$this->OWNER_KEY];
   }

In java version there is different implementation.

   public boolean isAnonymous() {
     return false;
   }
...
   public String getOwnerId() {
     return tokenData.get(OWNER_KEY);
   }

Should we remove isAnonymous check from BasicSecurityToken.php?
Or it should be done on a higher level, and if the token is anonymous 
the functions of BasicSecurityToken shouldn't be called at all?

Best,
Evgeny Bogdanov