elidrissidev/magento-api2basicauth
Composer 安装命令:
composer require elidrissidev/magento-api2basicauth
包简介
HTTP Basic authentication support for Magento 1.9 and OpenMage's Api2.
README 文档
README
This is a Magento 1.9/OpenMage extension that will add support for HTTP Basic Authentication in Api2 by introducing a new concept of "REST Users", which unlike the built-in OAuth adapter, doesn't require any human interaction and can be used to authenticate scripts and backends.
Installation
Manual
-
Download the latest release and unpack it.
-
Copy the
appfolder to the root of your magento store (choose the option to merge it with the existing content if prompted). -
Go to
System / Cache Managementand click "Flush Magento Cache" button on the top. -
To verify if the installation was successfull, look for a new option in
System / Web Servicesmenu calledREST - Users. If you can't see it, make sure your admin user has permissions.
Composer
For OpenMage users, you can install this package easily by using composer:
$ composer require elidrissidev/magento-api2basicauth
Now you're ready to start using it!
Usage
Please do read the note below first.
If the installation is done properly, you should see a new option in System / Web Services menu called REST - Users, that's where you'll be able to create and manage the users that will be able to connect to the REST Api through Basic authentication.
Creating a user is not enough though, you'll have to give it access to some resources. This can be done the same way as usual by creating a REST Admin Role (System / Web Services / REST - Roles), then assigning it the user you created.
Similarly, you'll have to also decide which resource attributes your REST users will have access to by going to System / Web Services / REST - Attributes, selecting REST User from the grid and selecting them from there.
Now you're ready to issue your first request! But first, you'll have to generate your authentication token, that is done by joining your username and password (Api key) with a colon (:) and encoding them in base64 (replace <username> and <password> with your own):
$ php -r "echo base64_encode('<username>:<password>') . PHP_EOL;"
You can now issue requests using your token (replace <token> with your own):
$ curl http://yourdomain.tld/api/rest/orders -H 'Accept: application/json' -H 'Authorization: Basic <token>'
If you get Access denied error, check that the role assigned to your user has access to the resource you're trying to access, and that your user is active. Additionally, you can check the logs.
Note: you may have noticed that this extension adds some new files to app/code/local. Those files are required to be able to use Basic authentication with the built-in REST endpoints in Magento, and because of the way it works, you need to add them in the same namespace as the module concerned (i.e. adding them inside the extension won't work). You can choose to not add them if you don't care about that.
A note about Basic authentication
Basic authentication is generally discouraged nowadays because it involves transfering user credentials over the network in base64 encoding, which can easily be decoded and viewed in plaintext. It is highly recommended that you use it only with an encrypted connection, and never issue requests from the client side as to not expose user credentials.
Conflicting extensions
- Magestore_Webpos: This extension rewrites the Api2 Acl system and ends up allowing access to all resources and attributes for every REST User, regardless of the assigned role. Also overrides some of the built-in routes like
/api/rest/orders, but this can be fixed by some small changes in the module'sapi2.xml.
Contributing
Please feel free to open an Issue if you find any bug, or have something to suggest. Translations to other languages are very welcome :).
License
This project is licensed under the MIT License.
elidrissidev/magento-api2basicauth 适用场景与选型建议
elidrissidev/magento-api2basicauth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 21 次下载、GitHub Stars 达 5, 最近一次更新时间为 2022 年 05 月 28 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「magento」 「magento-module」 「openmage-module」 「openmage」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 elidrissidev/magento-api2basicauth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 elidrissidev/magento-api2basicauth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 elidrissidev/magento-api2basicauth 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Magento 2 module for AI Engine Optimization (AEO). Generates spec-compliant llms.txt and llms-full.txt per llmstxt.org standard, plus streaming JSONL for vector indexing. Multi-store, multi-website, CLI, cron, async admin UI, Page Builder-aware sanitization, customer-group pricing, atomic writes, ET
Magento 2 Social Login extension is designed for quick login to your Magento 2 store without procesing complex register steps
Magento - Clean up session extension
Magento 2 extension that enables administrators to load Bootstrap 4 or Bootstrap 5 on the storefront without modifying theme files or creating child themes.
Translations for OpenMage from Magento 1/2 and old languages packs.
Magento - Force store code extension
统计信息
- 总下载量: 21
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 5
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2022-05-28