Extension - expose unauthenticated endpoint

S

stan911

New Member
Is there a way to register a route for an extension, which doesn't require authentication? Eg:

Yii::app()->urlManager->addRules(array(
array('ext_webhook_index', 'pattern' => 'extensions/webhook/'),
));
and then the resulting url, backend/index.php/webhook/index to not require authentication.

I'm interesting on receiving some data from a web hook, from a third-party application.
 
@stan911 - Yes there is, just register your route in the unprotected controllers list before, like:
PHP: 
// set the controller unprotected
$unprotected = (array)Yii::app()->params->itemAt('unprotectedControllers');
array_push($unprotected, 'ext_webhook_index');
Yii::app()->params->add('unprotectedControllers', $unprotected);

// your route registration.
Yii::app()->urlManager->addRules(array(
    array('ext_webhook_index', 'pattern' => 'extensions/webhook/'),
));
 
@twisted1919 I have to get back to this. It works fine for GET requests. For POST requests it's trowing me an http 400 with the message "Error 400! The CSRF token could not be verified.". I've tried to find a way to disable CSRF validation at action level within the extension, but I cannot find a way to apply inside the extension.
Any suggestions on how to disable CSRF validation at controller OR controller's action level?
 
Yup, do:
PHP: 
// remove the csrf token validation
$request = Yii::app()->request;
if ($request->isPostRequest && $request->enableCsrfValidation) {
    $url = Yii::app()->urlManager->parseUrl($request);
    $routes = array('ext_webhook_index');
    foreach ($routes as $route) {
        if (strpos($url, $route) === 0) {
            Yii::app()->detachEventHandler('onBeginRequest', array($request, 'validateCsrfToken'));
            Yii::app()->attachEventHandler('onBeginRequest', array($this, 'validateCsrfToken'));
            break;
        }   
    }
}
 
You must log in or register to reply here.
Back
Top