json-rpc changes

[NotZippy]

Hi

I have been away for a bit (since 3.3) and I am back looking at JSON-RPC calls, but for some reason I cannot get them to work anymore: For example the following works without issues :

wget -v -O - --no-http-keep-alive --post-data='{"id": 1, "method": "common.server.version", "params": [null, null]}  ' \

    --header="Content-Type: text/json" --no-check-certificate \

    https://demo4.2.tryton.org

{

    "id": 1,

    "result": "4.2.1"

}

But when I attempt to connect with a specific database I get a 405 (method not allowed error) 

wget -v -O - --no-http-keep-alive --post-data='{"id": 1, "method": "system.server.listMethods", "params": [null, null]} ' \

    --header="Content-Type: text/json" --no-check-certificate \

    https://demo4.2.tryton.org/demo4.2 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<title>405 Method Not Allowed</title>

<h1>Method Not Allowed</h1>

<p>The method is not allowed for the requested URL.</p>

Is there an updated document on this JSON-RPC calls (Only document I could find is https://trytond.readthedocs.io/en/latest/topics/rpc.html) ? 

thanks

Nz

[Cédric Krier]

On 2017-02-24 21:42, NotZippy wrote:
> wget -v -O - --no-http-keep-alive --post-data='{"id": 1, "method":
> "system.server.listMethods", "params": [null, null]} ' \
> --header="Content-Type: text/json" --no-check-certificate \
> https://demo4.2.tryton.org/demo4.2
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
> <title>405 Method Not Allowed</title>
> <h1>Method Not Allowed</h1>
> <p>The method is not allowed for the requested URL.</p>

The method is 'system.listMethods' see
http://hg.tryton.org/trytond/file/default/trytond/protocols/dispatcher.py#l36

--
Cédric Krier - B2CK SPRL
Email/Jabber: cedric...@b2ck.com
Tel: +32 472 54 46 59
Website: http://www.b2ck.com/

[NotZippy]

Thanks Cédric, I see that the method was changed, I also see that this commit changed to WSGI API , which changed the database endpoint from http://host/db to http://host/db/  (@app.route('/<string:database_name>/', methods=['POST'])). It also appears at the same time this was implement user authorization was added to the request header - I guess this was to prevent a MIM from hijacking a session.. If there is more documentation on changes to the JSON-RPC calls let me know. Otherwise I will pick through the changes and see if I can come up with a couple of working samples to add to this post..

Nz

[Cédric Krier]

On 2017-02-25 12:18, NotZippy wrote:
> Thanks Cédric, I see that the method was changed, I also see that this
> commit

> <https://github.com/tryton/trytond/commit/9cfc28b506ef5951ab4d0d56d90770bf7a954159>

> changed to WSGI API , which changed the database endpoint from
> http://host/db to http://host/db/ (@app.route('/<string:database_name>/',
> methods=['POST'])).

Indeed the trailing slash was working on previous version and was
considered the right way. It was working without by chance.

> It also appears at the same time this was implement user
> authorization

> <https://github.com/tryton/tryton/commit/de484f1f853da8902b2ff304859e7fc72b75227d>

> was added to the request header - I guess this was to prevent a MIM from
> hijacking a session..

No really for this reason but to have the same design as basic
authorization which allowed to merge the json and xml-rpc and have both
allowing both methods.

> If there is more documentation on changes to the
> JSON-RPC calls let me know. Otherwise I will pick through the changes and
> see if I can come up with a couple of working samples to add to this post..

No, unfortunately the RPC topics have a TODO for other methods. So patch
is welcomed.

[NotZippy]

TY, when I am done I will try and make a PR for the JSON-RPC docs 

Nz