[nodebb-plugin-write-api] Trouble when trying to add new user using the Write-API Plugin and CURL

Tanguy Bodin-Hullin

When I use the same command using unsecured HTTP, it's working, and the new user is added to NodeBB. But in HTTPS it doesn't. So, could it be a problem with your SSL certificate ?

julian

Ah yes, that'd be it By default our hosted instances don't have SSL configuration options set. Would you like SSL termination enabled for your account? It is included in your monthly hosting costs.

Tanguy Bodin-Hullin

Yes !! Thank you very much (I'm thinking that it would be useful that the API-Write plugin sends a message "SSL is not activated" in that case, because we spend some time trying to understand that problem).

julian

Keep in mind if you use your own domain, you are responsible for the cost of the SSL cert. If you want to continue using our domain (.nodebb.com), then we can set it up for you.

Tanguy Bodin-Hullin

Yes, it's ok, and thank you for these information, and we would like SSL to be set up on the xxxxx.nodebb.com domain.

Kowlin

@julian A good reminder, Lets Encrypt comes out in ~3 weeks.

julian

@Kowlin said:

@julian A good reminder, Lets Encrypt comes out in ~3 weeks.

Too bad our wildcard cert expires before then

Edit: Actually, I just checked again, it expires a month from now, but afaik Let's Encrypt won't issue Wildcards just yet, so I renewed anyway. Those bloodsuckers have gotten me for another year!

Tanguy Bodin-Hullin

Now, when I'm just sending the following url from Chrome : https://xxxxxxx.nodebb.com/api/v1/users
I get the message
{"code":"upgrade-required","message":"HTTPS is required for requests to the write api, please re-send your request via HTTPS","params":{}}

I receive the same message with the precedent CURL command (given in the first post)

julian

Can you try disabling the option to require https in the write api? As you're using https, it seems like that detection isn't quite working as it should...

Tanguy Bodin-Hullin

Thank you.
I did disable the option in the API-write module, and now it's working in a shell terminal when I send the above CURL command.
But when I try to use CURL in HTTPS within my PHP program,
I get this message (401) : A valid login session was not found. Please log in and try again.
I don't understand why I get this message, because :

1. I'm sending the Master token in the Header by calling the PHP function curl_setopt with the option CURLOPT_HTTPHEADER
2. I try to send the credentials (login/password) by calling the PHP function curl_setopt with the option CURLOPT_USERPWD and login/password.