Hello,
I tried to execute POST request to shindig/gadgets/metadata. It does
work for java version, but it doesn't work for php.
Here is a curl command
curl -i -X POST -H "Accept: application/json" -H "Content-Type:
application/json"
-d
'{"context":{"country":"default","language":"default","view":"default","container":"default"},"gadgets":[{"url":"http://hosting.gmodules.com/ig/gadgets/file/108085167802252611023/wikipedia.xml";,
"moduleId":0}]}'
http://shindig/gadgets/metadata
The output is:
{"gadgets":[{"errors":["Can't get ownerId from an anonymous
token"],"moduleId":0,"url":"http:\/\/hosting.gmodules.com\/ig\/gadgets\/file\/108085167802252611023\/wikipedia.xml"}]}
If I supply a token ?st=1:1:1:1:1:1:1, it works
It seems as the problem is in BasicSecurityToken.php.
public function isAnonymous() {
return ($this->tokenData[$this->OWNER_KEY] ===
SecurityToken::$ANONYMOUS) && ($this->tokenData[$this->VIEWER_KEY] ===
SecurityToken::$ANONYMOUS);
}
...
public function getOwnerId() {
if ($this->isAnonymous()) {
throw new Exception("Can't get ownerId from an anonymous token");
}
return $this->tokenData[$this->OWNER_KEY];
}
In java version there is different implementation.
public boolean isAnonymous() {
return false;
}
...
public String getOwnerId() {
return tokenData.get(OWNER_KEY);
}
Should we remove isAnonymous check from BasicSecurityToken.php?
Or it should be done on a higher level, and if the token is anonymous
the functions of BasicSecurityToken shouldn't be called at all?
Best,
Evgeny Bogdanov
