Re: API question.
Hi Swen, Unfortunately it still seems to be the same. Now these are the steps I take to make the call: I call the create url function with the following: $command['command'] = "listUsers"; $command['showicon'] = 'true'; $result = $this->call_api($this->createlink(http_build_query($command))); Creating url, happens within createlink function: $link = $this->baseurl . $this->apikey . "&" . $command . "&" .$this->response . "&" . $this->signature($command); Creating signature (function signature) $hash = hash_hmac("sha1",strtolower($this->apikey . "&" . $command . "&" . $this->response),$this->secretkey, true); $base64encoded = base64_encode($hash); return "signature=" . urlencode($base64encoded); The call_api is just a curl command so nothing interesting there. When I dump the output before it creates the signature, to see what the input is for the signature: apikey==listusers=true=json The URL looks the same, except that it is not lowercased. They are all are in alphabetical order (thanks associative arrays :) ) So it all looks fine, but still the response is: unable to verify user credentials and/or request signature if I only use "command", there is no issue. And just to make sure, it seems to happen with more additional parameters: username=localuser showicon=true accounttype=admin (any type btw) however, listall=true works? tried to combine it with the above 3, but then it doesn't work again. I would expect them to be implemented and I am making a mistake somewhere in the code.. but then again why does listall work but the other 3 not So I am wondering what I am doing wrong.. Regards, JeanPaul ________ From: JeanPaul van der Mijle Sent: Friday, March 31, 2023 8:47 AM To: users@cloudstack.apache.org Subject: Re: API question. Hi Swen! Going to put my responses in line Hi JeanPaul, I am sure you know this link, but I will posted it in case you did not use it: http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html Yes I am aware of this documetation . I am not really sure what you mean by "passwords needs to be hashed in md5", as far as I know you need to use HMAC SHA-1 to create the signature. Can you please provide more information regarding the plain text password situation? Sure, the HMAC SHA-1 is only for signature, but you can also verify and get API keys using username and password. This is the call: https://cloudstack.apache.org/api/apidocs-4.17/apis/login.html What I actually do with the portal is check if username and password is valid, then get API keys using an admin user, and use the API keys for the rest of the calls, if incorrect of course, it will either say invalid user/pass or no API rights if there is no API key. Works perfect, except as in the documention it states: https://cloudstack.apache.org/api/apidocs-4.17/apis/login.html passwordHashed password (Default is MD5). If you wish to use any other hashing algorithm, you would need to write a custom authentication adapter See Docs section. However after trying for an hour figuring out why this didn't work, I noticed that with only worked with plaintext Regarding your issue with icons: I am only able to test on version 4.18.0.0 at the moment, so I am unsure how it was in 4.17.2.0, but I am able to get icon via api. You need to set showicon=true and if the user has an icon you get it as base64image. Please be aware that if the user does not have an icon, then there is no icon tag in the response. Here is the api call I used before encrypting it: command=listUsers=true=json I am going to upgade today, as the user I tested with had an icon, nothing worked, not true, not 1 and not yes. I expected it to work with true being the logical one but didn't work. Thanks so far, going to upgrade it today and see if it works better. With regards, JeanPau ____ From: m...@swen.io Sent: Monday, March 27, 2023 11:06 AM To: users@cloudstack.apache.org Subject: AW: API question. Hi JeanPaul, I am sure you know this link, but I will posted it in case you did not use it: http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html I am not really sure what you mean by "passwords needs to be hashed in md5", as far as I know you need to use HMAC SHA-1 to create the signature. Can you please provide more information regarding the plain text password situation? Regarding your issue with icons: I am only able to test on version 4.18.0.0 at the moment, so I am unsure how it was in 4.17.2.0, but I am able to get icon via api. You need to set showicon=true and if the user has an icon you get it as base64image. Please be aware that if the user does not have an icon, then there is no icon tag in the response. Here is the api call I used before encrypting it: comman
Re: API question.
Hi Swen! Going to put my responses in line Hi JeanPaul, I am sure you know this link, but I will posted it in case you did not use it: http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html Yes I am aware of this documetation . I am not really sure what you mean by "passwords needs to be hashed in md5", as far as I know you need to use HMAC SHA-1 to create the signature. Can you please provide more information regarding the plain text password situation? Sure, the HMAC SHA-1 is only for signature, but you can also verify and get API keys using username and password. This is the call: https://cloudstack.apache.org/api/apidocs-4.17/apis/login.html What I actually do with the portal is check if username and password is valid, then get API keys using an admin user, and use the API keys for the rest of the calls, if incorrect of course, it will either say invalid user/pass or no API rights if there is no API key. Works perfect, except as in the documention it states: https://cloudstack.apache.org/api/apidocs-4.17/apis/login.html passwordHashed password (Default is MD5). If you wish to use any other hashing algorithm, you would need to write a custom authentication adapter See Docs section. However after trying for an hour figuring out why this didn't work, I noticed that with only worked with plaintext Regarding your issue with icons: I am only able to test on version 4.18.0.0 at the moment, so I am unsure how it was in 4.17.2.0, but I am able to get icon via api. You need to set showicon=true and if the user has an icon you get it as base64image. Please be aware that if the user does not have an icon, then there is no icon tag in the response. Here is the api call I used before encrypting it: command=listUsers=true=json I am going to upgade today, as the user I tested with had an icon, nothing worked, not true, not 1 and not yes. I expected it to work with true being the logical one but didn't work. Thanks so far, going to upgrade it today and see if it works better. With regards, JeanPau From: m...@swen.io Sent: Monday, March 27, 2023 11:06 AM To: users@cloudstack.apache.org Subject: AW: API question. Hi JeanPaul, I am sure you know this link, but I will posted it in case you did not use it: http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html I am not really sure what you mean by "passwords needs to be hashed in md5", as far as I know you need to use HMAC SHA-1 to create the signature. Can you please provide more information regarding the plain text password situation? Regarding your issue with icons: I am only able to test on version 4.18.0.0 at the moment, so I am unsure how it was in 4.17.2.0, but I am able to get icon via api. You need to set showicon=true and if the user has an icon you get it as base64image. Please be aware that if the user does not have an icon, then there is no icon tag in the response. Here is the api call I used before encrypting it: command=listUsers=true=json Hope that helps! regards, Swen -Ursprüngliche Nachricht- Von: JeanPaul van der Mijle Gesendet: Freitag, 24. März 2023 16:10 An: users@cloudstack.apache.org Betreff: API question. Hi All, Been playing with the API for a bit for an easy access/streamlined front end. I have found out several things that seems not right in the documents. Following the documents at https://cloudstack.apache.org/api/apidocs-4.17/, since we have 4.17.2.0 installed at the moment, I found that the documents isn't always right. For instance: Authentication, Login. It mentions passwords needs to be hashed in md5. I was debugging over an hour why it didn't work, to find out this was not true and it just accepts plain text passwords. Even if MD5 is weak, it is not the biggest issue right now. Documents refer for other options of hashing should be made myself. Which is on the task list anyway as MD5 is only good for testing. But it is not even there. Now for the thing that bugs me the most right now, which doesn't stop the rest of the development but is quite annoying: Users, listUsers. * Users, getUser. Accounts, listAccounts. * All have the same issue, in the response I should get icon response too. At least 1 out of the 3. It's not there. For the other 2 (marked with *) they both have in their request a non required flag: showicon. I tried: showicon showicon=true showicon=1 showicon=yes So far, all errors out and I get the message that either credentials are at fault or that the signature is incorrect. However, removing this flag, the command works. So I doubt it is faulty creds. I did the flag as well within the signature, as outside the signature, so far no juice. I am aware about the pickyness of the API, so within PHP I just build up an array and run http_build_query to keep the alphabetic order on the request. Hope someone can give me insight! Thanks, have a nice weekend. With regards, JeanPaul
AW: API question.
Hi JeanPaul, I am sure you know this link, but I will posted it in case you did not use it: http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html I am not really sure what you mean by "passwords needs to be hashed in md5", as far as I know you need to use HMAC SHA-1 to create the signature. Can you please provide more information regarding the plain text password situation? Regarding your issue with icons: I am only able to test on version 4.18.0.0 at the moment, so I am unsure how it was in 4.17.2.0, but I am able to get icon via api. You need to set showicon=true and if the user has an icon you get it as base64image. Please be aware that if the user does not have an icon, then there is no icon tag in the response. Here is the api call I used before encrypting it: command=listUsers=true=json Hope that helps! regards, Swen -Ursprüngliche Nachricht- Von: JeanPaul van der Mijle Gesendet: Freitag, 24. März 2023 16:10 An: users@cloudstack.apache.org Betreff: API question. Hi All, Been playing with the API for a bit for an easy access/streamlined front end. I have found out several things that seems not right in the documents. Following the documents at https://cloudstack.apache.org/api/apidocs-4.17/, since we have 4.17.2.0 installed at the moment, I found that the documents isn't always right. For instance: Authentication, Login. It mentions passwords needs to be hashed in md5. I was debugging over an hour why it didn't work, to find out this was not true and it just accepts plain text passwords. Even if MD5 is weak, it is not the biggest issue right now. Documents refer for other options of hashing should be made myself. Which is on the task list anyway as MD5 is only good for testing. But it is not even there. Now for the thing that bugs me the most right now, which doesn't stop the rest of the development but is quite annoying: Users, listUsers. * Users, getUser. Accounts, listAccounts. * All have the same issue, in the response I should get icon response too. At least 1 out of the 3. It's not there. For the other 2 (marked with *) they both have in their request a non required flag: showicon. I tried: showicon showicon=true showicon=1 showicon=yes So far, all errors out and I get the message that either credentials are at fault or that the signature is incorrect. However, removing this flag, the command works. So I doubt it is faulty creds. I did the flag as well within the signature, as outside the signature, so far no juice. I am aware about the pickyness of the API, so within PHP I just build up an array and run http_build_query to keep the alphabetic order on the request. Hope someone can give me insight! Thanks, have a nice weekend. With regards, JeanPaul
API question.
Hi All, Been playing with the API for a bit for an easy access/streamlined front end. I have found out several things that seems not right in the documents. Following the documents at https://cloudstack.apache.org/api/apidocs-4.17/, since we have 4.17.2.0 installed at the moment, I found that the documents isn't always right. For instance: Authentication, Login. It mentions passwords needs to be hashed in md5. I was debugging over an hour why it didn't work, to find out this was not true and it just accepts plain text passwords. Even if MD5 is weak, it is not the biggest issue right now. Documents refer for other options of hashing should be made myself. Which is on the task list anyway as MD5 is only good for testing. But it is not even there. Now for the thing that bugs me the most right now, which doesn't stop the rest of the development but is quite annoying: Users, listUsers. * Users, getUser. Accounts, listAccounts. * All have the same issue, in the response I should get icon response too. At least 1 out of the 3. It's not there. For the other 2 (marked with *) they both have in their request a non required flag: showicon. I tried: showicon showicon=true showicon=1 showicon=yes So far, all errors out and I get the message that either credentials are at fault or that the signature is incorrect. However, removing this flag, the command works. So I doubt it is faulty creds. I did the flag as well within the signature, as outside the signature, so far no juice. I am aware about the pickyness of the API, so within PHP I just build up an array and run http_build_query to keep the alphabetic order on the request. Hope someone can give me insight! Thanks, have a nice weekend. With regards, JeanPaul