Prestashop: Webservice - Authentification not working

Thanks for opening this issue! We will help you to keep its state consistent

Hi @ChineseNorris I tried to reproduce this issue but I cannot reproduce the bug.

1) I enable webservice
2) I enable friendly URL, this modifies the .htaccess
3) I try to reach API endpoint http://MY_KEY@localhost/api and it works

@ChineseNorris could you provide detailed steps on how to reproduce it ? maybe there's something I missed :)

@matks Strange, maybe this is from a server configuration issue? However the .htaccess is always regenerated by Prestashop from friendly URLS, the only option that works is by adding the rewrite:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I'm not really an expert in .htaccess configuration, but that line solves the issue.
I try to reach API from the link you suggested but same issue, the authentication keeps popping =(

@matks Strange, maybe this is from a server configuration issue? However the .htaccess is always regenerated by Prestashop from friendly URLS, the only option that works is by adding the rewrite:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

I'm not really an expert in .htaccess configuration, but that line solves the issue.
I try to reach API from the link you suggested but same issue, the authentication keeps popping =(

OK, I have found something weird 😅

With Firefox, if I try to reach endpoint http://MY_KEY@localhost/api it works
But with Chrome, http://MY_KEY@localhost/api does not work

However it happens both with current codebase and your suggestion. Your suggestion does not make Chrome work.

How do you reach API endpoint ? Browser HTTP request ? cURL client like Postman ? or CLI cURL ?

There is definitely something to be fixed here but it's hard to identify exactly what 😅

That's definetly odd, I'm approaching the API with firefox, I haven't even been able to begin with the API 😅
I haven't tested yet with cURL or CLI.
I agree that there is something to be fixed and it's being really hard to identify

@PierreRambaud I believe .htaccess is like an open book for you, would you please help us ?

Hi @matks and @ChineseNorris
I found many problems here:

1. The htaccess is not automatically regenerate when editing the Webservice configuration
   
2. The HTTP_AUTHORIZATION is only added in CGI mode (https://github.com/PrestaShop/PrestaShop/blob/develop/classes/Tools.php#L2602)
   But yes, it's missing.
3. This configuration is missing :sweat_smile:

FYI, it's working on firefox, because if you have only one entry http://KEY@something it asks you for using the same KEY as the username.

Hi @matks and @ChineseNorris
I found many problems here:

1. The htaccess is not automatically regenerate when editing the Webservice configuration
   
2. The HTTP_AUTHORIZATION is only added in CGI mode (https://github.com/PrestaShop/PrestaShop/blob/develop/classes/Tools.php#L2602)
   But yes, it's missing.
3. This configuration is missing 😅

FYI, it's working on firefox, because if you have only one entry http://KEY@something it asks you for using the same KEY as the username.

So looks like we have to do 3 PRs:

• one to make sure .htaccess is re-generated when we modify 1 setting related to webservice configuration
• one to rename this "Enable CGI Mode" setting to something better
• one to fix this configuration, following @ChineseNorris suggestion

Am I right ?

Yep, that seems to fix the issue. However if you activate or deactivate CGI mode for PHP, you have to regenerate the .htaccess manually by changing some parameter in SEO & Urls.

@sarahdib What info do you need?