Syspass: Current v3 API state

Created on 7 Aug 2018  路  12Comments  路  Source: nuxsmin/sysPass

Disclaimer: I don't know what are the intents of @nuxsmin for the API behavior, this is just the details I've picked upped on.

Considering https://github.com/nuxsmin/sysPass/blob/d0056d74a8a2845fb3841b02f4af5eac3e4975ed/lib/SP/Services/Api/ApiService.php#L175

And also API authorizations:
image

I am running some testing on the API using python and here's what I noticed so far:

GENERAL
Items ID increases even after deletion.

WORKING

  • account/create: Allows perfect duplicates accounts .
  • account/search
  • account/viewPass
  • account/view
  • account/delete: Response result is in Spanish.
  • category/create: Does not allow duplicates.
  • category/delete
  • client/create: Does not allow duplicates.
  • client/delete
  • tag/create: Does not allow duplicates

MISWORKING

  • client/search: Empty result (Ignores research text?)
  • category/search: Empty result (Ignores research text?)
  • tag/search: Empty result (Ignores research text?)

MISSING (API AUTHORIZATIONS <=> API SERVICE)

  • Edit category
  • Edit client
  • Edit tag
  • View client
  • View category
  • View tag
  • Export

QUESTIONS

  • What is the "backup" call in your API for? No response from the call.
  • Any idea when you are planning on adding modify password through API? (I know I am insisting about that one x) )

SUGGESTIONS

  • Only leave the API authorizations password for the needed authorizations to avoid misuse.
kinquestion triagimprovement v3

All 12 comments

@nuxsmin fixing the tag / category / client search could be nice as it would be easier for dynamic creation.

Edit: Actually, it's not possible without it.

@GGOUSSEAUD taking a slight check out to the code it should work, since every method is implemented and use the same code as on the web UI. Please let me take a deeper look to find out what could be happening.

I've checked out the API authorizations on the web UI and they're listed in the select box.

Regarding the backup feature, it performs a database and application backup as done on the web UI. It makes possible to automate sysPass backups through the API using a cron task or whatever you want.

Regards

Regarding the suggestion I agree with you, it should be implemented (not done yet because it would need some time to code that would be worth to spend in other critical tasks)

Thanks for the feedback!

Hayo @nuxsmin !

What I meant by MISSING (API AUTHORIZATIONS <=> API SERVICE) is that these actions are listed in the API auth but not in the current API service (account/view is here for example but none concerning tag/category/client).

Best of luck with your coding, let me know if you need anything.

Okay!, that's right, they aren't listed in the API help. It was noted for reviewing, since it's an ugly piece of code that does not fit in a service class...

Thanks for the feedback!

Hi! some of the above issues should be fixed in latest commit

Searches now work fine! Great job! Im getting german langage now but I guess that's fine x)

@nuxsmin
Bump, any hope of seeing edit password / Account edit around the corner for v3?

@GGOUSSEAUD sure, it'll be ready shortly.

@nuxsmin
Notes:

  • Account creation by UI does not work anymore (clicking save does nothing).
  • Help class does not return help payload upon giving empty payload params such as:
curl -H 'Content-Type: application/json' -X POST -d '{"jsonrpc": "2.0","method":"account/create", "id" : "1", "params": {}}' http://demo-beta.syspass.org:10080/api.php | json_pp

does

{
   "jsonrpc" : "2.0",
   "error" : {
      "code" : -32600,
      "message" : "Invalid format",
      "data" : null
   },
   "id" : 0
}

Works only if missing params are to be but not using empty params.

curl -H 'Content-Type: application/json' -X POST -d '{"jsonrpc": "2.0","method":"account/create", "id" : "1", "params": {"authToken": "8ea30e82647c13a5f98e3c5faab6e2b3dfe7b8d1e9cdadb651ffc391350cc5f7"}}' http://demo-beta.syspass.org:10080/api.php | json_pp > acc_create_help.json 

does

{
   "error" : {
      "code" : -32602,
      "data" : {
         "help" : [
            {
               "tokenPass" : {
                  "required" : true,
                  "description" : "Token's password"
               }
            },
            {
               "name" : {
                  "required" : true,
                  "description" : "Account name"
               }
            },
            {
               "categoryId" : {
                  "description" : "Category Id",
                  "required" : true
               }
            },
            {
               "clientId" : {
                  "description" : "Client Id",
                  "required" : true
               }
            },
            {
               "pass" : {
                  "required" : true,
                  "description" : "Password"
               }
            },
            {
               "login" : {
                  "description" : "Access user",
                  "required" : false
               }
            },
            {
               "url" : {
                  "description" : "Access URL or IP",
                  "required" : false
               }
            },
            {
               "notes" : {
                  "required" : false,
                  "description" : "Notes about the account"
               }
            },
            {
               "private" : {
                  "required" : false,
                  "description" : "Private Account"
               }
            },
            {
               "privateGroup" : {
                  "description" : "Private Account for Group",
                  "required" : false
               }
            },
            {
               "expireDate" : {
                  "required" : false,
                  "description" : "Password Expiry Date"
               }
            },
            {
               "parentId" : {
                  "description" : "Linked Account",
                  "required" : false
               }
            },
            {
               "tagsId" : {
                  "description" : "Array with tags id",
                  "required" : false
               }
            }
         ]
      },
      "message" : "Wrong parameters"
   },
   "jsonrpc" : "2.0",
   "id" : 1
}
  • Account creation works by API:
curl -H 'Content-Type: application/json' -X POST -d '{"jsonrpc": "2.0","method":"account/create", "id" : "1", "params": {"authToken": "8ea30e82647c13a5f98e3c5faab6e2b3dfe7b8d1e9cdadb651ffc391350cc5f7", "name": "broken", "categoryId": 1, "clientId": 1, "pass": "flipflop", "tokenPass": "@2kVk?ah*o94", "login": "logont", "url": "urlont"}}' http://demo-beta.syspass.org:10080/api.php | json_pp 

With tags too:

curl -H 'Content-Type: application/json' -X POST -d '{"jsonrpc": "2.0","method":"account/create", "id" : "1", "params": {"authToken": "8ea30e82647c13a5f98e3c5faab6e2b3dfe7b8d1e9cdadb651ffc391350cc5f7", "name": "brokenwtags", "categoryId": 1, "clientId": 1, "pass": "flipflop", "tokenPass": "@2kVk?ah*o94", "login": "logont", "url": "urlont", "tagsId": [1,2,3]}}' http://demo-beta.syspass.org:10080/api.php | json_pp

But no info about tags in response?

{
   "jsonrpc" : "2.0",
   "result" : {
      "count" : null,
      "result" : {
         "passDate" : 1535449771,
         "userEditId" : 2,
         "parentId" : 0,
         "name" : "brokenwtags",
         "otherUserGroupEdit" : "0",
         "notes" : "",
         "userId" : 2,
         "publicLinkHash" : null,
         "dateAdd" : "2018-08-28 09:49:31",
         "userGroupName" : "Admins",
         "clientId" : 1,
         "userEditName" : "sysPass demo",
         "login" : "logont",
         "userGroupId" : 1,
         "id" : 150,
         "isPrivateGroup" : "0",
         "userLogin" : "demo",
         "userEditLogin" : "demo",
         "key" : "",
         "countDecrypt" : 0,
         "pass" : "",
         "url" : "urlont",
         "countView" : 0,
         "categoryName" : "Web Service",
         "isPrivate" : "0",
         "categoryId" : 1,
         "dateEdit" : null,
         "clientName" : "Google Inc",
         "passDateChange" : 0,
         "otherUserEdit" : "0",
         "userName" : "sysPass demo"
      },
      "resultCode" : 0,
      "resultMessage" : "Account added",
      "itemId" : 150
   },
   "id" : 1
}
  • Any list of updated methods present anywhere? Since old ApiService help has been shut down.
    account/edit and account/editPass doesn't seem to return any help.
  • account/search and account/view does not hold any info about respective tags.

Hello @GGOUSSEAUD

Help class does not return help payload upon giving empty payload params such as:

That's is right, since API initialization does not take place until you provide a valid token. It isn't a security mechanism, but a performance optimization instead.

Regarding extra info in payload like tags, custom fields, permissions, etc. I'm currently analyzing how to implement it in a proper way, in order to make a consistent response across methods.

Any list of updated methods present anywhere? Since old ApiService help has been shut down.
account/edit and account/editPass doesn't seem to return any help.

Unfortunately, I'm the only one developing sysPass, so some low-medium priority things (doc, web, etc.) need to be delayed until high ones becomes ready (development and testing), despite of the fact some never ends, but need to be finished in a point release like v3.0.

BTW API help could be reviewed through the code on https://github.com/nuxsmin/sysPass/tree/devel-3.0/app/modules/api/Controllers/Help or issuing an API request using the auth token :wink:

Thanks for testing and feedback!

@nuxsmin
I know you're alone on this, props to you you're doing good ;)

Concerning api help for edit and editPass, I realized that I needed user permission to even make the help request.

I've sent you a pm on gitter about something if you're interested.

Best of luck.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ju29ro14 picture ju29ro14  路  5Comments

onnwe934nfajen picture onnwe934nfajen  路  6Comments

matejzero picture matejzero  路  5Comments

bhu73 picture bhu73  路  5Comments

LordSchnaps picture LordSchnaps  路  4Comments