The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

API Authentication with Sencha Ext JS or Sencha Touch

Discussion in 'cPanel Developers' started by ashworth102680, Feb 7, 2012.

  1. ashworth102680

    ashworth102680 Active Member

    Joined:
    May 3, 2007
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    I'm sure it's probably simple that I'm overlooking (usually is), but I'm banging my head against the wall with this simple authentication issue. While I don't expect many here to be expert in Ext JS, I think it's more about how I'm constructing my AJAX calls than anything else.

    Code:
    Ext.define('MyApp.store.base.MyJsonStore', {
        extend: 'Ext.data.Store',
    
        config: {
            storeId: 'MyJsonStore',
            proxy: {
                type: 'ajax',
                url: 'http://mywebsite.com:2086/json-api/listaccts',
                method: 'GET',
                username: 'cpanelusergoeshere',
                password: 'h2liku3h4lkquyweilkruyahwukey',
                reader: {
                    type: 'json'
                }
            }
        }
    });
    The error message I keep seeing from the console I'm using is:

    I've removed any real information in the above code sample, but it gets the general idea across with what I'm trying to do. More or less, build a better cPanel/WHM manager than other mobile options that are currently available to me while mobile and out in the field.

    If I can get this working, I'll be able to do some slick stuff with this library for mobile devices. I'll admit REST calls aren't my favorite thing, and I'm not the best out there...but I'm willing to learn.

    Also, unless I've misunderstood something, the hash is only required if using root, and even then I've seen other iPhone apps that don't require the hash (curious about that). I don't expect people to be typing the full hash into an iPhone or Android application to be honest.
     
  2. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
  3. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    yeah...not knowing the details of the Ext framework, more specifically their "proxy" base class implementation, I'd have to agree with Dan's answer...that URL security tokens, issues after basic authentication, is altering the needed target URL. However, if the username and password credential were to be embedded in the HTTP Headers, then tokens wouldn't be an issue since such a request will auth and perform the function "listaccts" and return the data, all in one request. It really comes down to how Ext is forming the HTTP request.

    Regards,
    -DavidN

    PS. I highly recommend that you use port 2087 if possible; it is the SSL port for WHM. Otherwise your entire HTTP request (headers included) will be transmitted in plain text, exposing the credentials to anyone sniffing packets.
     
  4. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
    Also, use POST instead of GET: Otherwise your query string (which would include the credential parameters) will be easily seen.
     
  5. ashworth102680

    ashworth102680 Active Member

    Joined:
    May 3, 2007
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    Extremely helpful guys. Thank you! I'll test with this today and see if I can't get this working a little better.

    I did originally try SSL on 2087, however, the application I'm building wasn't liking that. I wanted to at least get it working first, then tackle the SSL issues. It may have something to do with the fact the cPanel server I'm connecting to doesn't have a valid cert for the hostname, so the application is perceiving the "no valid cert" popup, but I'm not 100% on that.

    The servers the app will be connecting to don't necessarily need to have valid certs installed on the server hostname, do they? If so, that may be a deal breaker. Then again...the couple of other apps in the iOS app store don't currently have an issue and I've connected to one of my machines just fine, so maybe I'm imagining things.
     
  6. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
    Not necessarily, how that is handled is 100% up to the browser/ajax code. At times you still get the “untrusted cert” dialog w/ AJAX calls the same as you would if you went to the URL its fetching directly in your browser.

    That is true of a request to any URL and not limited to cPanel API URLs.

    HTH!
     
  7. charsleysa

    charsleysa Active Member

    Joined:
    Jul 18, 2011
    Messages:
    41
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Palmerston North, New Zealand
    cPanel Access Level:
    Root Administrator
    When calling the JSON API you do not require a cPanel Session Token.
    Also if you can, try to catch the outgoing HTTP packet using something like Wire Shark.
    Inspect the packet and make sure that it is formed correctly.

    Here is an extract from the API class for PHP

    if ( $this->auth_type == 'hash' ) {
    $authstr = 'Authorization: WHM ' . $this->user . ':' . $this->auth . "\r\n";
    } elseif ($this->auth_type == 'pass' ) {
    $authstr = 'Authorization: Basic ' . base64_encode($this->user .':'. $this->auth) . "\r\n";
    } else {
    throw new Exception('invalid auth_type set');
    }

    As you can see, when you are using the raw password, it must conform to Basic Authentication standards, but when you use the hash key, you must conform to WHM standards which is cPanels own custom standard for accessing its API.
     
  8. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    I don't see anywhere in the proxy docs that username and password are methods or configuration parameters for ajax proxy. There appears to be a headers config object which should be set to the value of mime base64 encoded
    Code:
    'user:password'
    .

    Sencha Docs - Ext JS 4.0
     
Loading...

Share This Page