CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Discussion »
  • Extensions (Moderators: mathieu, totten, kasiawaka) »
  • civix callback in WP / Joomla!
Pages: [1]

Author Topic: civix callback in WP / Joomla!  (Read 2553 times)

JoeMurray

  • Administrator
  • Ask me questions
  • *****
  • Posts: 578
  • Karma: 24
    • JMA Consulting
  • CiviCRM version: 4.4 and 4.5 (as of Nov 2014)
  • CMS version: Drupal, WordPress, Joomla
  • MySQL version: MySQL 5.5, 5.6, MariaDB 10.0 (as of Nov 2014)
civix callback in WP / Joomla!
March 25, 2013, 10:55:26 am
We developed an extension that does a callback from an external service to a url we define.

For WordPress and Joomla! Pradeep says the callback url isn't working since in loadbootstrap function the user is not being loaded before our page's code is called. We need the callback to login a user so that the user's privileges will enable the callback to write some stuff to the database. Is there a general method for constructing a url so that it will authenticate then load the user then call the page script?
Co-author of Using CiviCRM https://www.packtpub.com/using-civicrm/book

totten

  • Administrator
  • Ask me questions
  • *****
  • Posts: 695
  • Karma: 64
Re: civix callback in WP / Joomla!
March 25, 2013, 12:03:59 pm
I don't think there is. The closest things that come to mind:
 - The REST variant of the API can accept user credentials.
 - CRM_Utils_System_*::getLoginURL($destination)

However, just to make sure I understand the situation correctly:

 - You're integrating with an external service by defining a callback on a CiviCRM site.
 - The external service specifies a particular request/response format (e.g. it POSTs an XML document and expects a certain XML document in response)
 - The external service knows nothing about Civi user accounts, Drupal login pages, Joomla login pages, etc.
 - The functionality of the callback is sensitive -- it shouldn't be open to the public.

Assuming this is correct, then a few general designs that come to mind:

 1. You could design your own mechanism which doesn't rely on the CMS user ID. For example, generate a random code and store it in the settings system. When a page-request comes in, see if the random code was submitted and abort unwanted requests. From the CMS's perspective, it should be safe to allow anonymous users to access the page (because they won't know the random code).
 2. One could develop a mechanism that works with the current page-request pipeline (e.g. update CRM_Core_Invoke to check for HTTP Basic Auth headers or to check for "?authCmsUser=XYZ&authCmsPass=XYZ"; update the Menu XML to make this an optional feature enabled for only certain URLs).
 3. One could develop a mechanism based on a new page-request pipeline (e.g. $civicrm/extern/callback.php) which performs the on-demand login and then uses a hook or XML file to pass control to your extension's code.

If any of these are worth pursuing, then we can pick one and drill-down. (FWIW, I lean towards #1 or #3.)

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: civix callback in WP / Joomla!
March 25, 2013, 12:23:20 pm

I think in general we should move away from the extern and bin scripts (except for cli.php?). I think doing this as a url bootstraps the cms, permission check etc all of which make the performance tradeoff worth it (IMO)

with something like a payment processor, the PP sends back a fair bit of info that we cross reference in the DB tables and ensure that there is a match before taking any action

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

totten

  • Administrator
  • Ask me questions
  • *****
  • Posts: 695
  • Karma: 64
Re: civix callback in WP / Joomla!
March 25, 2013, 01:51:32 pm
I generally agree with lobo's point and hope that CMS authentication ultimately isn't needed for Joe's use-case. (If nothing else, the documentation & setup will be simpler if it doesn't have to deal with authentication.) However, Joe's post gave me a more nuanced perspective on this:

Quote from: Donald Lobo on March 25, 2013, 12:23:20 pm
...in general we should move away from the extern and bin scripts (except for cli.php?)...

The way we've done "extern" and "bin" in the past is problematic (e.g. it's not adaptable to extensions, and it produces a lot of duplicated-but-inconsistent code). However, if we ultimately find a need for Joe's "authenticated web callbacks" use-case, then I think it's another exception. It would be important to craft the exception well. We obviously don't want to drop another one-off PHP script under "extern" or "bin".

As a demonstration of what I meant in #3, consider something like this:

Code: [Select]
// FILE: civicrm/extern/callback.php
// USAGE: http://.../civicrm/extern/callback.php?user=X&pass=Y&key=Z&q=civicrm/my/page
require_once '../civicrm.config.php';
require_once 'CRM/Core/Config.php';
$config = CRM_Core_Config::singleton();

CRM_Utils_System::authenticateScript(TRUE);
echo CRM_Core_Invoke::invoke(explode('/', $_REQUEST['q']));

Like bin/cli.php and extern/rest.php, it's a relatively generic front-controller that works for any extension or component and builds on top of an existing request router. Like our normal web pages, it doesn't follow API conventions (and can instead follow the specifications needed for the web-callback). Unlike our normal web pages, it provides a consistent wire-protocol for authentication that can be used with "authenticated web callbacks" on any CMS.

(Note: The example is simplified for discussion purposes and shouldn't be used as-is -- a credible implementation would take more work and confront more issues/details.)

JoeMurray

  • Administrator
  • Ask me questions
  • *****
  • Posts: 578
  • Karma: 24
    • JMA Consulting
  • CiviCRM version: 4.4 and 4.5 (as of Nov 2014)
  • CMS version: Drupal, WordPress, Joomla
  • MySQL version: MySQL 5.5, 5.6, MariaDB 10.0 (as of Nov 2014)
Re: civix callback in WP / Joomla!
April 02, 2013, 11:58:43 am
After discussing in depth with Tim on irc just now I want to agree with the approach in Tim's second comment. I'm contributing $500 now to help offset cost of implementing.
Co-author of Using CiviCRM https://www.packtpub.com/using-civicrm/book

JoeMurray

  • Administrator
  • Ask me questions
  • *****
  • Posts: 578
  • Karma: 24
    • JMA Consulting
  • CiviCRM version: 4.4 and 4.5 (as of Nov 2014)
  • CMS version: Drupal, WordPress, Joomla
  • MySQL version: MySQL 5.5, 5.6, MariaDB 10.0 (as of Nov 2014)
Re: civix callback in WP / Joomla!
April 02, 2013, 02:24:34 pm
To add a page to an extension in civix right now one executes:
$ civix generate:page Greeter civicrm/greeter
Could we substitue something for page, maybe callback, to implement the above in civix?
Co-author of Using CiviCRM https://www.packtpub.com/using-civicrm/book

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: civix callback in WP / Joomla!
April 02, 2013, 05:51:32 pm

Joe:

1. can you give us a few more details for this external service. This service expects you to type in a name and password as part of the callback url?

2.Note that payment processors callback do modify DB tables, sends out email etc. There is enough cross ref checking / secret key handshake etc to verify the authenticity of the caller invoking the script (without a login

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

totten

  • Administrator
  • Ask me questions
  • *****
  • Posts: 695
  • Karma: 64
Re: civix callback in WP / Joomla!
April 02, 2013, 06:00:11 pm
Joe gave me this link on IRC:

https://github.com/JMAConsulting/biz.jmaconsulting.mte/blob/master/CRM/Mte/Page/callback.php

JoeMurray

  • Administrator
  • Ask me questions
  • *****
  • Posts: 578
  • Karma: 24
    • JMA Consulting
  • CiviCRM version: 4.4 and 4.5 (as of Nov 2014)
  • CMS version: Drupal, WordPress, Joomla
  • MySQL version: MySQL 5.5, 5.6, MariaDB 10.0 (as of Nov 2014)
Re: civix callback in WP / Joomla!
April 04, 2013, 09:12:16 am
Should we create a JIRA issue for this?
Co-author of Using CiviCRM https://www.packtpub.com/using-civicrm/book

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: civix callback in WP / Joomla!
April 04, 2013, 09:24:16 am

based on my quick read of the mandrill api, this is similar to a paypal ipn request and can be kept as a public open url

For security reasons, they recommend using a secret key between the client and the server, which the extension can and should manage. This should work across all CMS'es

I'd vote to keep things simple and not complicate stuff.

lobo


A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Discussion »
  • Extensions (Moderators: mathieu, totten, kasiawaka) »
  • civix callback in WP / Joomla!

This forum was archived on 2017-11-26.