Adding new users with API 2.0 gives 400 error

Kenn · August 13, 2021, 1:50pm

I am using Python3 Requests to talk to the 2.0 API in RT v5.0 to add assets. Mostly no problems but I seem to have come unstuck at adding new users. I thought I could POST a JSON structure:

postdata={
    "Name":"user.name@email.adr",
    "EmailAddress":"user.name@email.adr",
    "RealName":"User Name"
}

and then

requests.post("https://myRTsite/REST/2.0/user?token=<tokenText...>",json=postdata

<tokenText…> is my auth token from the system
and requests makes a good guess at the correct header - all the other posts work.

but all I get is a 400 status response and {“message”:“Could not create user”}

I just need the absolute basic user - like that created by the system for people submitting tickets.

Unfortunately the docs don’t give an example of creating a user in this way and I have searched all the usual places. The account with the token is able to create users via the console so I can’t see that it is a rights issue. All I can assume is that I am missing a crucial bit of information.

I’d be grateful if anyone could point me in the right direction.

Thanks

knation · August 13, 2021, 4:11pm

Do the Apache logs say why the user couldn’t be created?

Kenn · August 16, 2021, 1:29pm

Yes they do - thanks for the tip. The issue seems to be that including the token in the path also then includes it as a field in the MySQL insert - returning the error in the apache log:

Unknown column ‘token’ in ‘field list’

Which leads me to believe that I need to authenticate in a different way so that there is nothing untoward in the path. I have tried the header method - both in Python and trying the curl example given in the documentation. Neither works as I get 401 Unauthorized (having also tried resetting the token to make sure). Since the curl example fails as well I suspect the issue is to do with the system configuration somewhere - https redirects in Apache maybe.

Because the only way I can get authentication to work is by including the token in the path, the solution that seems to work - but it’s a hack - is to add to:

/opt/rt5/lib/RT/User.pm

delete $args{'token'};
just after:
delete $args{'Disabled'};

This removes “token” from the list and allows the table insert to work as desired. Users can still be created with the console create - tests okay. The other place there could be an issue is the auto-creation of users when they submit tickets. I am not using a production system (no inbound email) so, until I get to the production stage, I won’t know if this is going to be an issue (I hope not).

Anyway, thanks for the tip. It pointed me in the right direction and allowed me to find a fix.

Kenn

knation · August 16, 2021, 8:20pm

On mobile, but if you check the web deployment docs page there is a note about token auth. You need to add something to your Apache config

Kenn · August 17, 2021, 2:18pm

That is it - thanks. I added:

  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

to the apache site config (sites-enabled/…) Restarted apache and now I can authorise using headers. The REST 2.0 docs probably need a bit of an update to mention this.

However, I should have read the manual more thoroughly.

Thanks again for your help.

Kenn