WebApi of remote start, remote stop and connector status

[fnkbsi]

Adding a Webapi for RemoteStart, RemoteStop and Connector Status. The RestApi behaves similarly to the website. RemoteStart and RemoteStop respond with the task ID that can be used to check the result of TransactionStart/TransactionStop.

[juherr]

@goekay Please review, this PR is improving the product.

[dakai-wei-of-shizen]

LGTM

@goekay
I merged this in my forked repo and it worked fine.

@juherr Thx!!!!!!!

[JocelynMeyron-eaton]

@goekay @fnkbsi Thanks for the huge work! I just had one question: any plan on merging this PR?

[navaneethred]

Hey, can anybody please tell me how to use the APIs. I have got steve with your modifications running, but I cannot for the love of god get any API responses.

[fnkbsi]

Hey, can anybody please tell me how to use the APIs. I have got steve with your modifications running, but I cannot for the love of god get any API responses.

set the api-key in the config file
recompile and restart steve
add the api-key "STEVE-API-KEY" (with the value of the config) to the header of our request

[navaneethred]

Did all that still gives the same error.

[fnkbsi]

Did all that still gives the same error.

steve changed to basic auth for the api.
add a api_password to the web_user in the database and try again with basic authentication.
There is no website for setting the api_password, so you have to set it otherwise.

I haven't test it with the basic auth! There may be more problems.

[navaneethred]

Yeah that worked. Thank you so much.

[LydiaBenaida]

Hello,
i'm workking with API, we did notice the change from key value to basic auth,
my question is : what is the role of pasword api ? the key value is stored as password api
BUT for me when in debug mode it compares the password api i m using with the normal password ,
i dont know exactly how the key value (password api) can be used

thank you

` @OverRide
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = (String) authentication.getPrincipal();
String apiPassword = (String) authentication.getCredentials();

    if (Strings.isNullOrEmpty(username) || Strings.isNullOrEmpty(apiPassword)) {
        throw new BadCredentialsException("Required parameters missing");
    }

    UserDetails userDetails = webUserService.loadUserByUsernameForApi(username);
    if (!areValuesSet(userDetails)) {
        throw new DisabledException("The user does not exist, exists but is disabled or has API access disabled.");
    }

    **boolean match = passwordEncoder.matches(apiPassword, userDetails.getPassword());**
    if (!match) {
        throw new BadCredentialsException("Invalid password");
    }

    return UsernamePasswordAuthenticationToken.authenticated(
            authentication.getPrincipal(),
            authentication.getCredentials(),
            userDetails.getAuthorities()
    );
}`

[fnkbsi]

` @OverRide public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = (String) authentication.getPrincipal(); String apiPassword = (String) authentication.getCredentials();

    if (Strings.isNullOrEmpty(username) || Strings.isNullOrEmpty(apiPassword)) {
        throw new BadCredentialsException("Required parameters missing");
    }

    UserDetails userDetails = webUserService.loadUserByUsernameForApi(username);
    if (!areValuesSet(userDetails)) {
        throw new DisabledException("The user does not exist, exists but is disabled or has API access disabled.");
    }

    **boolean match = passwordEncoder.matches(apiPassword, userDetails.getPassword());**
    if (!match) {
        throw new BadCredentialsException("Invalid password");
    }

    return UsernamePasswordAuthenticationToken.authenticated(
            authentication.getPrincipal(),
            authentication.getCredentials(),
            userDetails.getAuthorities()
    );
}`

In the discussion of "switch to basic auth for API access #1545" is the role and background for the change already addressed.

In the appended code it only seems that the api-password is checked against the password. webUserService.loadUserByUsernameForApi reads the api-password from the database and stores it as 'password' in userDetails (just (re)using the existing class)

If you working with a existing database, please check if Steve had ported the api-key into the web-user api-password.