|
smallfryart
|
August 2, 2016 at 7:41 am
I have been struggling with your mobile apps for weeks now and have been mostly unsuccessful. At one point I had it working but then I tried the application password authentication method and it didn’t work. At this point when I try to log in with the Application Password I created, I get a ton of popups on the iOS version of your app. They read:
“Error Occurred: The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.”
and
“Error Occurred: Could not get API version!”.
I am very frustrated by this whole process. Can you help? What can i provide you? I know I am not giving you enough information to go on but at this point I’m not sure what to do. Thanks!
|
|
smallfryart
|
August 2, 2016 at 7:48 am
Some details:
Wordpress Version: 4.5.3
Event Espresso Version: 4.9.4.p
Event Espresso iOS app version: 2.0.1
iOS version: 9.3.3 (13G34)
Event Espresso works through web, get errors above when trying the mobile app.
|
|
Josh
|
August 2, 2016 at 9:19 am
Hi there,
You can check your site’s wp-json discovery endpoint, which is {yoursiteURL}/wp-json, and see that it’s returning a blank screen. Normally that should display a list of API endpoints. Have you installed any security plugins or have any changes been made to the web server since the time where this was working?
|
|
smallfryart
|
August 2, 2016 at 9:39 am
So yes, that does display an empty screen.
When things were working, there was a notification at the top of my wordress dashboard saying that the basic authentication method was going to be disabled in the future (i’m paraphrasing) so I enabled application passwords and deleted that plugin. That’s when everything went to s**t.
I now have the following “security” related plugins installed:
Clef: this has always been installed even when things were working
Application Passwords: installed because you guys said it was the preferred auth method
JSON Basic Authentication: installed because I found something about it on your forums
Members: installed because of something i saw on your forums but I have not made any changes to any users
|
|
Josh
|
August 2, 2016 at 9:41 am
I’m seeing this error when I try to load the wp-json endpoint from your site in a browser:
<br />
<b>Fatal error</b>: Allowed memory size of 67108864 bytes exhausted (tried to allocate 209144 bytes) in <b>/home/yoursite/public_html/wp-includes/functions.php</b> on line <b>345</b><br />
You can increase the amount of memory available for WordPress by following this guide:
http://codex.wordpress.org/Editing_wp-config.php#Increasing_memory_allocated_to_PHP
You can use an [FTP client][1] and [a text editor][2] to edit the site’s wp-config.php file:
[1]: http://codex.wordpress.org/FTP_Clients
[2]: http://codex.wordpress.org/Editing_Files#Acceptable_External_Editors
|
|
smallfryart
|
August 2, 2016 at 10:12 am
Interesting, going to http://mysite/wp-json didn’t show that but going to https://mysite/wp-json did. That fixed that problem.
Now however I am having a different problem. I am now getting the following error when I log in:
Error: Sorry, you are not allowed to list events. Missing permissions: ee_read_events, ee_read_others_events, ee_read_private_events
But i just checked the my user’s roles and I see that I do have all of those permissions. Thoughts? I’d be happy to give you credentials for my site if that would help you figure it out.
Let me know and thanks for the quick responses!
|
|
smallfryart
|
August 2, 2016 at 10:17 am
FYI, I did try disabling my Clef plugin and I got the same error.
|
|
Josh
|
August 2, 2016 at 10:50 am
The error message is sufficient for figuring this out. What happens is the app tries to authenticate using the http Authentication header. If that header is disabled on your server, which appears to be the case here, you’ll see those errors.
Here are a few options:
a) Contact your host and ask them if they can enable the authentication header for your site.
b) If you’re comfortable with editing the site’s .htaccess file, you can make this edit:
You open up your .htaccess file in a code editor and change one line in the rewrite rules. The change is made to the line that has:
RewriteRule ^index\.php$ - [L]
it gets changed to this:
RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
Then you disable the Application Passwords plugin and the bundled Basic Auth plugin will be used to authenticate the app.
|
|
smallfryart
|
August 2, 2016 at 1:23 pm
OK I thought I remember seeing that Basic Auth plugin is going to be unsupported in future versions… is that true?
|
|
smallfryart
|
August 2, 2016 at 1:34 pm
OK this godaddy support person is an idiot. I want to understand the problem myself so I can dumb it down for them. I’m a developer (not a web developer but I’m very familiar with the HTTP protocol so please don’t dumb it down for me). Which header are you referring to:
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Are you talking about WWW-Authenticate? And are you saying that fastCGI servers filter that header out before the PHP application gets the request?
|
|
smallfryart
|
August 2, 2016 at 1:35 pm
Sorry, i know your job is not to configure my server but I really appreciate your help!
|
|
smallfryart
|
August 2, 2016 at 1:45 pm
I found this:
if you are using apache with mod fcgid you have to add
<IfModule fcgid_module>
FcgidPassHeader Authorization
</IfModule>
to make it work
Here:
http://php.net/manual/en/features.http-auth.php
Is that what I need to be able to do?
|
|
Josh
|
August 2, 2016 at 2:08 pm
OK I thought I remember seeing that Basic Auth plugin is going to be unsupported in future versions… is that true?
It’s true, however support isn’t going to be dropped until there’s a viable replacement that’s ready to use, like oAuth.
Are you talking about WWW-Authenticate?
Yes.
And are you saying that fastCGI servers filter that header out before the PHP application gets the request?
You don’t need to quote me on this, here’s what you’ll find from other sources:
http://stackoverflow.com/questions/7053306/http-auth-via-php-php-auth-user-not-set
http://stackoverflow.com/questions/3663520/php-auth-user-not-set
https://hetzner.co.za/help-centre/website/how-do-i-use-php_auth_user-and-php_auth_pw-on-a-fastcgi-enabled-server/
http://www.hackingwithphp.com/15/4/3/authentication-over-http
https://developer.salesforce.com/forums?id=906F0000000942zIAA
https://github.com/WP-API/Basic-Auth/issues/1
|
|
smallfryart
|
August 2, 2016 at 2:21 pm
so godaddy said that they are not blocking that header… SO, i did the .htaccess file change you suggested but DID NOT turn off application passwords and everything is working.
|
|
Josh
|
August 2, 2016 at 8:25 pm
I’m sorry that your site is hosted on Godaddy.
|
