|
tnt-graphics
|
August 27, 2021 at 8:42 am
If i want to scan an attandee, the following error message appears:
Sorry, you are not allowed to list events. Missing permissions:
ee_read_events,ee_read_others_events,ee_read_private_events
The operation couldn’t be completed.
It’s important to fix this. We have an event in a month.
Thank you for your help.
|
|
Hazel Apuhin
|
August 27, 2021 at 10:07 pm
Hi,
I hope you are well.
Sorry to hear that you have issues using the Event Espresso app scanner.
If you get this error
Sorry, you are not allowed to list events. Missing permissions:
ee_read_events,ee_read_others_events,ee_read_private_events
that means you need to modify the .htaccess to allow authorization for the app to work properly.
Please refer to this helpful documentation on how to troubleshoot when you get this error.
Did this help?
|
|
tnt-graphics
|
September 2, 2021 at 8:32 am
Hello,
Thank you for your help. Butunfortunately it still does not work.
We have not used the mentioned plugin and b) have made the htaccess extension as requested.
What can we do now?
Thanks and best regards.
|
|
Tony
|
September 2, 2021 at 9:20 am
Hi there,
Does this only happen when scanning an attendee?
If you log into the app, you can view the events, correct?
If you tap on one of the events, can you view the attendees for that event?
|
|
tnt-graphics
|
September 3, 2021 at 6:53 am
Hello,
Unfortunately, the message comes right when I log in. When I want to click on an event, the message comes. And also when I want to scan a participant.
|
|
Tony
|
September 3, 2021 at 10:36 am
It does sound like your host is blocking the authorization header as your getting it on every request (the reason I asked the above was to see if you only got the error on POST requests).
Install the WP REST API Log plugin on the site.
Go to Settings -> REST API Log, make sure its enabled.
Use the app and log in.
In the WP Dashboard again, go to Tools -> REST API Log
You should see the requests sent to the server.
Click on one, can you see an ‘authorization’ header in the ‘Request headers’ section?
Note – do not post the value here on the forums.
|
|
tnt-graphics
|
September 7, 2021 at 6:38 am
Where can i post the Authorization” headers? do you have an e-mailadress?
Thanks
|
|
Tony
|
September 7, 2021 at 8:39 am
I don’t need the header/value but do the requests set to Event Espresso endpoints show an authorization header?
If you can send temp login details over using this form:
https://eventespresso.com/send-login-details/
I can take a look at the request and see if anything stands out there.
|
|
Tony
|
September 9, 2021 at 8:26 am
Thank you for the login details.
I captured the request and it does look like your host is blocking the Authorization header. The only request that includes is is the site_info request sent by the app to gather info on your site (including if the auth header functions).
I also tested the registration endpoint using PostMan and again it looks like its an authenticated request.
Can you post the full contents of your current .htaccess file, please?
|
|
tnt-graphics
|
September 15, 2021 at 6:38 am
This reply has been marked as private.
|
|
Tony
|
September 15, 2021 at 11:04 am
Yeah, that set-up usually works.
I think you’ll need to contact your host and have them investigate this, I suspect they are blocking the authorization header here but I’m not sure why on some requests and not others.
|
|
tnt-graphics
|
September 16, 2021 at 2:02 am
alright, will do.
please tell me which exact auth headers are getting blocked so I can make a detailed ticket. thank you
|
|
Tony
|
September 16, 2021 at 9:41 am
Hi there,
I had a nother look over your site to be sure and I noticed something else.
You have a Plugin Organizer plugin installed and have Event Espresso disabled globally, which means it wont be running on the REST requests sent by the apps.
Can you stop disabling Event Espresso across the site and see if it works then?
|
|
tnt-graphics
|
September 17, 2021 at 1:34 am
I have enabled EE globally now.
Login in the app still returns “Missing permissions” error.
please give me some details so I can open the ticket with the hoster.
thank you
|
|
Tony
|
September 17, 2021 at 2:10 am
You simply ask them if they are blocking the ‘authorization’ header on their server.
You can test this outside of the app by sending a request using basic auth to:
{domain}/wp-json/ee/v4.8.36/registrations/
Use something like PostMan to send a request using Basic Auth to that endpoint. If you get something like this returned:
{"code":"rest_registrations_cannot_list","message":"Sorry, you are not allowed to list registrations. Missing permissions: ee_read_registrations,ee_read_others_registrations","data":{"status":403}}
The request isn’t authenticating.
|
|
tnt-graphics
|
September 22, 2021 at 5:40 am
So the hoster has confirmed that they are not blocking any ‘authorization’ header.
What we were able to see when testing with PostMan is that no matter if you provide BasicAuth or not (or even wrong auth credentials) – you get the same error.
So the hoster asks if you could enable some sort of debug mode or provide more accurate feedback on your responses.
Because a request with no Auth header returning 403 is misleading.
Please provide with more detailed ways of testing as we cannot make any progress if all error messages are the same.
Thank you
|
|
Tony
|
September 27, 2021 at 7:00 am
What we were able to see when testing with PostMan is that no matter if you provide BasicAuth or not (or even wrong auth credentials) – you get the same error.
That’s expected, we currently return 403 for any request that requires authentication but can not be authenticated.
If you/they are referring to using 401 vs 403 when the user is found but can’t be authenticated then we opt not to do so for a few reasons, but its considered better practice not to return a ‘user found but password doesn’t match’ error and just stick with what is essentially ‘username or password is incorrect’.
So the hoster asks if you could enable some sort of debug mode or provide more accurate feedback on your responses.
May I ask how I can be more accurate here?
The request is looking for the ‘authentication’ header and the value of which it uses to pull in the user and the exact method used can be found HERE and we already check multiple locations to try and find that data.
The error you are getting means the request cant be authenticated but I can’t tell you why.
If you’d like I can add some debugging code to the above function to see what is actually making it through to the server (we don’t have a debugging mode that will do that for you) but for that, I’ll need FTP/SFTP credentials which can send using the same form as earlier:
https://eventespresso.com/send-login-details/
|
