Forum Discussion

sguillemot's avatar
sguillemot
Contributor
11 years ago

Recreate Contact ME Buttons

Hi Community !   Context:   I tried to recreate with the Freemakers and the REST API, the buttons we can find in the users.widget.contact-me component. I need some of these buttons to use them in...
YuriK's avatar
YuriK
Khoros Expert
11 years ago

Hey Stéphane,

 

The token (ticket) is there to prevent Cross-Site Request Forgery (Wikipedia: Cross-site request forgery). We don't currently have a way to generate or retrieve the ticket. The Session ID represents a Rest API session specifying the authenticated user.

 

I think you have a few options to move forward with depending on your use case:

 

  1. Use skinning to achieve what you want: You may be able to use our default component but adjust it using CSS and possibly some light javascript
  2. Use the AJAX approach with Rest API as you mentioned below: We have a configuration that allows you to use our cookie-based authentication for API calls (Rest API Authentication). This way you won't have to deal with the Session ID. Note: You would want to make sure to test this thoroughly and get this implementation reviewed by security so that you are not creating any CSRF vulnerabilities.
  3. Create a custom component that references the users.widgets.contact-me component (Take a look at the referencing a component section of Working with components). You can then hide other portions of the contact-me component contained in your component using css.

 

Hope this helps,

 

Yuri

  • sguillemot's avatar
    sguillemot
    Contributor
    11 years ago

    Hi YuriK ,

     

    Thank you for your answer.

     

    Indeed, I already thought about these solutions. And for the security reasons, I'm not comfortable with the cookie too... :smileysurprised:

     

    I managed to recreate the ticket via JS. I saw that an hidden input always contains this ticket value:

    <input type="hidden" name="ticket" value="xxxxxxxxx">

     

    So, with jQuery :

     

    theTicket = jQuery('input[name=ticket]').attr('value');
    theLink = jQuery('.addtoFriendBut');
    theLink.attr('href',theLink.attr('href')+theTicket);

     

    With the HTML / Freemarker part :

    <a class="addtoFriendBut" href="/t5/user/v2/viewprofilepage.addfriend/user-id/${page.context.user.id}?t:ac=user-id/${page.context.user.id}&t:cp=notes/contributions/contactactions&ticket=">ADD ME !!!</a>

     

    Not optimum because of the JS... but maybe it can help... :)

     

     

    Best regards,

     

    Stéphane

    • YuriK's avatar
      YuriK
      Khoros Expert
      11 years ago

      Hey Stéphane,

       

      Thank you for sharing, glad you found something that worked for you.

       

      Thank you,

       

      Yuri