9

I received this error after I upgraded sugar7.8, Which calling my filedownload.

{"error":"need_login","error_message":"No valid authentication for user."}

After some Investigation found tht sugar upgraded the API calls for OAuth. Following is my CODE:

 api.fileDownload(api.buildURL("Quotes/" + model.get("id") + "/pdf/download?OAuth-Token=" + api.getOAuthToken()), {
        success: function() {
            app.alert.show("pdf_download_api_success", {
                level: "success",
                messages: SUGAR.language.get('Quotes', 'LBL_QUOTE_PDF_GENERATED'),
                autoClose: true
            });
        },});

I checked the detials in the Following url: But I could not able to add headder to the HTTPS request can some one help?

https://developer.sugarcrm.com/2016/11/15/security-changes-coming-in-sugar-7-8/

DonOfDen
  • 3,426
  • 9
  • 50
  • 98

2 Answers2

5

After so much research, I came up with a solution for this issue.

Note: There is no supporting document for api.fileDownload( to use OAuth-token.

So i tried using XMLHttpRequest and it worked fine.

SOLUTION

    var request = new XMLHttpRequest();
    request.open('GET', api.buildURL("YOURMODULE/" + model.get("id") + "/pdf/download"), true);
    request.setRequestHeader('OAuth-Token', api.getOAuthToken()); // UR TOKEN
    request.responseType = "blob";
    request.onload = function (e) {
        if (this.status === 200) {
            // `blob` response
            // create `objectURL` of `this.response` : `.pdf` as `Blob`
            var file = window.URL.createObjectURL(this.response);
            var a = document.createElement("a");
            a.href = file;
            /*request.onreadystatechange = function() {
              if(this.readyState == this.HEADERS_RECEIVED) {
                console.log(request.getResponseHeader("Content-Type"));
              }
            }*/

            a.download =  request.getResponseHeader("FileName");
            document.body.appendChild(a);
            a.click();
            document.body.removeChild(a);
        };
    };
    request.send();

Check this thread may be in future there may be updates: https://community.sugarcrm.com/message/90474-re-sugarcrm-filedownload-error-after-upgrade?commentID=90474#comment-90474

DonOfDen
  • 3,426
  • 9
  • 50
  • 98
0

I've never used (or heard of) SugarCRM but it seems you need to move your authing token from the url to the HTTP-header. Exactly how to set a header in the built in function call to api.fileDownload() is hard to say (and cant find a single document online describing the function). But the idea is to remove the token from the url and then most likely send the header as some sort of parameter:

api.fileDownload(api.buildURL("Quotes/" + model.get("id") + "/pdf/download"), {
http-header: "OAuth-Token = " +api.getOAuthToken(),
    success: function() {
        app.alert.show("pdf_download_api_success", {
            level: "success",
            messages: SUGAR.language.get('Quotes', 'LBL_QUOTE_PDF_GENERATED'),
            autoClose: true
        });
    },});

Another way would be to simply change the settings as described in the URL you posted:

"If you want to enable this feature again, then you can use a new SugarConfig setting called allow_oauth_via_get. When the config setting is true, this will permit the oauth_token URL parameter to be used to pass access tokens."

EDIT: So I believe I found the .js file at https://github.com/askhogan/sugarcrm/blob/master/index.js

At the bottom om the function fileDownload():

// ping to make sure we have our token, then make an iframe and download away return this.call('read', this.buildURL('ping'), {}, internalCallbacks, {processData: false});

Have you tried removing the token part completely and just hope that the library will handle the authenticating with the help of cookies?

Apart from that, the function doesnt seem to have an option to set any header-fields (only option it seems to read is the iframe option which doesnt seem to help you).

taracus
  • 381
  • 5
  • 17
  • I am looking for the `http-header` only i tried all u have mentioned. – DonOfDen Feb 06 '17 at 14:39
  • u have mentioned the same what i mentioned in my question. :( @taracus – DonOfDen Feb 06 '17 at 14:40
  • Well, Im not sure where the api.fileDownload() call is coming from? How did you know the function is called fileDownload() and not downloadFile() for example? My guess is that the documentation of how to set the HTTP-header for the call can be found at the same place. For the record I gave it 10 minutes of googling and couldnt find any searchable documentation for SugarCRM so maybe their docs is behind a paywall or something? – taracus Feb 06 '17 at 15:19
  • No there is no such document i been searching for 2 days :( even pay wall too :( – DonOfDen Feb 06 '17 at 15:28
  • u can find this function in sidecar.min.js and in suparapi.js – DonOfDen Feb 06 '17 at 15:29
  • 1
    Out of curiosity (assuming you have a typeO and meant suGarapi.js) where do you find this .js file? Google gives me nothing... – taracus Feb 06 '17 at 15:33
  • Did you check my edit, the specific call "fileDownload()" does a ping-call "to make sure we have our token" so without knowing what token theyre talking about it could very well be that the call wont even be made unless you have a valid token setup. – taracus Feb 06 '17 at 17:45
  • thats the problem, After sugar updates the latest version, it seems, we cant use it :( need a way to find how to make PDF download. – DonOfDen Feb 06 '17 at 19:52
  • I am going to try using ajax download by sending header in ajax it worked will updated my code in7hours.. – DonOfDen Feb 06 '17 at 19:53
  • Also when we call the `filedownload` an initial call happens for `ping` during the call the `oauth-token` was sent for ping... but after that my url was called and it brings me the error. :( confusing. – DonOfDen Feb 06 '17 at 19:55