dashed-slug.net › Forums › General discussion › Internal Transfer Confirmation Error
Tagged: internal transfer, nonce, validation, WP REST API
- This topic has 13 replies, 2 voices, and was last updated 1 year, 4 months ago by alexg.
-
AuthorPosts
-
July 26, 2023 at 12:17 am #12985zhakParticipant
Just as i intend to send fund to another user on my platform, i receive this confimation mail, asking me to confirm the trasaction by clicking the beloW link, which i did.
https://mysitename.com/wp-json/dswallets/v1/transactions/validate/dSm7T2SuGKsWQAQm
but after clicking the link, i only saw a piece of code on the page, this:
{“code”:”bb_rest_authorization_required”,”message”:”Only authenticated users can access the REST API.”,”data”:{“status”:401}}
—–
the confirmation didn’t work,and the fund i intend to send, didnt go through cos i’m not able to confirm the link. pls help
July 26, 2023 at 6:06 am #12986alexgKeymasterHello,
Thank you for reporting this error.
It looks like this error is related to BuddyBoss, since it has also been reported in the past for a completely different plugin (Event Tickets and Registration):
https://wordpress.org/support/topic/error-when-connecting-to-stripe-or-paypal/
The validation link is normally handled by a WP-REST API endpoint in the wallets plugin. It does not require you to be logged in or authenticated. The only requirement is that you are the bearer of the correct nonce.
For some reason, BuddyBoss doesn’t like other plugins using the WP-REST API.
This function removes all REST API endpoints, except for their own endpoings:
This is hooked to rest_request_before_callbacks. See here:
https://github.com/buddyboss/buddyboss-platform/blob/2.3.90/src/bp-core/bp-core-actions.php#L486
So basically the BuddyBoss plugin doesn’t seem to allow other plugins to use the WordPress REST API. Not very nice of them. Please tell them.
with regards
July 26, 2023 at 11:10 am #12988zhakParticipanti should tell them and request them to remove it or how?
the thing is that ive been using the buddyboss and your plugin since 2021 and this things works fine before.. i dont know whay it suddenly happens now?
and just incase i get no solutions that coould helpn from the buddy boss team, is there actually away to bypass confirmation for users and instead let the coin go through without confimation.. and is there is any other way arround it ? please i need this stuff working this is the only issue in my way
July 27, 2023 at 7:38 am #12990zhakParticipanthere is what what told to me by thier team( in the screenshot)
Please i really need this two to work together pls.if there is fixes that might be done, because as buddy boss is getting popular, i know more and more people will face this issue as well
July 27, 2023 at 8:03 am #12991zhakParticipanthere is what what told to me by thier team( in the screenshot)
Please i really need this two to work together pls.if there is fixes that might be done, because as buddy boss is getting popular, i know more and more people will face this issue as well
July 27, 2023 at 10:37 am #12992alexgKeymasterHello,
I could not see your screenshot because it’s too big for upload. Can you downscale it, or maybe copy the text?
In any case, I already explained the situation to you: As far as I can tell, BuddyPoss seems to disallow all calls to the WP REST API except for a few ones that they need. Hence the problem with other plugins as well. It really seems like it’s something that they should fix, unless if I’m somehow mistaken, which is possible.
What you should do is tell them what I told you. They should be able to either fix the issue, or at least explain to you why it’s not their fault. You can open an issue at their github.
I don’t see how you can go around this as long as their plugin is enabled.
July 27, 2023 at 11:22 pm #12993zhakParticipanthere is their reply from the screenshot that failed to upload, and i quote
“Greetings from BuddyBoss Support. I am Tanvir from the BuddyBoss Technical team, here to assist on the issue that you are facing.
Please note that the plugins we have tested or provided a special integration with are listed here: https://www.buddyboss.com/integrations/
As there is no integration with Bitcoin and Altcoin Wallets, there is no guarantee from us that it will continue to work properly with BuddyBoss.
You can also contact their developer for additional support.
I hope this helps. If additional questions come up, feel free to reach us back. We’re ready to assist 24/7.
All the best,
Tanvir | BuddyBoss Support
“July 28, 2023 at 11:59 am #13032alexgKeymasterHello,
I got a chance to install BuddyBoss and try this out.
The problem you encountered occurs when the following setting is turned on:
BuddyBoss -> Settings -> Privacy -> Private REST APIs
If you turn this off, then validation links will work again.
The response you got appears to me as if it’s canned. I am not sure if they checked their code. Did you explain to them everything I posted here, including the fact that the REST API of other plugins (Event Tickets and Registration) is affected? The plugin is actively disrupting access of other plugins to the WP REST API. If it’s a security feature then maybe it works as intended, but it seems a little strange to me.
In any case, you can turn off this setting and use both plugins together.
Hope this helps.
with regards
July 28, 2023 at 12:04 pm #13033alexgKeymasterI also tried to enter an exclusion in the “Public REST APIs” box:
wp-json/wp/dswallets/v1/transactions/validate/<id>
But it didn’t work. Perhaps you can ask them how to exclude a public GET endpoint such as:
https://www.example.com/wp-json/dswallets/v1/transactions/validate/tKTENjpMfzZCtjaJ
Then you wouldn’t have to turn the “Private REST APIs” setting off.
July 28, 2023 at 4:54 pm #13034zhakParticipanti appreciate your help. i did that and the error was gone, the confirmation page is not working fine
but just after that was doing well, then error messages keep showing in the receiver email (from the 2 users i tried to transfer fund inbetween) check the screenshot.. and even the shortcode that shown one of the balance is now showing error)
Attachments:
You must be logged in to view attached files.July 28, 2023 at 9:15 pm #13038zhakParticipantI mean the confirmation page is working fine. But this error is shown above
July 31, 2023 at 5:25 am #13039alexgKeymasterHello,
It looks like these are two unrelated errors:
1. The first error is due to faulty HTML somewhere. Without looking at the page’s HTML, it’s impossible to say what. Did you edit the templates by any chance? If you want me to check the HTML, email me with a link to the page (and also let me know if you edited any php files).
2. This is due to a transfer to, or from, a user who does not have the
has_wallets
capability. You should assign thehas_wallets
capability to the user role or roles that correspond with your users. See:Settings -> Bitcoin & Altcoin Wallets -> Capabilities – > General Capabilities
For a discussion about capabilities, please read the documentation. You can find the documentation in the plugin, or at:
– https://github.com/dashed-slug/wallets/blob/6.1.8/docs/settings.md#capabilities-caps
– https://github.com/dashed-slug/wallets/blob/6.1.8/docs/frontend.md#uis-overviewHope this helps. Let me know if you have any more questions about any of this.
P.S. In the future, can you please try to open a new thread for each new issue you encounter? These guidelines are for the benefit of others reading this forum. Thank you.
July 31, 2023 at 2:41 pm #13040zhakParticipantThat worked. Thanks. It was the user capability all along, I knew this but I forgot because I Just added the new user role.. but it worked perfectly now. Thanks
I have one last question… I modified the plugins, I added CSS to make it look and feel better…. it was nice but I have a problem.. and the problem is that anytime I update the plugin I loose all the CSS.. I had to revisit and reedit the plugin…
Could you suggest a solution pls
August 1, 2023 at 5:59 am #13041alexgKeymasterHello,
It sounds like you edited the plugin’s CSS files directly. It’s not a good practice to do that, for the reason you just described.
There are two ways to add CSS rules and have them stay there. Which one you choose is up to you:
1. Create a child theme for your theme. If you google “child theme”, there are multiple guides on how to do this. It’s super easy. Once you have a child theme, you can add all sorts of things on it that are specific to your site, including CSS rules and any random PHP functions that are only useful on your site.
2. Use the Customizer. Go to Appearance -> Customize -> Additional CSS. Add your CSS rules there and hit “Publish”.
When you add rules, make sure to observe rule specificity. You want your own rules to override the rules of the plugin, so your rules need to be more specific. Again, there’s multiple guides on the web on the topic. The one I usually recommend is this one: https://css-tricks.com/specifics-on-css-specificity/
Hope this helps. Again, please open a new thread if you have other questions.
with regards
-
AuthorPosts
- You must be logged in to reply to this topic.