on 07-20-2020 10:39 AM
Hi ,
Any lead on how to use service.tx(request).run(request.query) for a post call to S/4 odata.
More details
When I use service.tx(request).run(request.query) for a post call, Iam getting CSRF token invalid error in S/4 and thus 403 error in CF.
Iam able to get CSRF token with S/4 URL directly in Tcode /iwfnd/maint_service with header as [X-CSRF-TOKEN : Fetch ].
Iam not able to get CSRF token if i use post using service.tx(request).run(request.query) of SAP CAP Service. [HTTP header is not having the [X-CSRF-TOKEN : Fetch] ]
Exact question
Regards,
Karthi
I’m afraid that you are going to code the logic for that on your own. According to the documentation below:
https://cap.cloud.sap/docs/guides/consuming-services#sending-requests
the fluent API can cater to do create (POST) request, however, from my experience, it didn’t work when it starts to use the service via connectivity proxy. So what I did, is I have coded the solution my self using the axios node module — it is the same node module that cap for node.js use.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks Jhodel .Iam exploring this https://blogs.sap.com/2019/11/13/consuming-destinations-in-cloud-foundry-using-axios-in-a-nodejs-app...
Hi Jhodel,
Thanks a lot 😉 🙂 :-). I see you raised an issue for this. 🙂 .
This could be dumb question, I see you corrected the .js file of sap-cf-destconn. Assume I do not want to wait for an official fix and want to move on with the local version. How should I handle it in CAP world? Because MTA will not consider my local library and package.json will always install from the library. Is there any way I can copy the library and make as it a local one ,do some config in mta.yaml to consider my local library in deployment and refer the same in service.js .
Hi Karthiheyan,
You're welcome! About the SAP Cloud SDK, I played around it once and encountered some issues. I'm still new on this tool and haven't really taken a deep look at this. Perhaps when I have some free time, I will look into this again.
Right now I'm comfortable with my current workaround solution, but I need to work on this a little bit more to make it more elegant, what I mean by that is that the workaround solution is working when deployed to SCP, but it is not easy to test locally. Once I have made this solution more compatible with CAP, I plan to write a blog about this.
In order for you to make a local copy of the NPM delivered modules, you can create a lib folder inside your cap "srv" folder. In my case, I'm not using the module sap-cf-axios. I'm using axios + sap-cf-destconn. I copied connectivity.js in my srv > lib folder. And called it in one of my cap custom .js handlers using this syntax:
const { readConnectivity } = require("./lib/connectivity");
Note that when you specify to load a module in this way, you are loading from the local module. But if you are omitting the ./ or ../ then you are loading from a node_module folder -- like the example below:
const axios = require("axios").default;
Just bear in mind, that if the JS file you copied does call another file within that module you have to copy that JS file as well. In my case, connectivity.js is calling for tokenCache.js and that's why I copied it as well. I disabled the returning of the cache but I didn't remove all the logic that is linked to tokenCache.js. I also cannot wait for a permanent fix for the module so I opted to handle it myself in my own cap project and it is already deployed in SCP.
Thanks a lot Jhodel.Sincere thanks for sharing your knowledge.
I was pumped up to finish fixing the code. By this point, it will be easy for you to consume my solution because I already published it in npmjs.com -- see below git repo, and refer to the readme documentation how to install and use it.
https://github.com/jcailan/cdse
Happy to help Karthiheyan!
Thanks a lot Jhodel. I want one more greedy request :-). I think this is not considering the Location id parameter in Destination . When Destination has Location id , this is not able to identify the SCC and resulting in 503 error. I tried configuring a new connection without Location id and it is working for all subsequent calls.
Make this wish true when you have time.Thanks a lot Jhodel.
Hi,
Noting for the benefit of future readers on this post that the above issue is now, at least in my case, easy to solve by setting cds.env.features.fetch_csrf = true
as noted here.
Regards
//Carl
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I had the same problem when accessing the Cloud 4 Customer OData API through an imported external service. Additionally, the C4C API doens't implement HEAD.
I solved it by modifying http-client.js of @sap-cloud-sdk . I added the following intercepter at the end of the file (L195 in version 1.28.1). Note that this is targeting C4C and might need some small changes to make it generic.
function createRequestInterceptor() {
const interceptor = axios_1.default.interceptors.request.use(async (config) => {
if (config.url.startsWith('/cust/')) {
// for customer OData resources, reqrite the baseURL to point to the customer namespace
config.baseURL = config.baseURL.replace(/\/v1\/c4codataapi/, '')
}
if (['head', 'get'].includes(config.method)) {
config.headers['x-csrf-token'] = 'fetch'
}
// intercept post/patch/delete and send a head request
// to the same resource to fetch the CSRF token
// the intercepter needs to be ejected before sending the head
// request to avoid endless recursion
if (['post','delete','patch'].includes(config.method)) {
let tokenConfig = __assign({}, config)
// better would be head, but our target system (C4C) doesn't implement HEAD
tokenConfig.method = 'get'
delete tokenConfig.data
delete tokenConfig.headers['content-type']
delete tokenConfig.headers['content-length']
tokenConfig.headers.common['x-csrf-token'] = 'fetch'
tokenConfig.validateStatus = (status) => {
return status >= 200 && status < 300 || status == 400;
}
try {
axios_1.default.interceptors.request.eject(interceptor)
let tokenResponse = await axios_1.default.request(tokenConfig)
config.headers.common['x-csrf-token'] = tokenResponse.headers['x-csrf-token']
const cookies = tokenResponse.headers['set-cookie']
if (cookies) {
config.headers.Cookie = cookies.join('; ')
}
} catch (e){
if (e.isAxiosError) {
console.log(e.response.status, e.response.statusText)
} else {
console.log(e)
}
} finally {
createRequestInterceptor()
}
}
return config
})
}
createRequestInterceptor()
Someone smarter than me can probably come up with a cleaner way to add the interceptor to the http client without having to modify the @sap-cloud-sdk library. Additionally this will request a new CSRF token before every patch/post/delete instead of caching the token.
It's an extremely simple "fix" though and for my purposes it's good enough
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Gregor, I had tried cdse but it didn't work for me and I would have to rewrite it as well to fit C4C. And honestly I find the axios interceptor a bit more elegant than rewriting the destination handling as it's completely agnostic to how axios is configured.
Anyway this works well for my use case and I meant to share this approach as an alternative.
Hi karthiheyan.murugesan1, jhodel18,
Please see the SAP Cloud SDK for such functionality.
Best,
Sebastian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Sebastian, As Iam a beginner , i need more info.
Assume i want to execute a simple GET
1) I generated odata client from edmx.
2) I have my service definition in service.cds. and its corresponding implementation in service.js.
Will my service.js look like this ? Can you help with a demo GITHUB repos
import { header } from './odata_gen/z-operation-service'; //this line 1 is giving error
srv.on('READ', 'header', request => { return header.requestBuilder().getAll().execute("dest"); })
Hi Sebastian, Ki karthiheyan.murugesan1,
karthiheyan.murugesan1: I would suggest you check out Consuming Services.
vansyckel: can we expect that CAP will hide this complexity from us?
Best regards
Gregor
Hi Gregor ,
There is an open issue in Consuming Services, preventing us from using the POST [csrf token] method to an on-premise system [They might release in Q3/4]. Leaving us with two options
1) Node library like cdse, sap-cf-axios
2) SAP cloud SDK Here regarding SAP cloud SDK , there are very fewer blog resources for JS world in consuming external services through destination.
Regards,
Karthi
Hi Karthi,
in Cloud SDK you don't have to do more than provide the destination name in your call to the OData Client. Cloud SDK handles the lookup of the destination and using the Connectivity Proxy behind the scenes: https://sap.github.io/cloud-sdk/docs/js/features/connectivity/proxy-js-sdk#the-automatic-flow
const businessPartners = BusinessPartner.requestBuilder()
.getAll().filter(BusinessPartner.BUSINESS_PARTNER_CATEGORY.equals('1'))
.top(5)
.execute({"destinationName": 'myDestination'});
Kind regards,
Sebastian
Hi gregorw,
Improving service consumption is on the roadmap and we'll see what we can do.
Best,
Sebastian
Hi Sebastian Esch!
The Cloud SDK for JS still might have issues with consumption of OData services from the S4/Hana on-premise system.
At least it didn't work in my case. https://github.com/SAP/cloud-sdk/issues/171
Though I can get through the proxy to the system I fail with authentication at the on-premise for some reason but when using a standard http request with defined http headers has no issues with authentication.
It could be an issue of the generated odata-client or axios which is used to send a http request to the on-premise.
Best Regards,
Evgeniy
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.