Hey devs,
After successfully preventing users to manipulate their on stats in their user profile, I want to use a HTTP request to change exactly these properties.
I am aware that the normal user can not run this script, since the EventListener will reset the original document again, so I try to use a Bearer token generated from an Admin account and sent this in the header. Here is my code:
async function updateUserStats(billedCharacters) {
const Userpage = "${username}";
const currentMonth = "${currentMonthName}";
const usedCharacters = ${usedCharacters};
const newCharacters = usedCharacters + billedCharacters;
const apiUrl = `/xwiki/rest/wikis/xwiki/spaces/XWiki/pages/${Userpage}/objects/XWikiUsers/0`;
const authToken = "AUTH_TOKEN";
const authHeader = "Bearer " + authToken;
try {
const updateResponse = await fetch(apiUrl, {
method: "PUT",
headers: {
"Content-Type": "application/json",
"Accept": "application/json",
"Authorization": authHeader
},
body: JSON.stringify({
properties: [
{
name: currentMonth,
value: newCharacters
}
]
})
});
if (updateResponse.ok) {
console.log(`✅ Updated ${currentMonth} stats: ${newCharacters} characters.`);
} else {
console.error("❌ Failed to update translation stats:", await updateResponse.text());
}
} catch (error) {
console.error("❌ Error updating translation stats:", error);
}
}
If I run the code as an admin, the REST API call works just fine, but when trying to authenticate this call with an Admin token, it does not. In the logs, it only returns
2025-02-20 09:43:03,890 [http-nio-8080-exec-2 - /xwiki/rest/wikis/xwiki/spaces/XWiki/pages/JohnDoe/objects/XWikiUsers/0] WARN nticationFailureLoggerListener - Authentication failure with login [null]
Any help much appreciated.
cheers
DALLI
1 post - 1 participant