Chainlink link oracle cannot fulfill request? - oracle

when I call chain link oracle to request data, I just can't get the response fulfilled with
correct response on the chainlink operator
but can't get fulfilled response, I checked the transaction on goerli
the eth on admin is
How can I get the fulfilled response correctly?

Related

KrakenD returns a 500 when the body of the backend endpoint doesnt have any data

I am using KrakenD to make a call to a Salesforce endpoint
/services/data/v56/jobs/ingest/{{_jobId}}/batches
This backend endpoint doesn't return any data in the response body and as a result the call fails with a 500. From the logs -
[00] [KRAKEND] 2023/01/27 - 23:39:45.615 ▶ ERROR [ENDPOINT: /ingest/:jobId/batches] EOF
How do I solve this error? How can I tell KrakenD to expect the empty response body?
I am not using any custom plugins.
You should check the encoding defined at the backend section (by default, it's JSON) and select one that suits your backend responses. Here you'll find some recommendations: https://www.krakend.io/docs/backends/supported-encodings/#how-to-choose-the-backend-encoding
If you are expecting empty responses, you could use no-op (https://www.krakend.io/docs/endpoints/no-op/)

Azure Logic App - Get Response Body with 500 Internal Server Error

Is there any way to get the response body in Azure Logic App even when we get 500 Internal Server Error?
I have made the Logic App in a way that I'm setting the response code to 500 on an issue, and I'm adding some error related information in the response body. I tried returning 504 Gateway timeout as well, in case of a timeout issue I could face, but I'm always receiving a null response body in case of non-200 response codes.
If we are not able to see the response body in case of an error by design, is there a better way to set and fetch error related information from the response object?
Yes you can get the response body in Azure Logic App by adding the response action. According to this Add a Response action section of the Microsoft document.
When you use the Request trigger to handle inbound requests, you can model the response and send the payload results back to the caller by using the built-in Response action.
Following steps would help you to get the response body.
In the Logic App Designer, under the step where you want to add a Response action, select New step.
The under Choose an action, in the search box, enter response as your filter, and select the Response action.
Now add any values that are required for the response message. For the Body, you can select the trigger body output from the dynamic content list.
I would suggest to read the Receive and respond to inbound HTTPS requests in Azure Logic Apps document for more information.
Alternatively you can also create alerts whenever HTTP 500 errors occur in your App and use Application Insights to view it using Azure Monitor. I would also suggest to read this Handle errors and exceptions in Azure Logic Apps Microsoft document for more information.

Response Data for "GET Method"

I am creating different HTTP Requests for a site and taking an access token as a variable from Regular Expression Extractor and using it in another HTTP Request.
The Thread group is working fine; i.e. no error in View Results Tree. But Response data is only coming for the Request with POST Method. Nothing is coming for the Request with GET Method and both requests are taking the access token properly.
In some cases you may get response code 200 ok and request still may fail. In case of your get request that seems to be happening.
Check following:
Headers being sent with get request. (Compare request being sent from JMeter and from real browser.)
Add response assertion to get request to be assure the correctness of the response. (Check what response you get for the request made from browser.)
Make sure you have added cookie manager in the test plan.

What's the appropriate HTTP status code to return if a user tries logging in with an incorrect username / password, but correct format?

A similar question is posted here: What's an appropriate HTTP status code to return by a REST API service for a validation failure?
The answer in the thread above states that "For instance if the URI is supposed to have an ISO-8601 date and you find that it's in the wrong format or refers to February 31st, then you would return an HTTP 400. Ditto if you expect well-formed XML in an entity body and it fails to parse."
However, what happens if the user submitted correctly formatted data? By this I mean, the user submitted a plain alphabetical string / text for the username and password (which is perfectly valid for my application). The only issue is that the password did not match with the username. In this case, 400 will be incorrect because it is perfectly valid syntax and well-formed.
A 401 would be incorrect (as suggested here: Which HTTP status code to say username or password were incorrect?) because the user is not trying to access any page, he is simply trying to login and entered data which does not match.
If you look back at the first post I linked to, the second answer states that 422 is the correct response (and it looks correct to me), however, I am using Django Rest Framework and 422 is not part of the status codes (a list of the status codes which are part of DRF can be found here: http://www.django-rest-framework.org/api-guide/status-codes/#client-error-4xx)
404 also doesn't look right because the data is successfully accepted and not refused.
With that said, what is the real correct response which should be used?
If you are strictly using the HTTP authentication framework provided by RFC 7235 for your REST API, the correct HTTP code would actually be 401. From the RFC:
The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a 401 response MUST send a WWW-Authenticate header field (Section 4.1) containing at least one challenge applicable to the target resource.
If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replaced Authorization header field (Section 4.2).
Your REST API should employ an authentication scheme of some sort in order to return a valid 401 response to your client.
Another pertinent section from RFC 7235, page 4:
Upon receipt of a request for a protected resource that omits
credentials, contains invalid credentials (e.g., a bad password) or
partial credentials (e.g., when the authentication scheme requires
more than one round trip), an origin server SHOULD send a 401
(Unauthorized) response that contains a WWW-Authenticate header field
with at least one (possibly new) challenge applicable to the
requested resource.
A higher-level response, such as a rendered login page for a visual user (redirected from a protected resource via 302), would be better served with the 200 status code (per #KernelDeimos' answer, for example). Since login pages are typically their own resource (e.g. /login?redirect=original-resource), the unauthenticated user is still authorized to see this page, even if they provide an incorrect username/password. Then, you redirect the authenticated user back to the resource, at which point would show 200 if allowed, or 403 if the user is forbidden to view the resource.
The area where 401 could come into play with a visual login page is a front-end library that leverages the REST API using XHR requests, then relay the 401 response from the REST API back into a meaningful format on the login page.
If login is handled at a higher-level (ex: sending a POST to the server with a username and password), use the appropriate status code in 2xx for a successfully handled login request with the wrong password. If using the HTTP authentication framework provided by RFC 7235, send 401 (see answer by #sjagr for further detail).
Below the line is the rest of my original answer, which explains my train of thought. Also note the thread on sjagr's answer which includes a debate which improved both our answers and a comment from Julian Reschke (one of the RFC's authors).
Before asking "what is the correct HTTP status code", it's important to consider this question: "Should success or failure of login be reflected in the HTTP status code of the response?"
In #sjagr's answer the first part of this section is highlighted. I'm going to highlight the second part and explain why:
If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replaced Authorization header field (Section 4.2).
This refers to an Authorization header, rather than a request body containing login credentials. The phrasing of the first part, unfortunately, could be misinterpreted to refer to a request body containing login information. This ambiguity can be resolved by considering separation of concerns; (https://en.wikipedia.org/wiki/Separation_of_concerns) the server's response header should not depend on the differences of two valid request bodies, with the exception of when it causes an internal server error, otherwise the concerns of data transfer and appliction login begin to creep into each other.
I would use HTTP response 2xx for a valid login request, where the client has permission to attempt a login, that is handled successfully with a response indicating success or failure.
I also like the way #spectras expressed this in the comments:
Attempting to express an application-level error in a transport-level status code is a design mistake.
401 - Unauthorized
403 - Forbidden
http://www.buggybread.com/2012/11/http-error-codes-401-access-denied-403.html
If you try to log into a Google account with the wrong password, it will return a 200 response containing data that indicates the password was incorrect. For that reason, I just use a 200.
At the end of the day, which status code you use is purely a semantic issue and isn't going to change the functionality of your application. What really matters is that your application displays the correct information to the user.
I think what causes all the confusion is that there are two entities that need to be authenticated. One is the client (front-end app) needs to authenticate itself, that its authorized to make a login request for the user, and then the user needs to authenticate itself with his username/password.
The status code should only be related to the client making the request, not the user.
From https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
HTTP response status codes indicate whether a specific HTTP request has been successfully completed.
200 is correct:
Given that you have a front-end application that talks to the backend, the appropriate respond code should be 200 and the response body should contain the information if password matches or not, but that result has no impact on the status code, because the request itself was authorized and successfully parsed.
401 is wrong:
Assume your front-end authenticates with a token for example, then the response code 401 would mean the front-end token is invalid, not the password of the user inside that request.
403 is wrong: Assume your front-end authenticates with a token for example, then the response code 403 would mean the token is vaild, but that token does not have the access right to ask if password/username match.

Http status code for bad params in post request

I have a server in which the client can register itself as a device (like a mobile device). For the registration, the device must be associated with another resource (say an user) which is already registered on the server. To do that, the client sends a Http Post request to the server, with two params, its own ID and the associated resource ID.
I need to choose an Http Status code to return when the client ask the server to do some procedure and one of the resources indicated in the parameters are not found.
I suggested 404, but my professor said that 404 is used the resource associated to the URI is not found, not when you submit a well-formed request with bad parameters.
What is the most suitable http status and why would you choose?
In my opinion, it fits to:
400 - Bad Request
The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
OR
403 - Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.
Ref: fc2616
I would use 403 'Forbidden' - meaning, you are forbidden from accessing the page with the request you have sent

Resources