Applozic Platform Chat API - Uploading message attachments - applozic

I'm integrating with applozic for a client, and I need to send messages with attachments to users. I'm following the steps here: https://docs.applozic.com/docs/1-1-user-chat-and-group-chat-api#section-send-message-with-attachment on how to do this.
I'm having trouble with step 2:
Step 2. Call Url With multipart :
Call API with your file object attached to files[] array:
the requests I send are rejected with a 405 error, for example....
Request:
POST /_ah/upload/AMmfu6ZQrGP3Szfk1GuQAb_2a3J7PPWhQoiRbTnEjLp2MIzpuoeHrYryXhlzI6NW9JikjpJbT-HEtHAIk3og-Gl5EesCzBASipgtq1Hvh-PN90sjvasjRBvtO5XIFWi08gGfqTYUNT0C/ALBNUaYAAAAAWocIx4JPtA2a7LU00w1_pRui2Q3NjLR5/
application-key: XXXX
authorization: Basic XXXXX
cache-control: no-cache
accept: */*
host: applozic.appspot.com
accept-encoding: gzip, deflate
content-type: multipart/form-data; boundary=--------------------------523557777486909202804628
content-length: 286288
--------------------------523557777486909202804628
Content-Disposition: form-data; name="file"; filename="attachment.pptx"
Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
....file data....
Response:
HTTP/1.1 405
status: 405
x-guploader-uploadid: AEnB2UpLhLC9VKz0ysfP-WcNTgGCFc_67dVEp_-ANZsLTvWfEOFgyMWKKvpehGa3I6E9Q_s8S7LQAcYFlTt-J8LwVqRosha6lNros6eECUP5JdJ_RsZMW9g
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: UserId-Enabled, Authorization, Application-Key, Source, Content-Type
allow: GET
x-cloud-trace-context: 728352eed99001ff946db65f68daf518;o=1
x-appengine-estimated-cpm-us-dollars: $0.000026
x-appengine-resource-usage: ms=93 cpu_ms=605
date: Fri, 16 Feb 2018 16:29:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Could someone tell me what i'm missing here? It's responding with allow: GET which doesn't make sense, am I failing auth somehow?
Is there any more documentation available on this feature?

Step 1. Get Url to Upload File
Call API:
https://applozic.appspot.com/rest/ws/aws/file/url?data=1478763491992
where data= currentTime in long
API Response String:
https://applozic.appspot.com/_ah/upload/AMmfu6YAZpXFUYvC7wqIcW7msh8-YF1d7Tsh1UOTSCzpx2vinrcLQRtVfWbFHHXLFunUqsSLe1dYsDbsJxIO28cNcGrECf7LfFaNSycct-Sybd9KAZWk0yk7HybzxbBp4YQEDmMLi4Uf/ALBNUaYAAAAAWovz3TcYX24yam5K3embIkgQ6Q1pGIRf/
Step 2. Call Url With multipart :
Call API with your file object attached to files[] array(Parameter:files[]):
https://applozic.appspot.com/_ah/upload/AMmfu6YAZpXFUYvC7wqIcW7msh8-YF1d7Tsh1UOTSCzpx2vinrcLQRtVfWbFHHXLFunUqsSLe1dYsDbsJxIO28cNcGrECf7LfFaNSycct-Sybd9KAZWk0yk7HybzxbBp4YQEDmMLi4Uf/ALBNUaYAAAAAWovz3TcYX24yam5K3embIkgQ6Q1pGIRf/
filetMeta json Response:
{"fileMeta":{"blobKey":"AMIfv96n1wlMLpa3R_1i4nbFc4L1RLG81W5RovnPqMhVspzzJv5WBbnYgI4uwZkNjvzszNqsWwEQU6mrYoYsaoa2Vhi45p3P7bvQhAO1ciEL1K1yZJ2HB-goYPULYumC7LA8h33p_Ry
JBewFK8FogMDPR4_4zjClIg","contentType":"image/png","createdAtTime":"1478763491698","name":"applozic.png","size":"8694","thumbnailUrl":"https://lh3.googleusercontent
.com/EfnmKkzLtwBgYQq9UWc26oVqSZUiGukhXQgq7ns9a3G53ZAveFOszamvsqD-tbOfuirqERBO0QR60xFgYiGr=s120"}}

Try this request :
Post request
Url:-
https://applozic.appspot.com/_ah/upload/AMmfu6ZB1z1BBDQMh_ztllvkde5mest9aFeqDHoSmCLzGH3vEtqQLKKOZG820ONgNCOc3BatKJL-59Tppm76zvyfw773R4lEa7m3gaM4cdKGbDU5oy8R_9zt_PT12j8xYSK2oh3rO3xa/ALBNUaYAAAAAWoq31zwU986GLyomPgxjoJb6qHuf4iIx/
Param:files[]

Related

Getting 401 Response Code in Jmeter when I tried to see the View Result

Am getting 401 Response code while running my Jmeter script. Here is the sample result, request headers, response body, response headers.
Sample Result:
Thread Name:Thread Group 1-1
Sample Start:2022-05-04 20:13:44 IST
Load time:226
Connect Time:0
Latency:226
Size in bytes:591
Sent bytes:876
Headers size in bytes:417
Body size in bytes:174
Sample Count:1
Error Count:1
Data type ("text"|"bin"|""):text
Response code:401
Response message:
Request Headers:
Connection: keep-alive
Authorization: Bearer 0rPuk9bYwyE=ZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKemRXSWlPaUpPWVhabFpXNTJaV3h3ZFhKcFFHZHZZWFZrYVhSekxtTnZiU0lzSW1saGRDSTZNVFkxTVRZMk9EZzBNQ3dpWlhod0lqb3hOalV4TnpZNE9EUXdMQ0pxZEdraU9pSmxOREF4WlRZNU1pMWxPVFJtTFRRd01XWXRPR0psTlMwMU1tRXdaR1ptTkdSaFpUVWlMQ0pwYzNNaU9pSXpOamN3TURjMVppMWpZemhpTFRRd1lURXRZakEwT1MxbE4yVXhZMlkxWW1GaFpXVWlmUS5KQjdBOUdyS1I0bWE3N1VieXcySm5xZ3RuQjJJdHR6WVVJWTBZcU13Z1Ztb3AxeXpsNkpzRHF2NDlpVHAwTHhDN1JqNXRPT1dWSnFUeWs5bW5BZTkxUQ==
Referer: http://18.133.204.151/
Accept-Language: en-US,en;q=0.5
Origin: http://18.133.204.151
Content-Type: application/json
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: application/json
Content-Length: 2
Host: 18.133.204.151:8080
Response Body:
{"timestamp":"2022-05-04T14:43:44.476+0000","status":401,"error":"Unauthorized","message":"Error -> Unauthorized","path":"/webapp/api/audits/schedule/status/list"}
Response Headers:
HTTP/1.1 401
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 04 May 2022 14:43:44 GMT
Can someone please help me in resolving the issue. I tried in many ways and nothing helping me in resolving this.
Thanks in advance.
As per 401 Unauthorized status code description:
401 Unauthorized
The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.
If this Bearer token is recorded you won't be able to replay the request successfully because the token needs to be correlated. Check out Using Regular Expressions to Extract Tokens and Session IDs to Variables article for example solution (you might need to amend it to your application specifics)

Certain cookies are blocked cross domain when using an ajax request

I'm using a react app running on localhost:3000 which makes ajax requests to our website. We recently switched our authentification system from using WordPress authentification to https://github.com/delight-im/PHP-Auth.
Since then, using the same settings inside ajax and on our web server, our authentification cookies are not sent cross domain. However, it's working when requesting them from the same domain.
Our request:
fetchLoginStatus = () => {
const ajax = new XMLHttpRequest();
ajax.withCredentials = true;
ajax.open("POST", "https://our-website.com/src/php/checkLoggedIn.php");
ajax.onload = () => {
const response = JSON.parse(ajax.responseText);
};
ajax.send();
};
Our request headers (from localhost:3000):
:authority: my-website.com
:method: POST
:path: /src/php/checkLoggedIn.php
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
content-length: 0
cookie: plesk-items-per-page; plesk-sort-field, phpMyAdmin; databases-active-list-state-collapsed; plesk-list-type; io=R_dL3fjUEYe64ykHAAAp; isAsyncProgressBarCollapsed=true; PLESKSESSID; plesk-sort-dir;
origin: https://localhost:3000
referer: https://localhost:3000/
Our response headers (we are running an nginx server):
access-control-allow-credentials: true
access-control-allow-headers: origin, x-requested-with, content-type
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS access-`
control-allow-origin: https://localhost:3000
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 10 Mar 2019 15:26:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT pragma:
no-cache server: nginx
set-cookie: PHPSESSID=someId;
path=/; SameSite=Lax status: 200
vary: Accept-Encoding
x-powered-by: PleskLin`
When I don't send the request cross-domain PHPSESSID is inside the cookies of my request headers. However when I send the request from localhost:3000 it's not there.
Does somebody know how I can send the PHPSESSID from localhost too?
Thanks for any help in advance!
Asked the same question inside the github repository and the owner solved it.
https://github.com/delight-im/PHP-Auth/issues/154
Solution:
vendor/delight-im/auth/src/UserManager.php
Replace Session::regenerate(true); with Session::regenerate(true, null);
vendor/delight-im/auth/src/Auth.php
Replace #Session::start(); with #Session::start(null);
Replace Session::regenerate(true); with Session::regenerate(true, null);
After $cookie->setSecureOnly($params['secure']); append $cookie-
>setSameSiteRestriction(null); in all three (!) occurrences

format of web api respons is not correct

request is present "accept: application/xml; charset=utf-8" but response content is json
Request:
Connection: Keep-Alive
Accept: application/xml; charset=utf-8
Content-Type: application/xml; charset=utf-8
Response:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 07 Jan 2019 17:11:14 GMT
Content-Length: 31
{"cod":1,"msg":"","data":"100"}
software is developerd with .net framework 4.6.1
I noticed that if I return an anonymous class this will be serialized in json and never in xml.
to solve the problem, just return a non-anomalous calsse and it will be serialized correctly.

JMeter recorded sample failing on rerun

I recorded my project website workflow on Jmeter. But On rerunning the recorded samples, all the samples having POST request are failing. I am unable to figure out why the same samples which were passing during recording, are failing on re-run.
Below is request of one of the samples which is failing:
Recorded sample request which passed:
POST https://example.com/live/v1/dashboards/promo_pa/ds/promo_program_dimensions
POST data:
{"query":"promo_program_dimensions.filterby(program_master_id = 'GOGGLE').filterby(dimension_name = 'channel').groupby(dimension_value).aggregate(count(dimension_value) as count).orderby(dimension_value+)"}
[no cookies]
Request Headers:
Connection: keep-alive
Referer: https://example.com/live/v1/dashboards/promo_pa/
Accept-Language: en-US,en;q=0.5
DNT: 1
Accept: */*
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Content-Length: 216
Host: example.com
Sampler Result:
Thread Name:
Sample Start: 2018-02-22 17:32:44 IST
Load time: 93
Connect Time: 58
Latency: 93
Size in bytes: 647
Sent bytes:1095
Headers size in bytes: 645
Body size in bytes: 2
Sample Count: 1
Error Count: 0
Data type ("text"|"bin"|""): text
Response code: 200
Response message: OK
Response headers:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Feb 2018 12:02:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, public, max-age=0
Set-Cookie: live=.eJxNj11vgjAYhf_K0muzMLJdSOIFC6yBQJmuiO1Nw0cdtB0zUEAw_nfRZcbLN2_Oc85zAoGNHA9B9mlDF1gn8JQBCwTm8VD8xH0h3J7CjymFfk92vszHZZklxzpdr1bgvABBBKHrMA-x-MvdzEFVZbzRI1gAtm94WwJLNx2fr6q4wymWr9RRiuJ8iJJtRRLyQsytouJdULwREUQKJfGAkvBWkrfNnulfyes7IhTxQCGqiLkeIqeQaAqn0EElxa5B8feEoK-IkFesDLFnUMd-C4e_zVXBa13p8TntdMn0eODAqjulHj4PY8lua6RwOV6TXcubm8is2XP273q-AI7Dam4.DXBC5A.CJMLbN0B4HC4U8703ZQS50K00lk; HttpOnly; Path=/live
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Request of the same sample which is failing on re-run:
POST https://example.com/live/v1/dashboards/promo_pa/ds/promo_program_dimensions
POST data:
{"query":"promo_program_dimensions.filterby(program_master_id = 'GOGGLE').filterby(dimension_name = 'channel').groupby(dimension_value).aggregate(count(dimension_value) as count).orderby(dimension_value+)"}
Cookie Data:
live=.eJxNj11vgjAYhf_K0muzuE4uJPHCBNZgaB0O1Pam4aOu5WsGCqMY__uYy4yXJ2_O857nAvw1cTyC-PsaucC-gKcE2MCHwzmroj7L3Z6htzFGm54eN0VqljI5DHUcrFbgOgP-FiHX4R7h0Ye7m4qlSkSjDZgBfmpEK4Gtm05MSWV3OK5YgR3XohXJcR4tyCgVzvdTSi0WUoshOt86HiRhcHuSts2J669C1HcEgdhgJ10wx3shI4a02uUYRiMNpSIwGFguCxyuzYR6ZaEs8SH4xp9_m1Umaq20eY47Lbk2ZwHsuivLh8vDWHrcz2O0NL_NrhXNTWTS7AX_d73-AAjCaeE.DXBNjA.Fy0Fs7zpVKg-f1qSbAljATOn64E
Request Headers:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 216
Host: example.com
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_161)
Sampler Result:
Thread Name: Liberty 1-1
Sample Start: 2018-02-22 18:24:46 IST
Load time: 26
Connect Time: 0
Latency: 26
Size in bytes: 709
Sent bytes:868
Headers size in bytes: 652
Body size in bytes: 57
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 400
Response message: BAD REQUEST
Response headers:
HTTP/1.1 400 BAD REQUEST
Server: nginx
Date: Thu, 22 Feb 2018 12:54:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 57
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, public, max-age=0
Set-Cookie: live=.eJxNj1tvgjAAhf_K0mezGAcPkvjg0q7B0DKciO1Lw6WGcpuBwizG_z50mfHx5ORcvgvw1hS6FIvPNUbAuYCXBDjAW5xPWR0OWYEGjj_GGG8GdtiUqVnmSXRu4mC1AtcZ8HyMERQuFeEX2k7BSiWy1QbMgDi2ssuBo9teTkplj3JS85JAZLOaFqQILTrmihT7SaU23zGbYzb3obugu-A-knbtUejvUjaPCh9Wio7vFY22ikBm0SKrCeSlDwOL79I3OpajjwOLRTRnUWh4jSz28_dZZbLRSpvXuNe50OYkgdP0VfXkPJ1lh_08xktzS_adbO8gE-YgxT_r9Rcq0WoP.DXBPFg.4Rll1tgU0GdWHWyE73uLkKM8z9c; HttpOnly; Path=/live
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Response Data:
{"error": "Failed to authenticate user for data access."}
I have a login sample before this which passed successfully, So user has logged-in successfully before this sample.
I have used
HTTP Cache Manager, HTTP Cookie Manager and HTTP Header Manager. HTTP Cookie Manager will manage the session automatically. Still i am getting authentication error.
i have used the default settings for the sample i.e. "Redirect Automatically" and "Use KeepAlive". I am using JMeter 3.3
Appreciate any pointers.
In the "successful" request you have the following HTTP Headers:
X-Requested-With: XMLHttpRequest
Content-Type: application/json
In the "failing" one you have:
Content-Type: application/x-www-form-urlencoded
So my expectation is that you need to add HTTP Header Manager as a child of the "failing" request and configure it to send Content-Type header with the value of application/json

JMeter HTTP request showing Invalid credential and not getting Pass

I am testing a site having login page and then some blogs on which we can comment/post.
I first login to the site and then select a blog and make a comment on that blog.
I am able to pass the login request and select blog request but comment on the blog request showing error Invalid credential.
Here is the response message:
Thread Name: Thread Group 1-1
Sample Start: 2014-09-17 12:41:42 IST
Load time: 9
Latency: 9
Size in bytes: 286
Headers size in bytes: 286
Body size in bytes: 0
Sample Count: 1
Error Count: 1
Response code: 403
Response message: Invalid credentials
Response headers:
HTTP/1.1 403 Invalid credentials
Cache-Control: private
Server: Microsoft-IIS/8.5
X-FRAME-OPTIONS: SAMEORIGIN
X-UA-Compatible: IE=Edge
X-Telligent-Evolution: 8.0.0.37997
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Sep 2014 07:11:42 GMT
Content-Length: 0
HTTPSampleResult fields:
ContentType:
DataEncoding: null
And this is the request data:
POST http://192.xx.xx.61/TelligentCommunity/api.ashx/v2/comments.json
POST data:
Body=This+is+the+sample+post+by+Arjun&ContentId=c6bc2886-1fcb-46a4-8120-e344b8d8e4a1&ContentTypeId=f7d226ab-d59f-475c-9d22-
Cookie Data:
AuthorizationCookie=71710e44-7ba7-4af7-b390-6ae81cdec229; .Telligent.Evolution=F426475F7F35ED7250E97697BCC3DE0147BD3D15C494681A9C188922459CC698DD6F6A0CA77D61E2D5C6A56A5239B338B8DC484DAB6A4073B69F9F9139500867A843A9EB39D217825C47672E1B5165214A990F8E9CF519ED6159591B510967F84F6810CBCC4466E0DA5E37D03AB0E341A6DA0970861A2F58EE873E168D1A851D9B956033B10C9856D680FC6AC5736F961631BDD1A66EE89024020BF55A8422B24A485311C87C5074F2507E4FFA9EFBADC36B0DCBC051965ACE32EDA2B5607FEBDE17F0C2F486A42E05680FD90F30494B
Request Headers:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Rest-Authorization-Code: 7a24113f-2a71-428b-80c7-57234aac67c1
Accept-Language: en-US
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
DNT: 1
Pragma: no-cache
Authorization-Code: 7a24113f-2a71-428b-80c7-57234aac67c1
X-Requested-With: XMLHttpRequest
Referer: http://192.xx.xx.61/TelligentCommunity/certification/b/90days2mcsa/archive/2014/09/12/how-to-win-by-contributing-to-the-mcp-community
Accept-Encoding: gzip, deflate
Content-Length: 123
Host: 192.xx.xx.61
Are you sure that your login request is successful? How do you know? ASP.NET applications use dynamic parameters like viewstate or eventvalidation and they need to be extracted from the previous response and added to the next one. See ASP.NET Login Testing with JMeter guide for details.
Looking into api and json URL bits I would expect that Content-Type header should be application/json. I would suggest adding a HTTP Header Manager as a child of the request which posts a blog comment and configure it to send above Content-Type.
This Authorization-Code header value: is it something you recorded or it came from correlation? If first you need to pass the correct value as well.

Resources