How to validate url which is used to register resource using REST API?
For example:
REST API POST http://xyz.wt.com:7001/rd?endpoint=node1&domain=D&EXTRA=qsjoiusswq2
In this I need to validate that the URL contains info only about endpoint and domain, EXTRA is useless, and how to find is there any extra info end user is passing?
For most programming languages there are libraries to parse URLs.
For Python, you could use urllib.parse.urlparse and urllib.parse.parse_qs:
import urllib
url = "http://xyz.wt.com:7001/rd?endpoint=node1&domain=D&EXTRA=qsjoiusswq2"
result = urllib.parse.urlparse(url)
query = urllib.parse.parse_qs(result.query)
print(query)
keys = set(urllib.parse.parse_qs(result.query).keys())
print(keys):
print(keys == {"domain", "endpoint"}
Output:
{'endpoint': ['node1'], 'EXTRA': ['qsjoiusswq2'], 'domain': ['D']}
{'EXTRA', 'domain', 'endpoint'}
False
So you keys in the query are not what you expect.
Related
I did read the comments on the similar questions, checked out what the answers propose, followed those in detail. Does not change anything.
As I tried to do exactly the same in Python using the Tweepy library, and that does work fine, I know for sure it must be something at Nifi's side.
I do have elevated access on Twitter, I checked multiple times my tokens, they are correctly filled in.
Anybody a usefull answer?
Python code:
import tweepy
consumer_key = 'xxx'
consumer_secret = 'xxx'
access_token = 'xxx'
access_token_secret = 'xxx'
auth = tweepy.OAuth1UserHandler( consumer_key, consumer_secret, access_token, access_token_secret )
api = tweepy.API(auth, wait_on_rate_limit=True)
for tweet in tweepy.Cursor(api.search_tweets, q="#twitter", count=100, tweet_mode='extended', until = '2022-07-09').items():
text = tweet._json["full_text"]
print(text)
print('\n\n')
Nifi code:
Processor GetTwitter (1.16.3) with consumer_key, consumer_secret, access_token, access_token_secret filled correctly in.
Other elements not changed. Added a wait processor connected with success relation.
!! I retested the same simple flow (getTwitter and Wait processor)in version 1.12.1: result is a 401 error instead of 403(?)
looking for working solution to Fetch friends count using Odnoklassniki API in Ruby
tried to use lemur and school_friend gems without success
require 'school_friend'
SchoolFriend.application_id = '193320768'
SchoolFriend.application_key = 'CBALsdsASDBA'
SchoolFriend.secret_key = 'A3AA9342CR47DA4BC315'
SchoolFriend.api_server = 'http://api.odnoklassniki.ru'
puts SchoolFriend.users.is_app_user(:uid => '571931088692')
{"error_code"=>100, "error_data"=>nil, "error_msg"=>"PARAM : Missed required parameter: access_token"}
even i specify access_token as mentioned in docs like that:
session = SchoolFriend.session(:access_token => 'token_from_oauth2_client')
session.friends.get
{"error_code"=>100, "error_data"=>nil, "error_msg"=>"PARAM : Missed required parameter: access_token"}
i still get same error
Becouse odnoklassniki api requires access token
your request to this api should be like
http://api.odnoklassniki.ru/fb.do?method=friends.get&application_key=[APPLICATION_KEY]&sig=[SIG]&access_token=[ACCESS_TOKEN]
I'm use lemur and for me it works fine
i'm initialize it like
odnoklassniki = Lemur::API.new(APP_SECRET, Public_key, Access_token, APP_ID)
where APP_SECRET, Public_key and APP_ID you have after registration your app
Access_token you have after use sign in to odnoklassniki via omniauth
and then i can call api method like
odnoklassniki.get(method: 'friends.get')
this returns something like that
["55726542234", "32131394541", "532139395874", "94691213891"]
I am using C3 & the latest twitterizer api. I have managed to get the user to authenticate & authorize my twitter application after which I persist only the access_token, access_token_secret and access_token_verifier.
The problem I have now is that when the user returns ( at a later stage, cookies removed / expired ), they identify themselves using our own credentials system, and then I attempt to see if their twitter credentials are still valid. I do this by calling the following method
OAuthTokens t = new OAuthTokens();
t.ConsumerKey = "XXX"; // my applications key
t.ConsumerSecret = "XXX";// my applications secret
t.AccessToken = "XXX";// the users token from the DB
t.AccessTokenSecret = "XXX";//the users secret from the DB
TwitterResponse<TwitterUser> resp = TwitterAccount.VerifyCredentials(tokens);
This is the error I get : "error":"Could not authenticate with OAuth.","request":"/1/account/verify_credentials.json"
I know my tokens are valid because if I call this method :
TwitterResponse<TwitterUser> showUserResponse = TwitterUser.Show(tokens, CORRECT_SCREEN_NAME_HERE);
with my screen name passed in and the same OAuth tokens, it returns correctly.
Any Ideas?
C# -> v4.0.30319
Twitterizer -> 2.4.0.2028
In your code, you're defining tokens as t, but when you call VerifyCredentials you're passing it tokens. Is that just an error in your sample code?
Is there any library in Ruby that generates the Signature, 'X-PAYPAL-AUTHORIZATION' header that is required to make calls on behalf of the account holder who has authorized us through the paypal Permissions API.
I am done with the permissions flow and get the required access token, tokenSecret. I feel I am generating the signature incorrectly as all my calls with the the generated 'X-PAYPAL-AUTHORIZATION' fail. They give the following errors:
For NVP call I get:
You do not have permissions to make this API call
And for the GetBasicPersonalData call I get:
Authentication failed. API credentials are incorrect.
Has anyone gone through this in Ruby? What is best way to generate signature. Paypal has just provided some SDK in Paypal, Java, but not the algorithm to generate signature.
Thanks,
Nilesh
Take a look at the PayPal Permissions gem.
https://github.com/moshbit/paypal_permissions
Specifically lib/paypal_permissions/x_pp_authorization.rb
require 'cgi'
require 'openssl'
require 'base64'
class Hash
def to_paypal_permissions_query
collect do |key, value|
"#{key}=#{value}"
end.sort * '&'
end
end
module ActiveMerchant #:nodoc:
module Billing #:nodoc:
module XPPAuthorization
public
def x_pp_authorization_header url, api_user_id, api_password, access_token, access_token_verifier
timestamp = Time.now.to_i.to_s
signature = x_pp_authorization_signature url, api_user_id, api_password, timestamp, access_token, access_token_verifier
{ 'X-PAYPAL-AUTHORIZATION' => "token=#{access_token},signature=#{signature},timestamp=#{timestamp}" }
end
public
def x_pp_authorization_signature url, api_user_id, api_password, timestamp, access_token, access_token_verifier
# no query params, but if there were, this is where they'd go
query_params = {}
key = [
paypal_encode(api_password),
paypal_encode(access_token_verifier),
].join("&")
params = query_params.dup.merge({
"oauth_consumer_key" => api_user_id,
"oauth_version" => "1.0",
"oauth_signature_method" => "HMAC-SHA1",
"oauth_token" => access_token,
"oauth_timestamp" => timestamp,
})
sorted_query_string = params.to_paypal_permissions_query
base = [
"POST",
paypal_encode(url),
paypal_encode(sorted_query_string)
].join("&")
base = base.gsub /%([0-9A-F])([0-9A-F])/ do
"%#{$1.downcase}#{$2.downcase}" # hack to match PayPal Java SDK bit for bit
end
digest = OpenSSL::HMAC.digest('sha1', key, base)
Base64.encode64(digest).chomp
end
# The PayPalURLEncoder java class percent encodes everything other than 'a-zA-Z0-9 _'.
# Then it converts ' ' to '+'.
# Ruby's CGI.encode takes care of the ' ' and '*' to satisfy PayPal
# (but beware, URI.encode percent encodes spaces, and does nothing with '*').
# Finally, CGI.encode does not encode '.-', which we need to do here.
def paypal_encode str
s = str.dup
CGI.escape(s).gsub('.', '%2E').gsub('-', '%2D')
end
end
end
end
Sample parameters:
url = 'https://svcs.sandbox.paypal.com/Permissions/GetBasicPersonalData'
api_user_id = 'caller_1234567890_biz_api1.yourdomain.com'
api_password = '1234567890'
access_token = 'YJGjMOmTUqVPlKOd1234567890-jdQV3eWCOLuCQOyDK1234567890'
access_token_verifier = 'PgUjnwsMhuuUuZlPU1234567890'
The X-PAYPAL-AUTHORIZATION header [is] generated with URL "https://svcs.paypal.com/Permissions/GetBasicPersonalData". (see page 23, and chapter 7, at the link)
NVP stating "You do not have permissions to make this API call" means your API credentials are correct, just that your account does not have permission for the particular API you are trying to call. Something between the two calls you are submitting is not using the same API credentials.
For NVP call I get:
What NVP call?
TransactionSearch (see comments below)
Also, if you haven't already done so, you will want to use the sandbox APP-ID for testing in the sandbox, and you will need to apply for an app-id with Developer Technical Services (DTS) at PayPal to get an App-ID for live.
EDIT:
To use the TransactionSearch API, all you should be submitting is below. You do not need to specify any extra headers.
USER=xxxxxxxxxxxxxxxxxx
PWD=xxxxxxxxxxxxxxxxxx
SIGNATURE=xxxxxxxxxxxxxxxxxx
METHOD=TransactionSearch
VERSION=86.0
STARTDATE=2009-10-11T00:00:00Z
TRANSACTIONID=1234567890
//And for submitting API calls on bob's behalf, if his PayPal email was bob#bob.com:
SUBJECT=bob#bob.com
I'm creating a library in Ruby that allows the user to access an external API. That API can be accessed via either a SOAP or a REST API. I would like to support both.
I've started by defining the necessary objects in different modules. For example:
soap_connecton = Library::Soap::Connection.new(username, password)
response = soap_connection.create Library::Soap::LibraryObject.new(type, data, etc)
puts response.class # Library::Soap::Response
rest_connecton = Library::Rest::Connection.new(username, password)
response = rest_connection.create Library::Rest::LibraryObject.new(type, data, etc)
puts response.class # Library::Rest::Response
What I would like to do is allow the user to specify that they only wish to use one of the APIs, perhaps something like this:
Library::Modes.set_mode(Library::Modes::Rest)
rest_connection = Library::Connection.new(username, password)
response = rest_connection.create Library::LibraryObject.new(type, data, etc)
puts response.class # Library::Response
However, I have not yet discovered a way to dynamically set, for example, Library::Connection based on the input to Library::Modes.set_mode. What would be the best way to implement this functionality?
Murphy's law prevails; find an answer right after posting the question to Stack Overflow.
This code seems to have worked for me:
module Library
class Modes
Rest = 1
Soap = 2
def self.set_mode(mode)
case mode
when Rest
Library.const_set "Connection", Class.new(Library::Rest::Connection)
Library.const_set "LibraryObject", Class.new(Library::Rest::LibraryObject)
when Soap
Library.const_set "Connection", Class.new(Library::Soap::Connection)
Library.const_set "LibraryObject", Class.new(Library::Soap::LibraryObject)
else
throw "#{mode.to_s} is not a valid Library::Mode"
end
end
end
end
A quick test:
Library::Modes.set_mode(Library::Modes::Rest)
puts Library::Connection.class == Library::Rest::Connection.class # true
c = Library::Connection.new(username, password)