I need to change a cookie from "Session" type to "Persistent" type. Moreover I need to have it working together with "omniauth-facebook". In the example below everything is working well but when I use omniauth the cookie is not set at all. This is the test code I wrote:
require 'rubygems'
require 'sinatra'
require 'encrypted_cookie'
require 'omniauth-facebook'
use Rack::Session::EncryptedCookie, :secret => "fdstopitot9dasdsdasjm4kmt0èu54cmjff83d2'ìel.4j9c"
use OmniAuth::Builder do
provider :facebook, '290594154312564','a26bcf9d7e254db82566f31c9d72c94e'
end
get "/" do
"persistent | session | /auth/facebook"
end
get "/persistent" do
response.set_cookie 'test', {:value=> "persistent", :max_age => 2592000.to_s}
redirect "/"
end
get "/session" do
response.set_cookie 'test', {:value=> "session"}
redirect "/"
end
get '/auth/:provider/callback' do
response.set_cookie 'test', {:value=> "facebook_callback"}
redirect "/"
end
Clicking on /session or /persistent you can see the cookie changing accordingly (in Chrome you can check cookies with F12 > Resources > Cookies > localhost).
Clicking instead on /auth/facebook the cookie is not set at all.
The response header seems ok (in Chrome you can see the http response header with F12 > Network > header). I only tested it with Chrome.
HTTP/1.1 302 Moved Temporarily
X-Frame-Options: SAMEORIGIN
Location: http://localhost:4567/
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=utf-8
Content-Length: 0
Set-Cookie: test=facebook_callback
Set-Cookie: rack.session=X8U8kupLYzIurjMS4pSCQfF%2BzPpjQhJMqyMd84o8BQdQLwmhagL1UkZ4oi7%2F%0A9bEN%2B0FZDDUAeQD%2BRizczwvepQi%2FbcMwaAjpkFcXhiWuJPQ%3D%0A; path=/
X-Content-Type-Options: nosniff
Connection: keep-alive
Server: thin 1.5.1 codename Straight Razor
Any clue?
Is was a trivial problem, just add the path to the cookie: response.set_cookie 'test', {:value=> "facebook_callback", :path => "/"}
The reason why I did not notice was that there is a redirect to "/", so Chrome was only showing me the cookies for the path "/". Removing the redirect, I notice I have two cookies named "test". One with "/" path and the other with "/auth" path.
Related
I'm currently getting the following error when I run my rspec test
Failure/Error: expect(last_response.header['Content-Type']).to eq('application/json')
expected: "application/json"
got: "text/html"
(compared using ==)
I specify the content type in the method here
get '/restart/?' do
content_type :json
# token authentication
need_token!
# restart operation
exit_process
status 200
JSON.pretty_generate({ 'ok' => true, 'message' => 'Restarting ...' })
end
And when I run the curl get command I get the following out showing the Content-Type: application/json
curl -X GET -H X-AUTH-TOKEN:$TOKEN --url localhost:8080/restart -I
HTTP/1.1 200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 85
Why is rspec test returning "text/hmtl"?
Aloha!
I was working on a similar test recently! I can see a little difference in your approach defining the (sinatra) route. I have specified the Content-Type using headers and it looks like this:
headers['Content-Type'] = 'application/pdf'
Then in my test (I'm using RSpec) I'm doing this:
expect(last_response.header['Content-Type']).to eq('application/pdf')
Just simply put the headers in request
request.headers['Content-Type'] = "application/json"
Or you can modify according to requirements
This question has been asked by many of users and I have tried all solutions but none of them have worked for.for ex: This Question here curl json post request via terminal to a rails app but still the same result.
I am trying to POST data through terminal using CURL by running this command:
curl -i -H 'Authorization: Token token'="9asdadsasd87t8ddaghsd" -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"request":{"sender_mobile":"12331212","recipient_mobile":"121231231","location":"Bangalore"}}' http://localhost:3000/api/v1/requests
and Getting reponse:
HTTP/1.1 422 Unprocessable Entity
Content-Type: text/html; charset=utf-8
Content-Length: 15450
X-Request-Id: f1025e69-9ff3-4bd1-9bd5-0679fbcc50bc
X-Runtime: 0.062784
Server: WEBrick/1.3.1 (Ruby/2.1.1/2014-02-24)
Date: Thu, 08 Jan 2015 10:35:45 GMT
Connection: Keep-Alive
with so much lines of garbage but I guess this response is sufficient to understand what might be the cause.Here is the link to complete error http://pastebin.com/n342HeYL
I am able to do GET request successfully with command:
curl -i 'http://localhost:3000/api/v1/requests' -H 'Authorization: Token token'="952aa4598ec2cd87c8b69056616a00af"
Response:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Etag: "b956523e0345d2bb466d39823195b600"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 91d21235-246f-4557-a67a-92dca02b9cc1
X-Runtime: 0.011781
Server: WEBrick/1.3.1 (Ruby/2.1.1/2014-02-24)
Date: Thu, 08 Jan 2015 10:51:55 GMT
Content-Length: 486
Connection: Keep-Alive
So, I dont know whats wrong in POST request.
Here is my request_controller.rb file
module Api
module V1
class RequestsController < ApplicationController
# skip_before_action :verify_authenticity_token
before_filter :restrict_access
respond_to :json
def index
respond_with Request.all
end
def show
respond_with Request.find(params[:id])
end
def create
respond_with Request.create(params[:request])
end
def update
respond_with Request.update(params[:id], params[:request])
end
def destroy
respond_with Request.destroy(params[:id])
end
private
def restrict_access
authenticate_or_request_with_http_token do |token, options|
ApiKey.exists?(access_token: token)
end
end
end
end
end
With respect to the conversation above, let me write an answer.
If you see a form in rails, it will have a line as mentioned below
<input name="authenticity_token" type="hidden" value="+wFCV3kv0X/WI0qb54BgYlDzi+Tp+6HIGM61a4O6gg0=">
Now, if in ApplicationController you have this line protect_from_forgery then it would always expect authenticity_token and if its not available, it will throw the error thats mentioned in your logs hence I suggested to remove that line because you won't be passing an authenticity_token as a param from you api POST requests.
The reason why your get request is working just fine is because rails doesn't expect authenticity_token on a GET request.
Now, you said you removed protect_from_forgery but you got an internal server error, well that has to be handled by you as it has got nothing to do with GET or POST request but it is an error in your rails application. So solve that error and it should work just fine. Or also post the error log here so may be I can help you with that.
EDIT: Solution to your internal server 500 error
With the logs pasted below, it is also necessary that you allow the attributes in your controller, just as #abhinay mentioned in the code.
Hope that helps
Authenticate via Ruby into Jira and post changes via ZAPI (Zephyr API)
What I'm trying to do: I'm trying to authenticate via Ruby into Jira and then make changes to Zephyr (Jira plugin w/Z(ephyr)API) issues.
I'm trying to execute this code (taken from: http://docs.getzephyr.apiary.io/#executionresourceapis)
require 'rubygems' if RUBY_VERSION < '1.9'
require 'rest_client'
values = "{\n \"issueId\": 10600,\n \"versionId\": \"10000\",\n \"cycleId\": \"16\",\n \"projectId\": 10000\n}"
headers = {:content_type => "application/json"}
response = RestClient.post "http://getzephyr.apiary-mock.com/jira_server/rest/zapi/latest/execution", values, headers
puts response
My main issue is I cannot authenticate my Jira instance via Ruby. My attempts include (among countless others):
A) I think this works (even though this works, I don't think it'll work for my use b/c I need to pass in other values to change Jira/Zephyr tickets):
curl -D- -u fyousuf:password -X GET -H Content-Type: application/json http://jira.test.local/rest/zapi/latest/execution
(tried curl via https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+Basic+Authentication)
A) Output:
curl: (6) Could not resolve host: application; nodename nor servname provided, or not known
HTTP/1.1 200 OK
Server: nginx/1.0.11
Date: Wed, 06 Aug 2014 20:14:35 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-AREQUESTID: 974x1935522x1
Set-Cookie: JSESSIONID=5F5D8411206C9B99054CABAD93AAE715; Path=/; HttpOnly
X-Seraph-LoginReason: OK
Set-Cookie: atlassian.xsrf.token=A8NH-S9GW-2ZYX-9R4V|a6024d3cb5c5585d2b6f765001ebfefa67dd5a7a|lin; Path=/
X-ASESSIONID: 1x3gunc
X-AUSERNAME: fyousuf
Cache-Control: no-cache, no-store, no-transform
{"status":{"1":{"id":1,"color":"#75B000","description":"Test was executed and passed successfully.","name":"PASS"},"2":{"id":2,"color":"#CC3300","description":"Test was executed and failed.","name":"FAIL"},"3":{"id":3,"color":"#F2B000","description":"Test execution is a work-in-progress.","name":"WIP"},"4":{"id":4,"color":"#6693B0","description":"The test execution of this test was blocked for some reason.","name":"BLOCKED"},"-1":{"id":-1,"color":"#A0A0A0","description":"The test has not yet been executed.","name":"UNEXECUTED"}},"executions":[],"currentlySelectedExecutionId":""}
B) This doesn't work:
values = "{\n \"issueId\": 32640,\n \"versionId\": \"11163\",\n \"cycleId\": \"5\",\n \"projectId\": 10460\n,\n \"status\": \"1\"}"
headers = {:content_type => "application/json"}
auth = 'Basic ' + Base64.encode64( 'fyousuf:password' ).chomp
url = 'http://jira.test.local/rest/zapi/latest/execution'
resource = RestClient::Resource.new( url )
response = resource.post( :Authorization => auth )
#response = resource.post "http://jira.test.local/rest/zapi/latest/execution", values, headers
puts response
puts response.code
B) Output:
{"errorDesc":"You do not have the permission to make this request. Login Required.","errorId":"ERROR"}
200
I'm thinking that if I'm able to authenticate into Jira with 'curl' then via Ruby should work too, but not sure what I'm doing wrong...
to access Jira's API from Ruby I use following construction. The net/http object does the work. For clearity I removed error-handling and logging from the example.
require 'net/http'
require 'json'
http = Net::HTTP.new(host, port)
resp = nil
http.start do |http|
req = Net::HTTP::Post.new(api call + parameter)
req.add_field('Content-Type', 'application/json') if "POST" == req.method
req.add_field('Accept', 'application/json')
# we make an HTTP basic auth by passing the
# username and password
req.basic_auth username, password
resp = http.request(req)
end
return resp.body
I have a Sinatra application, in which one of the rules expect the URL to contain the session id (returned from a previously called URL). How to overload the session with the one referenced by the session ID?
use Rack::Session::Pool
get "example/:session_id" do
sessionId = params[:session_id]
# how to reload the session now, using the sessionId?
end
Thanks for the help!
Session ID in Path
If you must use a session id from the path, you can use this hacky way
# app.rb
require 'sinatra'
configure do
use Rack::Session::Pool, :key => 'session_id'
end
get "/example/:session_id" do
session.id = params[:session_id]
session[:force_load] = 'force' # force session.load!()
session.delete(:force_load) # remove dummy value
session[:count] = session[:count].to_i + 1
session.inspect
end
Session ID in Request Params
A supported way would be to set :cookie_only option to false if you are willing to move session_id to a request parameter (query parameter or body parameter)
# app.rb
require 'sinatra'
configure do
use Rack::Session::Pool, {
:key => 'session_id',
:cookie_only => false, # adds request params as source for session id
}
end
# works with /example?session_id=
get '/example' do
session[:count] = session[:count].to_i + 1
session.inspect
end
Demo
$ ruby app.rb &> /dev/null &
$ curl -i localhost:4567/example?session_id=
HTTP/1.1 200 OK
Set-Cookie: session_id=2a06759c64c130bc45036076; path=/; HttpOnly
{"count"=>1}
$ curl -i localhost:4567/example?session_id=2a06759c64c130bc45036076
HTTP/1.1 200 OK
Set-Cookie: session_id=2a06759c64c130bc45036076; path=/; HttpOnly
{"count"=>2}
$ kill %1
I need to capture HTTP response coming after the request made.
I have tried with "net/http" gem but it is not giving me full response header.
the code I have tried is
uri = URI("http:/example.com")
res = Net::HTTP.get_response(uri)
res.to_hash
I am getting some response headers but not full headers, I have checked the same request in firebug and it is giving some extra headers what I am getting by my code
Can any one help me out for this to get full HTTP response headers, or any trick to do that by invoking browser.
Maybe this would help: WebDriver: Y U NO HAVE HTTP Status Codes?!
Try this:
uri = URI("http:/example.com")
res = Net::HTTP.get_response(uri)
res.header.to_hash
If you want to get header information, watir is probably the wrong library for you. What problem are you trying to solve?
Not a full answer but more in your direction :)
Impossible using Webdriver (see http://jimevansmusic.blogspot.nl/2012/07/webdriver-y-u-no-have-http-status-codes.html).
Possible solutions:
Use Selenium::Client
Use a proxy
Solution 1 (Selenium::Client):
You can do it using Selenium (also used by Watir Webdriver).
Check here: http://blog.testingbot.com/2011/12/21/capture-network-traffic-with-selenium
require "rubygems"
gem "selenium-client"
require "selenium/client"
gem 'test-unit'
require 'test/unit'
# since this code comes from their site (should not be needed)
gem "testingbot"
require "testingbot"
class ExampleTest < TestingBot::TestCase
attr_reader :browser
def setup
#browser = Selenium::Client::Driver.new \
:host => "hub.testingbot.com",
:port => 4444,
:browser => "firefox",
:version => "8",
:platform => "WINDOWS",
:url => "http://www.google.com",
:timeout_in_second => 60
browser.start_new_browser_session(:captureNetworkTraffic => true)
end
def teardown
browser.close_current_browser_session
end
def test_command
browser.open "/"
p browser.browser_network_traffic
end
end
According to the article this will open Google in Firefox 8 and return the network traffic. An example of a response would be:
"403 GET http://localhost:5555/favicon.ico1333 bytes 94ms
(2011-12-21T15:53:06.352+0100 - 2011-12-21T15:53:06.446+0100
Request Headers - Host => localhost:5555 -
User-Agent => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101
Firefox/8.0.1 - Accept => image/png,image/*;q=0.8,*/*;q=0.5 -
Accept-Language => en-us,en;q=0.5 - Accept-Encoding => gzip, deflate - Accept-Charset => ISO-8859-1,utf-8;q=0.7,*;q=0.7 -
Proxy-Connection => keep-aliveResponse Headers - Date => Wed, 21 Dec 2011 14:53:06 GMT -
Server => Jetty/5.1.x (Windows 7/6.1 x86 java/1.6.0_26 - Content-Type => text/html -
Content-Length => 1333 - Via => 1.1 (jetty)
Solution 2 (Proxy):
Check http://bmp.lightbody.net/ together with https://github.com/jarib/browsermob-proxy-rb.