In my Sinatra app, I've created the following middleware to ensure the incoming request contains the parameter "token" in the query string
class CheckMandatoryParams
def initialize(app)
#app = app
end
def call(env)
# Get token from query string
h = Hash[*env["QUERY_STRING"].split('&').map {|s| s.split('=')}.flatten]
token = h["token"]
# Do not authorize request unless both parameters are not null
if token.nil? then
Log.instance.error("CheckMandatoryParams - token not provided")
[401, {"Content-Type" => "text/plain", "Content-Length" => body.length.to_s}, ["Unauthorized"]]
else
Log.instance.debug("CheckMandatoryParams - token provided")
#app.call(env)
end
end
end
In the case the params exists, the next app is calls and everything goes fine.
In the case the params is not in the query string, the response is not sent, I receive a huge html file indicating an error at the line ' [401, {"Content-Type" => "text/plain", "Content-Length" => body.length.to_s}, ["Unauthorized"]]' but I cannot figure out what is wrong.
Any idea?
UPDATE
This is working better like that :)
body = "Unauthorized"
[401, {"Content-Type" => "text/plain", "Content-Length" => body.length.to_s}, [body]]
I did not manage to retrieve the param with the following code though:
request = Rack::Request.new(env)
token = request.params["token"]
It looks like the "body" variable may be undefined. One possible way to rewrite your code would be as follows:
class CheckMandatoryParams
def initialize(app)
#app = app
end
def call(env)
request = Rack::Request.new(env)
token = request.params["token"]
if token.nil?
[401, {"Content-Type" => "text/plain", "Content-Length" => request.body.length.to_s}, ["Unauthorized"]]
else
#app.call(env)
end
end
end
Related
I've got pure Ruby app where I want to create request to external API. To do so I'm using standard Ruby Net::HTTP like below:
require 'net/http'
require 'uri'
class Api
BASE_URI = 'https://staging.test.com'
WORKFLOW = 'tests'
QUIZ_PATH = "/v3/accounts/workflows/#{WORKFLOW}/conversations"
def initialize(payload:)
#payload = payload
end
def post_quiz
handle_response(Net::HTTP.post_form("#{BASE_URI}#{QUIZ_PATH}", options))
end
attr_reader :payload
private
def options
{
basic_auth: basic_auth,
body: payload.to_json,
headers: headers
}
end
def basic_auth
{
username: Settings.ln_username,
password: Settings.ln_password
}
end
def headers
{
'User-Agent' => 'Mozilla/5.0',
'Accept-Language' => 'en-US,en;q=0.5',
'Content-Type' => 'application/json'
}
end
def handle_response(response)
return response.body if response.success?
end
end
But instead of response I'm getting an error:
NoMethodError: undefined method `user' for #String:0x00007f80eef9e6f8
Did you mean? super
/Users/usr/.rvm/rubies/ruby-2.7.0/lib/ruby/2.7.0/net/http.rb:527:in `post_form'
I don't have any user there, what is it?
Net::HTTP.post_form is used to send FormData pairs - its not what you want to send JSON and it doesn't even allow you to send headers (You're actually putting them in the request body!).
If you want to send a POST request with HTTP Basic auth and custom headers and JSON body you need to create the request object manually:
require 'net/http'
require 'uri'
class Api
BASE_URI = 'https://staging.test.com'
WORKFLOW = 'tests'
QUIZ_PATH = "/v3/accounts/workflows/#{WORKFLOW}/conversations"
attr_reader :payload
def initialize(payload:)
#payload = payload
end
def post_quiz
url = URI.join(BASE_URI, QUIZ_PATH)
request = Net::HTTP::Post.new(url, headers)
request.basic_auth = Settings.ln_username, Settings.ln_password
request.body = #payload.to_json
# open a connection to the server
response = Net::HTTP.start(url.hostname, url.port, use_ssl: true) do |http|
http.request(request)
end
handle_response(response)
end
private
def headers
{
'User-Agent' => 'Mozilla/5.0',
'Accept-Language' => 'en-US,en;q=0.5',
'Content-Type' => 'application/json'
}
end
# How to respond from an API client is a whole topic in itself but a tuple or hash might
# be a better choice as it lets consumers decide what to do with the response and handle stuff like logging
# errors
def handle_response(response)
# Net::HTTP doesn't have a success? method - you're confusing it with HTTParty
case response
when Net::HTTPSuccess, Net::HTTPCreated
response.body
else
false
end
end
end
Here is the source code that raises the error:
def HTTP.post_form(url, params)
req = Post.new(url)
req.form_data = params
>> req.basic_auth url.user, url.password if url.user
start(url.hostname, url.port,
:use_ssl => url.scheme == 'https' ) {|http|
http.request(req)
}
end
From the docs:
post_form(url, params)
Posts HTML form data to the specified URI object. The form data must be provided as a Hash mapping from String to String.
That means Net::HTTP.post_form(URI("#{BASE_URI}#{QUIZ_PATH}"), options) fixes it. You are currently sending a string as url instead of a URI.
I'm new to Box Api and ruby. I am trying trying refreshing token, but I'm not sure about what is token_refresh_callback in the below code
client = Boxr::Client.new('zX3UjFwNerOy5PSWc2WI8aJgMHtAjs8T',
refresh_token: 'dvfzfCQoIcRi7r4Yeuar7mZnaghGWexXlX89sBaRy1hS9e5wFroVVOEM6bs0DwPQ',
client_id: 'kplh54vfeagt6jmi4kddg4xdswwvrw8y',
client_secret: 'sOsm9ZZ8L8svwrn9FsdulLQVwDizKueU',
&token_refresh_callback)
Also, once my access token is expired, does this method revoke the token?
Thanks for the help!
Using the Access and Refresh Tokens
The access_token is the actual string needed to make API requests.Each access_token is valid for 1 hour.In order to get a new, valid token, you can use the accompanying refresh_token.Each refresh_token is valid for one use in 60 days.Every time you get a new access_token by using a refresh_token,
we reset your timer for the 60 day period and hand you a new refresh_token.
This means that as long as your users use your application once every 60 days, their login is valid forever.
In box_api_controller.rb file
def make_request
#Check access token expire or not.
check_access_token_expire = check_access_token_expire_dt
if check_access_token_expire.split("-")[0] == "access_token"
#Create client by passing Token
#box_client = Boxr::Client.new(check_access_token_expire.split("-")[1])
cookies[:token] = check_access_token_expire.split("-")[1]
else
if check_access_token_expire.split("-")[0] == "refresh_token"
#Call method
create_post_req_url("refresh_token","refresh_token",check_access_token_expire.split("-")[1])
else
# kick off authorization flow
parameters = "response_type=code&client_id=<your client id>&redirect_uri=<your application url>/handle_user_decision/&state=security_token"
url = "https://account.box.com/api/oauth2/authorize?#{parameters}"
redirect_to url
end
end
end
After authorized the client id, get code in response
def handle_user_decision
# kick off authorization flow
#Get authorization code
code_url = Rack::Utils.parse_query URI(request.original_url).query
code = code_url["code"]
#Call method
create_post_req_url("authorization_code","code", code)
end
Create Post Url
def create_post_req_url(grant_type,header, code)
#Set oauth2 url
uri = URI.parse("https://api.box.com//oauth2//token")
#Passing parameter
data = "grant_type=#{grant_type}&#{header}=#{code}&client_id=<your client id>&client_secret=<your client secret key>"
#Set header
headers = {"Content-Type" => "application/x-www-form-urlencoded"}
#Get http request
http = Net::HTTP.new(uri.host,uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
#Do post the URL
response = http.post(uri.path,data.to_s,headers)
#Check response
if response.code != "200"
flash[:alert] =":#{response.code} #{JSON.parse(response.body)}"
else
#flash[:alert] ="#{response.body.to_json}"
parsed = JSON.parse(response.body) # returns a hash
token = parsed["access_token"]
cookies[:token] = nil
cookies[:token] = token
if grant_type == "authorization_code"
#Insert BOX access token details
user = "<your drive user name>"
insert_access_token(user, token, parsed["refresh_token"], Time.now)
else
if grant_type == "refresh_token"
#Update BOX access token
updt_access_token(user, token, code, parsed["refresh_token"], Time.now)
end
end
redirect_to box_api_index_path
end
end
Check access token expire or not
def check_access_token_expire_dt
#access_token_time = BoxApiAccessToken.getaccesstokentime
if !#access_token_time.blank?
#access_token_time.each do |token_details |
if token_details.access_token_dt != nil
if token_details.new_access_token_dt.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M') < Time.now.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M')
check_access_token_expire_dt = "refresh_token-#{token_details.refresh_access_token}"
return check_access_token_expire_dt
else
check_access_token_expire_dt = "access_token-#{token_details.access_token}"
return check_access_token_expire_dt
end
else
check_access_token_expire_dt = "new_token-req_new_token"
return check_access_token_expire_dt
end
end
else
check_access_token_expire_dt = "new_token-req_new_token"
return check_access_token_expire_dt
end
end
In Model
def insert_access_token(user,access_token,refresh_access_token,access_token_dt)
#box_access_token = BoxApiAccessToken.new(
:user => user,
:access_token => access_token,
:refresh_access_token => refresh_access_token,
:access_token_dt => access_token_dt)
#Save User Device Data
#box_access_token.save
end
#Update access_token,refresh_access_token,access_token_dt details in DB
def updt_access_token(user,access_token, refresh_access_token,new_refresh_access_token,access_token_dt)
##box_access_token_updt = BoxApiAccessToken.find_refresh_access_token(refresh_access_token)
#box_access_token_updt = BoxApiAccessToken.find_by_refresh_access_token(refresh_access_token)
attributes = {:access_token => access_token,:access_token_dt => access_token_dt, :refresh_access_token => new_refresh_access_token, :updated_at => access_token_dt}
#Update the object
#box_access_token_updt.update_attributes(attributes)
end
In index.html.erb
<%= form_tag(:controller => "box_api", :action => 'make_request') do |f| %>
<div class="form-group"><%= submit_tag("Box Login", class: "btn btn-primary") %></div><% end %>
I just want to want to request an access token and then after it expires refresh it using refresh token and cycle. How do you think i can do it?
class WorkoutScreen < PM::WebScreen
title "Workouts"
def content
#response
end
def on_load
set_nav_bar_button :left, title: "Menu", action: :nav_left_button
end
def load_started
#response = ''
BubbleWrap::HTTP.get("my_url", {async: false, :headers => { "User-Agent" => "value"}}) do |response|
#response = response.body.to_str
end
end
def nav_left_button
app_delegate.menu.show(:left)
end
end
I need to send HTTP request with specific header, but content always nil . I have checked response by sniffer - everything is Ok.
If I do this way
class WorkoutScreen < PM::WebScreen
title "Workouts"
def content
#response = ''
BubbleWrap::HTTP.get("my_url", {async: false, :headers => { "User-Agent" => "value"}}) do |response|
#response = response.body.to_str
end
#response
end
I see
eb_screen_module.rb:50:in `set_content:': Is a directory - read() failed (Errno::EISDIR)
exception
NSUserDefaults.standardUserDefaults.registerDefaults({UserAgent: "value"})
Found solution myself
I have been following a tutorial on GitHub Pages and
I am trying to pass an Apikey to a webservice as basic auth 'apiKey' => 'huda7da97hre3rhr1yrh0130409u1u' for example but I cannot work out how to implement it into the method, or even if that is the proper place for it.
I have a class called connection with my request method in it. I need to post 'apiKey' as header and not in the body. I have read the ruby docs but I cannot work out how to apply it to this specific class.
require "net/http"
require "uri"
require "ostruct"
require "json"
class Connection
ENDPOINT = "http://localhost"
APP_LOCATION = "/task_manager/v1/"
VERB_MAP = {
:get => Net::HTTP::Get,
:post => Net::HTTP::Post,
:put => Net::HTTP::Put,
:delete => Net::HTTP::Delete
}
def initialize(endpoint = ENDPOINT)
uri = URI.parse(endpoint)
#http = Net::HTTP.new(uri.host, uri.port)
end
def get(path, params)
request_json :get, path, params
end
def post(path, params)
request_json :post, APP_LOCATION + path, params
end
def put(path, params)
request_json :put, path, params
end
def delete(path, params)
request_json :delete, path, params
end
private
def request_json(method, path, params)
response = request(method, path, params)
body = JSON.parse(response.body)
OpenStruct.new(:code => response.code, :body => body)
rescue JSON::ParserError
response
end
def request(method, path, params = {})
case method
when :get
full_path = encode_path_params(path, params)
request = VERB_MAP[method.to_sym].new(full_path)
else
request = VERB_MAP[method.to_sym].new(path)
request.set_form_data(params)
end
#http.request(request)
end
def encode_path_params(path, params)
encoded = URI.encode_www_form(params)
[path, encoded].join("?")
end
end
If I post to the server using Advanced Rest Client and put the apikey in the
http://localhost/task_manager/v1/tasks?=
header
Authorization: 9c62acdda8fe12507a435345bb9b2338
and in the body
email=free%40mail.com&password=free&task=test
then I get
{
error: false
message: "Task created successfully"
task_id: 5
}
So how can I post it using this class?.
connection = Connection.new
result = connection.post("task", {'task' => 'task'})
Basic Authentication example:
req = Net::HTTP::Get.new(uri)
req.basic_auth 'user', 'pass'
http://docs.ruby-lang.org/en/trunk/Net/HTTP.html#class-Net::HTTP-label-Basic+Authentication
Or if you want to add a raw Authorization header in your request method you can do
request.add_field 'Authorization', 'huda7da97hre3rhr1yrh0130409u1u'
But basic authentication normally means that there is a user name and a password. With your API key - I am not sure you actually need basic authentication. I do not know what you API actually requires but if you have not tried it yet you can try sending the api key as an additional parameter
result = connection.post("register", {'email' => email, 'name' => name, 'password' => password, 'apiKey' => 'huda7da97hre3rhr1yrh0130409u1u' })
I am trying to log in with HTTParty.
I followed the instruction and still can't get it to work.
require 'rubygems'
require 'httparty'
class LAShowRoom
include HTTParty
base_uri 'www.lashowroom.com'
#debug_output
def initialize email, password
#email = email
response = self.class.get('/login.php')
response = self.class.post(
'/login.php',
:body => { :login_id => email, :login_key => password, :submit_login => 'Log In' },
:headers => {'Cookie' => response.headers['Set-Cookie']}
)
#response = response
#cookie = response.request.options[:headers]['Cookie']
end
def login_response
#response
end
def welcome_page
self.class.get("/announce.php", :headers => {'Cookie' => #cookie})
end
def logged_in?
welcome_page.include? "Kevin"
end
end
la_show_room = LAShowRoom.new('my_email', 'my_password')
puts "Logged in: #{la_show_room.logged_in?}"
As far as I know, HTTParty handles https automatically.
Am I missing something?
Thanks.
Sam
Yes, HTTParty handles HTTPS automatically, but you still need to declare HTTPS. Try
base_uri 'https://…'
How else is HTTParty supposed to know? ;-)