I am looking for a ruby HTTP client gem that supports NTLM proxy authentication "natively" - not through cntlm or similar local proxies.
Any hints appreciated.
A little digging unearthed Typhoeus:
require 'typhoeus'
e=Typhoeus::Easy.new
e.url="http://www.google.com/"
e.proxy = {:server => "1.2.3.4:80"}
e.proxy_auth={:username => "user", :password => 'password'}
e.perform
Typhoeus seems to have been repurposed. The libcurl wrapper is now Ethon (https://github.com/typhoeus/ethon).
I've successfully authenticated with an NTLM proxy using Curb (https://github.com/taf2/curb), another libcurl wrapper:
require 'spec_helper'
require 'curl'
describe Curl do
it 'should connect via an ISA proxy' do
c = Curl::Easy.new('http://example.com/') do |curl|
curl.proxy_url = 'http://username:password#localhost:8080'
curl.proxy_auth_types = Curl::CURLAUTH_NTLM
end
c.perform
headers = c.header_str.split("\r\n")
#puts headers.inspect
headers.should include 'X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.19'
end
end
Change your settings and assertion as required.
You can do ntlm with Typhoeus and Ethon - depending how many features you need. Typhoeus has more than Ethon, but Ethon is more powerful as it is more low level.
require 'ethon'
easy = Ethon::Easy.new(
url: "http://www.google.com/",
proxy: "1.2.3.4:80",
proxyuserpwd: "user:password",
proxyauth: "ntlm"
)
easy.perform
Typhoeus accepts the same options:
require 'typhoeus'
request = Typhoeus::Request.new(
"http://www.google.com/",
proxy: "1.2.3.4:80",
proxyuserpwd: "user:password",
proxyauth: "ntlm"
)
request.run
I wrote both code examples without testing them b/c I lack a proxy and with the latest Typhoeus/Ethon versions (which you don't have already according to your example).
Related
I'm using a local server to test an application, and make requests to that server from my own machine.
The test server's SSL is bad, and HTTParty throws errors because of that. From what I read, HTTParty should ignore SSL by default, but when I try to do this:
HTTParty.get( "#{ #settings.api_server }#{ url }" ).parsed_response
It throws this error:
OpenSSL::SSL::SSLError at /
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
How do I make it ignore the SSL?
In the latest HTTParty, you can use the verify option to disable SSL verification;
HTTParty.get( "#{ #settings.api_server }#{ url }", :verify => false ).parsed_response
To make HTTParty always skip SSL cert verification, and not have to specify this in every call:
require 'httparty'
HTTParty::Basement.default_options.update(verify: false)
HTTParty.get("#{#settings.api_ssl_server}#{url1}")
HTTParty.get("#{#settings.api_ssl_server}#{url2}")
HTTParty.get("#{#settings.api_ssl_server}#{url3}")
# ...
You can also do this scoped to a class when including HTTParty as a module:
require 'httparty'
class Client
include HTTParty
default_options.update(verify: false)
end
Client.get("#{#settings.api_ssl_server}#{url1}")
Client.get("#{#settings.api_ssl_server}#{url2}")
Client.get("#{#settings.api_ssl_server}#{url3}")
Or
require 'httparty'
module APIHelpers
class Client
include HTTParty
default_options.update(verify: false)
end
end
World(APIHelpers)
Client.get("#{#settings.api_ssl_server}#{url1}")
Client.get("#{#settings.api_ssl_server}#{url2}")
Client.get("#{#settings.api_ssl_server}#{url3}")
If you want to still send your certificates, use this flag:
verify_peer: false
This may be totally off base, as I'm new to Ruby, but this is what worked for me when other solutions wouldnt
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Additional ways of doing this, if you get a 'dynamic constant assignment' (pulled from here)
OpenSSL::SSL.const_set(:VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE)
I want to access request in the Rack::ResponseHeaders. I am using Sinatra in my app.
Below is my code:
use Rack::ResponseHeaders do |headers|
# Manipulation of request variables.
# Setting request headers.
end
The question is that in order to manipulate variables in request, I need to have the request variable first.
Please suggest.
First thing is, you need to install the gem rack-contrib via rubygems:
$ gem install rack-contrib
This gem contains contributed rack utilities. Then you need to require this gem in your app:
require 'rack/contrib'
It may be enough to only require the response headers utility (not tested):
require 'rack/contrib/response_headers'
Then you can use this utility to tap into the headers, for example:
use Rack::ResponseHeaders do |headers| # tap into headers
unless headers['cache-control'] # if header not set,
headers['cache-control'] = "public, max-age=1800" # set it to ...
end
end
Let me know whether this is working for you.
I have an application that initiates multiple HTTP connections and I would like to add a proxy to all connections.
The application is using net/HTTP, TCP sockets and open-uri so ideally I would like to be able to patch all connections initiated from those libraries instead of adding it manually to each and every location in the code that initiates a connection.
Is there a way to accomplish that (on Ruby 1.9.2)?
Open URI uses the HTTP_PROXY environment variable
Here is an article on how to use it on both windows and unix variants.
http://kaamka.blogspot.com/2009/06/httpproxy-environment-variable.html
you can also set it directly in ruby using the ENV hash
ENV['HTTP_PROXY'] = 'http://username:password#hostname:port'
the net/http documentation says not to rely on the environment and set it each time
require 'net/http'
require 'uri'
proxy_host = 'your.proxy.host'
proxy_port = 8080
uri = URI.parse(ENV['http_proxy'])
proxy_user, proxy_pass = uri.userinfo.split(/:/) if uri.userinfo
Net::HTTP::Proxy(proxy_host, proxy_port,
proxy_user, proxy_pass).start('www.example.com') {|http|
# always connect to your.proxy.addr:8080 using specified username and password
:
}
from http://ruby-doc.org/stdlib/libdoc/net/http/rdoc/classes/Net/HTTP.html
Yes and mechanize does too (this is for the 1.0.0 verison)
require 'mechanize'
url = 'http://www.example.com'
agent = Mechanize.new
agent.user_agent_alias = 'Mac Safari'
agent.set_proxy('127.0.0.1', '3128')
#page = agent.get(:url => url)
I am attempting to use a remote system for user authentication. This chunk of code gets a response when I run it on MacOSX, but fails on my machine:
def create
uri = URI.parse('https://ourclient.example.com/')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new('/login.jsp')
request.set_form_data({'login_name' => params[:login], 'password' => params[:password]})
response = http.request(request)
puts "Response BODY: #{response.body.inspect}"
end
Turning verify off gets rid of a warning on the Macs. On my machine, the http.request raises this exception:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert illegal parameter):
app/controllers/sessions_controller.rb:16:in `create'
I get the same behavior using IRB without Rails. I did a clean install of Fedora 14 yesterday, installed the required development tools and libraries. I'm using Ruby 1.9.2-p180, and Rails 3.0.4. I thought I might have had my libraries misconfigured (I had Fedora 12 that had been upgraded a few times), but this is now a new install.
The remote system is probably Microsoft's IIS, but I'm not certain of that. Perhaps I can use an older SSL protocol, but my Google-fu can't find the incantation.
I would appreciate any tips on resolving this issue. Thanks,
Chris
how was created the ssl cert on the server? self-signed or ca-signed?
which is the error you receive if you remove the VERIFY_NONE?
use Mechanize gem for it
gem install mechanize
and try
require 'mechanize'
page = Mechanize.new{|a| a.ssl_version, a.verify_mode = 'SSLv3', OpenSSL::SSL::VERIFY_NONE}.get "**YOUR HTTPS LINK HERE**"
I am trying to access an HTTPS web service that uses SSL cert authentication using Ruby EventMachine but I am not getting it to work.
I have written the following simple code block to test it end-to-end:
require 'rubygems'
require 'em-http'
EventMachine.run do
url = 'https://foobar.com/'
ssl_opts = {:private_key_file => '/tmp/private.key',
:cert_chain_file => '/tmp/ca.pem',
:verify_peer => false}
http = EventMachine::HttpRequest.new(url).get :ssl => ssl_opts
http.callback do
p http.response_header.status
p http.response_header
p http.response
EventMachine.stop
end
http.errback do
EventMachine.stop
fail "Request failed"
end
end
Running the above outputs <SSL_incomp> followed by the raised RuntimeError message. I have tried running with :verify_peer set to both true and false and it gives me the same error. Running EventMachine::HttpRequest#get without the :ssl option does the same.
I have also tried sending the request to GMail (https://mail.google.com) without the :ssl option (i.e. plain HTTPS without cert) and that works, outputting status code 200, the headers and the body.
I have tried doing the same request to the web service with curl and that works:
curl --silent --cert /tmp/private.key --cacert /tmp/ca.pem https://foobar.com/
I am thinking that I am either using the em-http-request gem or EventMachine incorrectly or that the SSL files are in a format that works with curl but not EventMachine.
I someone knows how to solve the example above or provide a similar example using EventMachine directly would be much appreciated!
The file passed to curl's --cert contains both the cert and the key (unless you pass in a --key separately). Just use /tmp/private.key as the argument to both :private_key_file and :cert_chain_file
See http://github.com/eventmachine/eventmachine/issues/#issue/115 for more details about the issue and a patch that exposes the underlying error (instead of just printing out SSL_incomp).