Issues POSTing XML to OAuth and Signature Invalid with Ruby OAuth Gem - ruby

[Cross-posted from the OAuth Ruby Google Group. If you couldn't help me there, don't worry bout it]
I'm working on integrating a project with TripIt's OAuth API
and am running into a weird issue.
I authenticate fine, I store and retrieve the token/secret for a given
user with no problem, I can even make GET requests to a number of
services using the gem. But when I try using the one service I need
POST for, I'm getting a 401 "invalid signature" response.
Perhaps I'm not understanding how to pass in data to the AccessToken's
post method, so here's a sample of my code:
xml = <<-XML
<Request>
<Trip>
<start_date>2008-12-09</start_date>
<end_date>2008-12-27</end_date>
<primary_location>New York, NY</primary_location>
</Trip>
</Request>
XML`
response = access_token.post('/v1/create', {:xml => xml},
{'Content-Type' => 'application/x-www-form-urlencoded'})
I've tried this with and without escaping the xml string before hand.
The guys at TripIt seemed to think that perhaps the xml param wasn't
getting included in the signature_base_string, but when I output that
(from lib/signature/base.rb) I see:
POST&https%3A%2F%2Fapi.tripit.com%2Fv1%2Fcreate&oauth_consumer_key
%3D%26oauth_nonce
%3Djs73Y9caeuffpmPVc6lqxhlFN3Qpj7OhLcfBTYv8Ww%26oauth_signature_method
%3DHMAC-SHA1%26oauth_timestamp%3D1252011612%26oauth_token
%3D%26oauth_version%3D1.0%26xml%3D%25253CRequest%25253E
%25250A%252520%252520%25253CTrip%25253E%25250A
%252520%252520%252520%252520%25253Cstart_date%25253E2008-12-09%25253C
%252Fstart_date%25253E%25250A
%252520%252520%252520%252520%25253Cend_date%25253E2008-12-27%25253C
%252Fend_date%25253E%25250A
%252520%252520%252520%252520%25253Cprimary_location%25253ENew
%252520York%252C%252520NY%25253C%252Fprimary_location%25253E%25250A
%252520%252520%25253C%252FTrip%25253E%25250A%25253C%252FRequest%25253E
%25250A
This seems to be correct to me.
I output signature (from the same file) and the output doesn't match
the oauth_signature param of the Auth header in lib/client/
net_http.rb. It's been URL-encoded in the auth header. Is this
correct?
Anyone know if the gem is broken/if there's a fix somewhere? I'm finding it hard to trace through some of the code.

Your oauth_token is empty. Not familiar with the protocol, is that ok?
Once you include the correct token, please also remember to use token_secret in the signing.

Related

Requesting An Access Token from Google API Returns 302

I'm trying to get an access token from Google API in my Ruby on Rails app, as part of an overall goal of setting up a raketask. I am able to get an Auth Code fine, but when I make a post request to get an access token, I am getting a 302 error. I'll describe my current code first, and afterward list how I've tried to solve the problem so far.
Current code:
#users_controller
def auth_access
client = Signet::OAuth2::Client.new(
:authorization_uri => 'https://accounts.google.com/o/oauth2/auth',
:token_endpoint_uri => 'https://accounts.google.com/o/oauth2/token',
:client_id => ENV['OAUTH_CLIENT_ID'],
:client_secret => ENV['OAUTH_CLIENT_SECRET'],
:scope => 'https://www.googleapis.com/auth/analytics.readonly',
:redirect_uri => 'http://localhost:3000/google/auth_callback'
)
redirect_to client.authorization_uri.to_s
end
This part works fine so far. It redirects to the consent page, and when the user agrees it then redirects them to the page with the auth code in the url parameters. Next I take that auth code and try to make a POST request to API for an access token:
#users_controller
def auth_callback
http = Net::HTTP.new('accounts.google.com')
path = '/o/oauth2/token'
data = "code=#{params['code']}&client_id=#{ENV['OAUTH_CLIENT_ID']}&client_secret=#{ENV['OAUTH_CLIENT_SECRET']}&redirect_uri=http://localhost:3000/auth_final&grant_type=authorization_code"
response = http.post(path, data)
end
This when I run into a problem. The Google API returns a 302, and includes a message saying something akin to "we moved to 'https://accounts.google.com/o/oauth2/token'".
Here's how I've tried to fix the problem so far:
I assumed that the problem was that the http.post method is making a call to an http and not https.
I've tried including
http.use_ssl = true
http.ssl_version = :SSLv3
This returns the error "SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number".
I can take a guess at what this means, but I am still unsure of what the actual problem is and how to solve it. Googling the error message has not been a help.
In a similar vein, I tried using gems to make the https call for me, in particular HTTParty and Typheous, although I was not able to make any progress with them (and am still not even sure that it's an http/https problem).
I've tried using the Signet-Rails gem. This was the most productive method by far, making a successful API call and returning the information. However, it either wasn't saving the refresh token or I cannot find where it is being saved. As I need access to that token to run the rake tasks, I gave up on Signet-Rails.
I tried using Legato, and was constantly running into various problems. Overall, Legato left me with the impression that it did not integrate getting the auth code, consent and tokens into the app, instead requiring the developer to set those up in advance outside of the app's scope. I want to be able to set up the auth code as part of the app. If I am understanding Legato properly, then it is not the gem I need.
I've also tried other various odds and ends but to no avail. The above solutions were the tactics I kept coming back to. Primarily I'm looking for an answer to what is going wrong in my code, and what is the best avenue to fix it (and if I was going down the right track with any of my attempted solutions above, which one?)
Thanks for taking the time to read this and answer!
(on a complete sidenote, those last three list items should be 2, 3, 4, but the stackoverflow text editor thinks it knows better than me...)
Specify the port:
http = Net::HTTP.new('accounts.google.com', 443)
Source: SSL Error on HTTP POST (Unknown Protocol)

Using Twilio/XML without Rails

I am attempting to write a Twilio script to do voice broadcasting without rails - I would like to be able to run the script straight from my terminal.
I have a very simple script, straight from the twilio-rb gem docs:
# This should be in an initializer or similar
Twilio::Config.setup \
:account_sid => account,
:auth_token => token
Twilio::Call.create :to => '+1234567890', :from => '+0987654321',
:url => xml_file
xml_file is a xml file on my local machine, but it throws this error:
Error #21205: Url is not a valid url
How can I write the above script to operate off of a local xml file? The end goal is strictly to make a phone call, play an audio message, gather a button press and do an action based on the number received. The Twiml XML file should do that for me, if I can get it to work.
EDIT:
When using the dropbox share link, I get this error within the Twilio interface:
'Twilio is unable to process the Content-Type of the provided URL. Please see the Twilio Markup XML Documentation for more information on valid Content-Types.
You must return a Content-Type for all requests. Requests without a Content-Type will appear in the Debugger as a 502 Bad Gateway error.
Having a phone number, outgoing call request or action attribute refer to a non XML or audio resource.
Having a Play verb attempt to play non-audio content, such as XML or text.
Verify that that your web server is returning a Content-Type and it is the expected value
Make sure the URL noted refers to a valid resource'
To make sure, I copied an example I know will work into my XML file:
<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Say voice="man">Hey man! Listen to this!</Say>
<Play>http://foo.com/cowbell.mp3</Play>
<Say voice="man">What did you think of that?!</Say>
<Record action="http://foo.com/handleRecording.php" method="GET" maxLength="20" finishOnKey="*"/>
<Gather action="/process_gather.php" method="GET">
<Say>Now hit some buttons!</Say>
</Gather>
<Say voice="man">Awesome! Thanks!</Say>
<Hangup/>
</Response>
Two ideas to try:
(1) If the file is read locally and sent to the Twilio server, try:
:url => 'file:///path/file.xml'
where
host in //host/ is omitted, yielding three slashes in a row.
path is the full filesystem path to your XML file.
file.xml is the name of your XML file.
(2) If the file must be publicly readable by the Twilio server, try placing it in the cloud somewhere (such as Dropbox) and using the public URL to it there.

Grails Canoo Webtest plugin: invoke() fails to send JSON data in POST request

I'm evaluating Canoo Webtest for automated integration/functional testing as a Grails plugin.
I have a REST app which I'm attempting to test, but Canoo Webtest doesn't seem to properly send the JSON data in POST request. My test code is like below
invoke( description:"Add a product to shopping cart",
url:'shoppingCart/add', method:'POST',
content:'{"class":"shop.service.Product", "name":"A product", "description":"Manufactured by X", "price":99.9}'
//contentFile: '../product.json'
)
The request body is empty no matter whether I use contentFile approach or inline the data as content attribute. The test report shows the data as being sent correctly, but error page shows an error stating 'JSONException: Missing value. at character 0 of '. JSON data as a response of GET request is coming back fine.
I have tested the same functionality with curl and it works perfectly fine. Is there something I'm missing in the Canoo Webtest setup?
Thanks.
EDIT: I'm using Grails 1.3.7 in case that makes any difference
OK. I started to just experiment with the invoke() and seems that setting attribute soapAction value to true does the trick.
I have no clue why this works. The documentation of invoke() for the attribute says
soapAction
Required? no
If the HTTP method is POST and is in fact a SOAP POST request,
this allows the SOAP Action header to be set. Ignored for GETs.
Apparently it sets some needed request header. Haven't checked which one.
Thank you for reading :)
Cannot yet mark this answer as the correct one, but will do so when it's possible.

REST Client Example in Ruby

Can anyone explain me with an example, by using REST Client to do GET/POST/PUT operations in a Rest web service?
In POST/PUT, using REST Client, need to pass the whole xml body to do
POST/PUT operations.
For example, Using REST Client
I need to get the content of a service using,
RESTClient.get(url)
POST an xml to an url:
RESTClient.post(url,entirexml)
PUT an xml to an URL:
RESTClient.put(url,entirexml)
DELETE using REST CLIENT.
Can anyone help me with examples for all the REST Client HTTP METHODS with example?
I need to send the whole XML along with namespace to a rest service using PUT/POST operations of REST Client.
If anyone have examples on this, kindly post then please.
require 'rest-client'
RestClient.get 'http://example.com/resource', {:params => {:id => 50, 'foo' => 'bar'}}
RestClient.get 'http://example.com/resource'
xml = '<xml><foo>bar</foo><bar>foo</bar></xml>'
RestClient.post 'http://example.com/resource', xml , {:content_type => :xml}
RestClient.put 'http://example.com/resource', xml , {:content_type => :xml}
RestClient.delete 'http://example.com/resource'
See more examples and documentation at https://github.com/rest-client/rest-client
The Readme file at the git site for the rest-client gem has a whole bunch of examples of how to do requests, include parameters, etc.
I'd start with that.
If there are specific things that are not working, then it generally helps to post the code you've tried that you think SHOULD be working, and then it's usually easier for people to tell where you are going wrong.

how can I capture response from twitter.com? ( ruby + twitter gem)

how can I capture response from twitter.com? To make sure that everything went ok?
I am using ruby and ruby twitter gem and the my code is basically like that
oauth = Twitter::OAuth.new('consumer token', 'consumer secret')
oauth.authorize_from_access('access token', 'access secret')
client = Twitter::Base.new(oauth)
client.update('Heeeyyyyoooo from Twitter Gem!')
The update twitter api method will send back a response that will let you know if everything went okay. It can respond in either json or xml, I'm sure the twitter gem is using one or the other as a default. You need to save the return value to a variable and parse it, if you have a status id in there then it worked. Try using a token or secret to check what happens when it errors. I would suggest changing your last line to this
ret = client.update('Heeeyyyyoooo from Twitter Gem!')
and then add this line below that to check out what you got back
puts ret.inspect
or
logger.info ret.inspect
or your choice of logging method
[Edit]
It looked like the twitter gem hides the twitter api's actual response from you, parses it for you and just returns you the relevant bits. in the case of the update method it just returns you the id of your new tweet. you can view the id like this
puts ret.id
If you use another library to connect to the twitter api and need to parse xml or json responses then then the rest of this answer may be what you are looking for.
[/Edit]
If you are not using a gem that parses twitter api responses for you then you will need to use something to parse the twitter api's responses into data that you can do something with. There are tons of ways to do this depending on what format you want to parse (json or xml)
My preferences:
XML : Hpricot : gem install hpricot : http://github.com/hpricot/hpricot
json : json : gem install json : http://github.com/flori/json
Here is more information on what the twitter api update method returns: http://apiwiki.twitter.com/Twitter-REST-API-Method:-statuses%C2%A0update
This worked for me...
begin
resp = Twitter.update(params[:message])
rescue Exception => e
# e.message contains the twitter response
end

Resources