I made a Authorizing system with SMS which gets number of an application then makes account and with verify code it let user to login. the problem is that when I send data by Retrofit in Kotlin as POST ,it sends no data (None) to server and Django logs show that no data sent for it. I know my Django API is working truly because of that POSTMAN works with it but my Kotlin application doesn't. Here I used APIService "Kotlin Intrface" class like this you see as below:
#FormUrlEncoded
#POST("v1/register/")
suspend fun RegisterRequest(
#Field("mobile") mobile: String
):Response<Reply>
I expected to see in logs that data sends for server but it doesnt work.
Also maybe you say that it needs Header but no ,cuz of I tried to set header for it also its Register and doesn't need token or anything like this and there's no persmission for it in server side.
Related
I'm currently trying to make an account signup page for a small project I'm working on and I don't know how to send data back to the server (I'm using the Flask framework) without also allowing everyone to send data. Let's say that I've set up an API endpoint on /createAccount. I can then send POST requests to that endpoint: {"username": "test", "password": "test"}. The web server will then handle that request by inserting that data into a database and responding with 201. The problem is, anybody would be able to send these requests, and I only want users to be able to register through the login page, and not by making an API call. Is there any way of doing this?
Edit: I've given this problem a bit more thought and I think that the only API that is difficult to secure is the signup API. When a user has created an account, I can just assign them an API key, which they will send to the API every time they want to make a request, which means that an account is required to make API calls. If a certain key is making too many requests, they can be rate limited or temporarily banned from making further requests. The problem with the signup API however, is that there is no information by witch a request sender could be identified. I could use the IP address, but that can be changed and wouldn't really help if multiple IPs are spamming the API at the same time. Is there a way I can identify non-registered users?
Short answer: no.
You have to check data to make sure the account being created is something legit and not trash data to fill your database or any other malicious intents.
This is the reason you usually have to confirm an account clicking on a confirmation link sent to your mail: this way the app is sure that your account is legit.
You could also check info on the front end, but that is never as secure as back end checking, because of your concern in the question: in the end, anyone who gets to know your endpoints could potentially send direct requests to your server with whatever data they wanted.
Assuming you have a trusted source of registrations, an if that source can make an ssh connection to the server where your Flask app is running, an alternative to trying to lock down a registration API is to provide a command line script to do the registration.
The trusted source does something like
ssh someuser#youripaddress /path/to/register.py "username" "password" "other info"
If you use a Flask custom command you can share model definitions db configuration.
Hi I'm setting up a chatbot using dialogflow, what I want is to integrate dialogflow with django so that a search function in the django server is executed and the result of the research is passed to the chatbot, I made a webhook to the django server in dialogflow using the url "https://0e3c393b.ngrok.io/webhook" but I dont know how make a webhook receiver in django, Any recommendations ?
You should treat it like any other endpoint on django, you will get a request from Dialogflow with a JSON content body, and you will need to reply back with JSON in a specific format. When you want the search behaviour on the chatbot, at that specific intent or flow, have the action be to use a webhook request.
You can find more information here.
https://dialogflow.com/docs/fulfillment/how-it-works
how can I start receiving and parsing callback api's responds in further with Django server?
I wanna setup my DRF server to start working with JIRA webhooks, but also it might be useful for other apis such as telegram and etc. In this case I need to provide them my server's url where I would expect new events/data, but atm I don't realise what it means exactly. Where do I need to start digging in?
Not sure about the apis you are talking about but if the api sends some callbacks you'll give them a url, mysite.com/whatever
make your url config like normal
and in your view you can parse the result
def my_callback_view(request):
# assuming it's a POST request
data = request.POST
... do whatever with the data
I try to add an event in my calendar by an installed application.
The problem: I didn't get the success-code to change for an access token.
My request seems like following:
accounts.google.com:80/o/oauth2/auth?scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=73561***.apps.googleusercontent.com
If i send this request at the browser it works. Like the example.
But i wanted my application to do everything for me. That means, that the User only give his login dates and he is able to add as an example an event. Without giving the agreement. Well, if my application send the same request i get an answer: "moved temporarily". But i need the key (success code) from the title bar.
I should add, that i use c++ so i can't use the Google Api. Therefore, i use cURL to send my request.
Anyone able to help me?
I implemented a batch job which makes a webservice call within the same salesforce instance, which then is supposed to send emails with a pdf attachment,
since you cannot send pdf attachments directly from a batch job. My webservice call looks like this:
public static void callOut(List ids){
InvoiceAttachmentConnector.InvoiceAttachmentService ws = new InvoiceAttachmentConnector.InvoiceAttachmentService();
ws.SessionHeader = new InvoiceAttachmentConnector.SessionHeader_element();
ws.SessionHeader.sessionId = UserInfo.getSessionId();
ws.handleInvoicePdfAttachment(ids);
}
However in batch jobs UserInfo.getSessionId() returns null, therefore i get a INVALID_SESSION_ID exception.
How can i log in to get a SessionId? So far I found no solution to login from salesforce to salesforce. If u can help I would appreciate it! Thanks!
You cannot get a session Id like this in batch apex as it runs under the system context and so has no specific user info for retrieval.
UPDATE:
You have the following options:
Try running the web services wsdl from your Salesforce org through the wsdl to apex generator in your org to generate some classes that may allow you to login. You are only allowed one web service request per execute call.
You could create a sites page that you make a HTTP get request to in your batch apex. This needs to retrieve the Ids of the items you want to send the PDFs for and a particular user to run as for you to use the System.runAs(user) method. You could pass these parameters in the HTTPRequest header or in a custom setting.
Note that neither of these solutions are ideal, you may want to reconsider why you are using Batch apex first of all and see whether you could reimplement it in a different way.