Timber.io + Django + Heroku | How to only display application logs - django

I have a Django application running on Heroku with a drain sending logs to my Timber.io source.
Currently, my Timber.io logs display:
The logs that I wrote in my app to display (All I want)
app logs
heroku logs
Here is a link to what a section of my Timber.io logs look like. Notice how there are app web.1 and heroku router logs.
I don't want any other logs other than the ones I write in my Django application.
Django code:
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
timber_handler = timber.TimberHandler(
source_id=config('TIMBER_SOURCE_ID'),
api_key=config('TIMBER_API_KEY'),
level=logging.DEBUG
)
logger.addHandler(timber_handler)
...
logger.warning('A user has navigated to the homepage') # To reiterate, logs like this are all I want to display in my Timber.io logs.
I have sent a few emails posing this question to Timber.io's support email. But, after a week, I haven't received a response.
This is my first question so I apologize if I did something incorrectly. Thanks in advance for responses.

What about defining a custom debug logger
my_logger.py
import logging
logger = logging.getLogger("my_logger")
logger.setLevel(logging.INFO)
timber_handler = timber.TimberHandler(
source_id=config('TIMBER_SOURCE_ID'),
api_key=config('TIMBER_API_KEY'),
level=logging.DEBUG
)
logger.addHandler(timber_handler)
Views.py:
from my_logger import logger as debug_logger
debug_logger.warning('A user has navigated to the homepage')
Edit:
Looking at their documentation, you can filter on the Timber Side as well.
In your shell issue the following curl command:
Replace YOUR_API_KEY with your actual API key.
Replace YOUR_ORGANIZATION_ID with your Timber organization ID.
Replace FILTER_NAME with the name of your filter (ex: "Drop health check logs")
Replace MATCH with the sub-string that your logs must contain to qualify dropping.
Replace SOURCE_ID with the ID of the relevant source. Add as many as you like.
curl https://api.timber.io/log_filters \
-s \
-X POST \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '
{
"organization_id": "YOUR_ORGANIZATION_ID",
"name":"FILTER_NAME",
"match":"MATCH",
"source_ids": ["SOURCE_ID"]
}
' \
| jq

Related

Why is the list of spaces of my Confluence wiki empty?

I have a Confluence wiki with over 1000 spaces. I try to retrieve the list of spaces of my Confluence wiki using the curl query:
curl -D -u user:password -X GET \
-H "Content-Type: application/json" https://[hostname]/rest/api/space
It returns an empty list of spaces:
{"results":[],"start":0,"limit":25,"size":0,
"_links":{"self":https://[hostname]/rest/api/space,
"e":https://[hostname],"context":""}}
What could be the issue?
https://developer.atlassian.com/cloud/confluence/rest/api-group-space/#api-wiki-rest-api-space-get states:
Note, the returned list will only contain spaces that the current user has permission to view.
That was indeed a permission issue: the account used to make the curl query had no permission for any spaces.

Reset password by using cURL restAPIs in wso2 IS

In wso2-IS 5.11, trying Update Password Operation through cURL restAPI command.
I got reset password mail notification for below curl request,
$ curl -X POST -k -H "Authorization: Basic YWRxxxx=" -H "Content-Type: application/json" -d '{"user": {"username": "John","realm": "PRIMARY"},"properties": []}' "https://localhost:9445/api/identity/recovery/v0.9/recover-password?type=email&notify=true"
but instead of reset the password in reset-password-window , I need to pass the reset password values through cURL same like this, but this also requires Confirmation keycode with validity period and this is availlable in IDN_RecoveryDataTable as per this doc, so where this "IDN recovery data table" find out.? and shall I use same operation? or need to try some different use cases like , active and inactive user via cURL RestAPI ,and 3rd case Invalid password.
It seems you are following the blog [1] and referring to ii) Update Password step.
IDN_RECOVERY_DATA is a table of the identity database where WSO2IS stores information about the recovery flow. But you don't have to worry about the data stored in the database.
If you are just trying to change the password of a user without sending an email, you can use SCIM APIs.
Following is an example to update the password of a user when the existing password is provided.
curl -X PATCH 'https://localhost:9443/scim2/Me' \
-H 'accept: application/scim+json' \
-H 'Content-Type: application/scim+json' \
-H 'Authorization: Basic {base64(username:currentPassword)}' \
-d '{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "replace", "value": { "password": "newPassword" } } ]}'
If you want to send an email and void WSO2 UIs for creating the new password, you can change the email template to redirect the user to your UI once the user clicks the link in the email. Then use the confirmation code included in that link to invoke the password set-password API. The document [2] has information on the APIs related to the account recovery, available in WSO2 Identity Server 5.11.0.
For locking or disabling a user, you can use the SCIM APIs to patch the relevant user attributes.
[1] https://medium.com/#isurakarunaratne/password-recovery-wso2-identity-server-b80abe2bcc61
[2] https://docs.wso2.com/display/IS511/apidocs/account-recovery/

Receiving Invalid Grant Type Error Received From AWS Cognito When Supply Auth Code : How do I get Id and access tokens for testing?

I am unable to successfully acquire an id token/access token from my AWS cognito user pool when I supply an auth code. I have written a shell script (see below), and receive invalid_grant back from the server.
I have encoded the base64 Authorization Basic header for client_id:client_secret generated with python as:
import base64
encode='my_client_id_string:my_client_secret_string'
base64.b64encode(encode)
#!/usr/bin/env sh
curl --location --request POST 'https://<domain>.auth.us-east-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <base64 encode string client_id:client_secret>' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=<client_id from app settings' \
--data-urlencode 'code=<code received from redirect url to my localhost app endpoint>' \
--data-urlencode 'redirect_uri=http://localhost:8000/my_redirect'
Any ideas?
Solved it!
The problem was caused by an invalid client id. I had supplied a typo for the client id value!

{"error":"invalid_token","error_description":""} (Podbean api)

I am trying to use Podbean api in my Django application. As per the document provided, I am authenticating my app. I have followed all the steps but when I try to run the following code in terminal I get error:
curl -u username:password \
https://api.podbean.com/v1/oauth/debugToken \
-G -d 'access_token=t4dfcgf7eb2ba65a289a6e8a8993cb9785e877y4'
Error:
{"error":"invalid_token","error_description":""}
I have checked all my credentials and they are correct. What is the problem here?
Finally found out the mistake:
client_id = App ID
client_secert = App Secret
I was writing 'username' and 'password' for 'client_id' and 'client_secret'

django | class based views | user passwords not working using curl [duplicate]

I've a few APIs I'd like to test with cURL. I tried doing a GET as follows:
curl --user username:password --request GET http://my_domain/get_result/52d6428f3ea9a008358ad2d8/
On the server, it showed a '302' (which means redirection, right?). I'm guessing it redirected to the 'login/' page.
What is the proper way of getting this done?
Edit: I tried:
curl -c cookies.txt -b cookies.txt -L -d #login_form.txt http://my_domain/login/
where login_form.txt contains "username=username&password=password&this_is_the_login_form=1". Doesn't work. No cookies.txt files generated. And no login happening. Can you tell me how you achieve login to Django using cURL?
Here is a fully coded answer. The idea of the solution is:
you have to first visit the login page with GET to get the cookies file generated,
then parse the CSRF token out of the cookies file
and do the login using a POST request, passing the data with -d.
Afterwards you can perform any request always using that CSRF token in the data ($DJANGO_TOKEN) or with a custom X-CSRFToken header. To log out simply delete the cookies file.
Note that you need a referer (-e) to make Django's CSRF checks happy.
LOGIN_URL=https://yourdjangowebsite.com/login/
YOUR_USER='username'
YOUR_PASS='password'
COOKIES=cookies.txt
CURL_BIN="curl -s -c $COOKIES -b $COOKIES -e $LOGIN_URL"
echo -n "Django Auth: get csrftoken ..."
$CURL_BIN $LOGIN_URL > /dev/null
DJANGO_TOKEN="csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//')"
echo -n " perform login ..."
$CURL_BIN \
-d "$DJANGO_TOKEN&username=$YOUR_USER&password=$YOUR_PASS" \
-X POST $LOGIN_URL
echo -n " do something while logged in ..."
$CURL_BIN \
-d "$DJANGO_TOKEN&..." \
-X POST https://yourdjangowebsite.com/whatever/
echo " logout"
rm $COOKIES
I have a slightly more secure version of this code, which uses a file for submitting the POST data, as a Gist on GitHub: django-csrftoken-login-demo.bash
Interesting background reading on Django's CSRF token is on docs.djangoproject.com.
Passing username:password in a curl request is only good for HTTP Authentication, which isn't how most websites do auth these days. Instead, you'll have to post to the login page, get the cookie, then pass it back when requesting your desired page.
Actually #Paterino answer is correct but it will not work on every implementation of sed. Instead sed 's/^.*csrftoken\s*//') we can use sed 's/^.*csrftoken[[:blank:]]*//') which is more old fashioned. MacOSXs curl doesn't use escaping, so \n\t\s don't work at all.
To use the token with a get request, use
$CURL_BIN \
-H "$DJANGO_TOKEN" \
-X GET https://yourdjangowebsite.com/whatever/
I tried using -d with -X GET, however it resulted in weird socket behaviour on the server side (Heruko H18 errors).
I'm using Django 4.1.2 and trying the #Paterino method found a couple of changes to make it work (but i have not enogh reputation to comment so wrote another answer).
Firstly, if the generated cookies.txt file is empty you have to ensure than csrf cookie is generated. I achieved this using django.views.decorators.csrf.ensure_csrf_cookie in django.contrib.auth.views.LoginView
Now, after login cookies.txt changes, so you have to recalculate DJANGO_TOKEN variable in the same way:
DJANGO_TOKEN="csrfmiddlewaretoken=$(grep csrftoken $COOKIES | sed 's/^.*csrftoken\s*//')"
From here the method doesn't change.
the accepted answer, until now(2022-12-19), has 2 issues:
misses updating DJANGO_TOKEN after login (since a new csrftoken cookie is returned after login)
doesn't include an example with a POST request (moving the csrftoken to a header) where -d already contains some payload
here is my version dealing with both:
# user and password from `./manage.py createsuperuser`
YOUR_USER='user'
YOUR_PASS='pass'
COOKIES=cookies.txt
LOGIN_URL=http://localhost:8000/admin/login/
# stores csrftoken cookie on cookies.txt
curl -s -c $COOKIES $LOGIN_URL > /dev/null
TOKEN_VALUE="$(grep -oP '(?<=csrftoken[[:space:]]).*' cookies.txt)" # https://stackoverflow.com/a/10358949/3026886 https://stackoverflow.com/a/4233691/3026886
# logs in, updating csrftoken and adding sessionid cookies
curl -b $COOKIES -c $COOKIES -d "csrfmiddlewaretoken=$TOKEN_VALUE&username=$YOUR_USER&password=$YOUR_PASS" $LOGIN_URL
# updates var env with new cookie
TOKEN_VALUE="$(grep -oP '(?<=csrftoken[[:space:]]).*' cookies.txt)"
# here comes the real request
curl -s -X POST -b $COOKIES -d "{\"a\":1}" -H "X-CSRFToken: $TOKEN_VALUE" http://localhost:8000/yourViewReceivingJsonPayload/ > /dev/null
rm cookies.txt