I am trying to login using swagger-ui and connexion.
To do this, I go through the login, get a token. I substitute this token in the header. I'm authorizing (it seems like it was successful as say swagger-ui), but when I try to make a request, I get an error
AttributeError: 'NoneType' object has no attribute 'get'.
Looking at the source code - this method is here - https://github.com/zalando/connexion/blob/master/connexion/security/security_handler_factory.py#L339
Apparently, this is due to the fact that auth_funcs = []
Although there is a title in the request itself. If you test through postman, everything is fine too.
openapi.yml
paths:
/articles/catalog/article/<article_id>/note/add:
post:
security:
- bearerAuth: []
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
I am using stubby for my application and I have to send the string DW3e62y6%2FvCAE%2Fhx%2F3z4eRuVG%2FIy0XdvxUDBNsfCRn2c8AHw60L%2F3A%3D%3D for query param of my request. But stubby is not returning response with this query param having %
- request:
url: ^/myendpoint.php$
method: POST
query:
codeValue: "DW3e62y6%2FvCAE%2Fhx%2F3z4eRuVG%2FIy0XdvxUDBNsfCRn2c8AHw60L%2F3A%3D%3D"
response:
status: 200
If I remove the query param from this code, the response is 200. But I need this query param too. Is there any way to achieve this
Maybe you can try proxy_pass nginx docs.
I'm running a flask api and I want to write some tavern tests for it. I use a basic base64 encode for the username and password that I send in the header when making requests which works fine on the API but I can't seem to get it to work for tavern.
stages:
- name: login
request:
url: url
method: GET
headers:
Authorization: Basic aGVsbG9zdGFja292ZXJmbG93
accept: application/json
response:
My api keeps refusing the authorization and without the Basic tag it doesn't recognize the format. Here is the flask authorization logic:
try:
api_key = base64.b64decode(api_key)
username, password = api_key.split(':')
if password == users[username]:
user = User(username)
return user
except TypeError:
current_app.login_manager.unauthorized()
All help/suggestions are appreciated
There's documentation on this feature here: https://taverntesting.github.io/documentation#http-basic-auth
Am integrating Wagtail and Google Analytics with the app wagalytics gives me /admin/analytics/token/ 500 () and the settings i used as indicated on the ReadMe
GA_KEY_FILEPATH = 'project-6408cf73f290.json'
GA_KEY_CONTENT = 'key content'
GA_VIEW_ID = 'ga:173531812'
Kindly where am i going wrong ?
This is the only error shown when i put the JSON key contents with GA_KEY_CONTENT = '{"type": "service_account",...'
AttributeError at /admin/analytics/token/
'dict' object has no attribute 'replace'
Request Method: GET
Request URL: http://127.0.0.1:8000/admin/analytics/token/
Django Version: 1.11.11
Exception Type: AttributeError
Exception Value:
'dict' object has no attribute 'replace'
The value of GA_KEY_CONTENT should be the contents of your JSON key, not a reference to the location.
I use the getCookie function from the django documentation to get the csrfmiddlewaretoken value.
I have the following ajax call:
var url = reverse_removeprofile.replace(/deadbeef/, key);
$.ajax({
type: "DELETE",
url: url,
data: "csrfmiddlewaretoken=" + getCookie("csrftoken"),
success: function() { ... },
});
When this code gets executed then django raises a 403 exception telling me that the CSRF verification failed. However, if I change the type from DELETE to POST then django is happy about it and doesn't complain at all.
I was not really able to find something useful in Google about this, but I've found this (now closed and fixed) ticket: https://code.djangoproject.com/ticket/15258
If I understand it correctly then this issue has been fixed in the 1.4 milestone. I use django 1.4 but still I cannot verify the CSRF token with a DELETE request.
Am I missing something here?
This appears to be a jQuery bug, caused by some confusion as to whether DELETE data should be attached to the URL (like a GET request) or the request body (like a POST)
See this bug report.
You can probably get around this by using the alternative CSRF method for AJAX calls, setting an X-CSRFToken header on the request. Try changing your AJAX call to look like this:
$.ajax({
type: "DELETE",
url: url,
beforeSend: function(xhr) {
xhr.setRequestHeader("X-CSRFToken", getCookie("csrftoken"));
},
success: function() { ... },
});
Please note, when it comes to DELETE requests DJango does not check for csrfmiddlewaretoken in the request body. Rather it looks for X-CSRFToken header
Coming to working of DJango CSRFMiddleware you can see the source code of django > middleware > csrf.py > CsrfViewMiddleware in which it is very clear that DJango does not scan for csrfmiddlewaretoken in request body if the request is of DELETE type:
# Check non-cookie token for match.
request_csrf_token = ""
if request.method == "POST":
try:
request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
except OSError:
# Handle a broken connection before we've completed reading
# the POST data. process_view shouldn't raise any
# exceptions, so we'll ignore and serve the user a 403
# (assuming they're still listening, which they probably
# aren't because of the error).
pass
if request_csrf_token == "":
# Fall back to X-CSRFToken, to make things easier for AJAX,
# and possible for PUT/DELETE.
request_csrf_token = request.META.get(settings.CSRF_HEADER_NAME, '')