What's wrong with Yahoo finance webservice v1? API changed? - web-services

I was used to type in a browser : http://finance.yahoo.com/webservice/v1/symbols/YHOO,AAPL/quote?bypass=true&format=json&view=detail and parse the answer...
It's not working anymore, see: Has Yahoo finance web service disappeared? API changed? Down temporarily?
The command
curl -A "Mozilla/5.0 (Linux; Android 6.0.1; MotoG3 Build/MPI24.107-55) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.81 Mobile Safari/537.36" http://finance.yahoo.com/webservice/v1/symbols/YHOO,AAPL/quote?bypass=true&format=json&view=detail
gives also
not a valid parameter.
Any idea what's wrong in the request?
Any idea on the way to send the http request directly so it works in a desktop browser?

If you use the headers below in your GET request, it will work...
"User-Agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 9_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13E230 Safari/601.1"

Related

Amazon Cognito - Advanced Security Device of User is not listed correctly

I am using Amazon Cognito with Advanced Security enabled (currently in AUDIT only).
I am not using a hosted UI. I call Cognito via the AWS SDK in PHP from a backend server while the frontend is gathering the data required for Advanced Security according to https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-viewing-advanced-security-app.html
The data gathered looks fine and contains the correct Device and OS from the client. (for example Windows + Chrome).
Decoded payload gathered in the fronted looks like this
'{"payload":"{\\"contextData\\":{\\"UserAgent\\":\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36\\",\\"DeviceId\\":\\"XXXX:XXXX\\",\\"DeviceLanguage\\":\\"de-DE\\",\\"DeviceFingerprint\\":\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36PDF Viewer:Chrome PDF Viewer:Chromium PDF Viewer:Microsoft Edge PDF Viewer:WebKit built-in PDF:de-DE\\",\\"DevicePlatform\\":\\"Win32\\",\\"ClientTimezone\\":\\"02:00\\"},\\"username\\":\\"XXX\\",\\"userPoolId\\":\\"XXX\\",\\"timestamp\\":\\"1666690380680\\"}","signature":"XXXX","version":"JS20171115"}'
Inside of Cognito it looks like this
The shown device is probably our backend server, this seems wrong.
Backend call looks like this for login
$this->client->initiateAuth([
'AuthFlow' => 'USER_PASSWORD_AUTH',
'AuthParameters' => [
'USERNAME' => $username,
'PASSWORD' => $password,
'SECRET_HASH' => $secret,
],
'ClientMetadata' => [
...
],
'ClientId' => $this->clientId,
'UserContextData' => [
'EncodedData' => $encodedData,
'IpAddress' => $ip,
],
]);
I am also sending this data for forgotPassword, confirmForgotPassword and signUp with the same result showing Linux as device.
Why is the client device from the encoded data not shown in Cognito? It looks like that Cognito is ignoring me sending the encoded data and uses only my request information, which would break the whole concept of advanced security.
After changing from initiateAuth to adminInitiateAuth I can see the correct devices at least in the cognito overview.

How to force SSO on a login page WSO2

I have configured SAML Web SSO for my application.
Today I came across the following scenario:
User tries to access a page of a Service Provider (SP) who is not authenticated and is redirected to the SAML login page of WSO2 to enter his credentials using Local Basic Authenticator.
User opens a second tab with the same Service Provider before authenticating on the first tab.
User logs in successfully on any of the two tabs
Refreshing the tab that is still open on the Login page doesn't login the user, instead displays the login form.
From the http_access_logs I am seeing the following:
When the user tries to authenticate:
[20/Feb/2020:17:02:39 +0000] GET /samlsso?tenantDomain=domain.com&SAMLRequest=abcdef.....&RelayState=myRelayState HTTP/1.1 302 - - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 0.018
[20/Feb/2020:17:02:39 +0000] GET /authenticationendpoint/login.do?RelayState=myRelayState&.........parameters_ommited..... HTTP/1.1 200 2953 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 0.003
[20/Feb/2020:17:02:40 +0000] GET /logincontext?sessionDataKey=e3a4e5c3-60dd-4466-8586-9dae01a4a8d8&.....parameters_ommited.... Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 0.000
This is the flow of the requests when directed from the SP.
However when the user is refreshing the login page, even when he has authenticated on another tab, only the latter two requests are received.
[20/Feb/2020:17:14:26 +0000] GET /authenticationendpoint/login.do?RelayState=myRelayState&.....parameters_ommited..... Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 0.004
[20/Feb/2020:17:14:27 +0000] GET /logincontext?sessionDataKey=e3a4e5c3-60dd-4466-8586-9dae01a4a8d8&.....parameters_ommited...... Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 0.007
From my understanding the reason is that the user is not directed to the /samlsso on refresh, it asks for the login form directly.
Is the expected functionality that I would like something that the WSO2 server can handle, and if so how?

VB 6.0 error while accessing web service: 2146697208

I am getting error : -2146697208, while sending xml to payment gateway web service. The application is developed in VB6.0 and the OS is Microsoft windows server 2003.
And also the code works fine in Windows XP, and i verified the same with third party tools for testing Web Services (SOAP UI) in Windows Embedded Standard system and it works fine. Looks like the issue is related to VB6.0 and the OS. Please help.
Code Snippet:
On Error GoTo 0
'Set XMLHTTP = CreateObject("MSXML2.XMLHTTP.3.0")
PaymentURL = "https://testpayments.globalone.me/merchant/xmlpayment"
Dim http As Object
Set http = CreateObject("MSXML2.XMLHTTP.6.0")
http.Open "POST", PaymentURL, False
http.setRequestHeader "Content-Type", "text/xml"
http.setRequestHeader "User-Agent", "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405"
http.send (xmldata) (error is thrown here)
Please help me.
Thanks

url encode web service

Good morning,
I have to convert a string in a url string with hex code.
I found many webapps that makes this but i need to find a web service call like:
https://urlencode.com/<string>
and it response with the string encoded.
example:
call: https://urlencode.com/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
response: Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F51.0.2704.79%20Safari%2F537.36%20Edge%2F14.14393
do you know something or i have to make the code manually?

How to parse USER-AGENT field in http header using regex?

I want to parse some information from the User-Agent: HTTP header. The problem is that I'm getting two User-Agent: HTTP headers in the same HTTP Request:
CONNECT www.facebook.com:443 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (http://iim.com/a.jph) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.
CONNECT www.facebook.com:443 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.
CONNECT www.facebook.com:443 HTTP/1.1
I want the regex to match the non-http portion e.g Windows NT 6.1; WOW64. The flow analyzer software I'm using java regex engine.
My attempts
User-Agent:\s+.*?\((.*?)\)
Its matching both; I want to skip http portion of it.
Use a negative lookahead to prevent the match of http:
User-Agent:\s+.*?\((?!http)(.*?)\)
Though you might want to change the .*? to negated classes:
User-Agent:[^(]+\((?!http)([^)]+)\)