I am trying to pass an encrypted token from an external application into Application Express. I want to read and work with this token in a custom authentication scheme as a way to authenticate the user into the application.
What is the best way to do this? At first, I was trying to just append the token onto the URL, eg:
/pls/apex/f?p=999:1&Token=XXXXXXXX
But then Apex returns a 404.
So then, I was trying to use the Application Express session values to send in the token, creating a URL like this:
f?p=999:1:::::TOKEN:XXXXXXXX
And then my sentry function I would do something like:
v_token := V('TOKEN')
To get it. However, this isn't working either, and I think's because the session isn't established yet when the sentry function executes? And is it even possible to do it this way? (Since there would be no item with this name, and no page yet to create it on...)
Is there a better approach to doing what I'm trying to do? If I had this added as a HTTP Header upstream, can I read that somehow in the sentry function? Maybe with owa_util.get_cgi_env? Does that work to read HTTP Headers from the request?
Thank you
If anyone else runs into something like this - I figured out a workaround.
Just put the token in the "value" session variables section of the URL, like so
f?p=999:1::::::XXXXXXXX
Then in the "sentry function" I can get the entire query string like this:
v_query_str := owa_util.get_cgi_env('QUERY_STRING');
And then I can split v_query_str by : and get the 8th token, which is what I need.
I found some examples using apex_util.string_to_table to split the string, which works nicely.
Related
I am trying to test some requests with Postman to the Open Library Covers API and I cannot find a proper way to send my params.
According to the docs, the request should be something like this:
http://covers.openlibrary.org/b/$key/$value-$size.jpg
I am configuring my GET request as follows:
http://covers.openlibrary.org/b/:key/:value-:size.jpg
I can properly fill the key path variable but unfortunately :value-:size.jpg is recognized as one unique variable. How can I split it so that those are two variables :value and :size?
Thanks in advance.
I have not yet found a solution but a possible alternative.
If I configure the request as:
http://covers.openlibrary.org/b/{{key}}/{{value}}-{{size}}.jpg
I can then use the Pre-req to define the following assignments:
pm.variables.set('key', 'isbn');
pm.variables.set('value', '0385472579');
pm.variables.set('size', 'S');
This is not exactly what I was looking for, but it works.
I am a new postman user. I attached a screenshot to show you my parameters. I get a new "nextpagetoken" every time I call this api. The listid and activitytypeid are not changing. What I want to do is finding a way to rerun this call automatically until there is no "nextpagetoken" in the response body. I also want to save the response of each call, separately if possible.
I've found a few solutions but given that I am a new user, I didn't fully understand them + none of them explains how to save the response automatically.
Any help will be appreciated!
You do not include a lot of details in your question, so I am going to use a generic example for this answer.
Let's say you want to call https://mysite/token with a Post call, from which you get a response using json with a token you need to reuse.
In your collection, create a new request. Select POST and write the url https://mysite/token.
Go into the tests tab. Assuming that the output of the call to your url is a json structure like this
{
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
You will need to write a script to capture the token like this:
var data = pm.response.json();
var accessToken = data.jwt;
pm.globals.set("token", accessToken);
now you can use it in your next request. Either in the url, if the next page is a get (e.g. http://mysite/page?token={{token}}) or anywhere else, like the parameters.
Just enclose it in double curly brackets. {{token}}
You will also be able to se it in your globals.
You can create an environment which, if selected, is accessible globally. Then you would call that variable by accessing it {{likethis}}
I have been able to set the plist for my project to open the project with a given url. However, I can't get it to pass params to the application (custom urls are built based on the user)
Is there a way to pass the params as command line arguments?
the scheme is essentially
url:userid
I need to be able to get the user id in the application.
Is there a way to do this? I know with cocoa you can create an app delegate to handle this but I need a carbon way to do it.
Thanks in advance!
Install an Apple Event handler to recognize URLs (both the suite and the event name have the same four-character code, 'GURL').
The event's direct object is a URL string. I would expect that string to contain the entire original URL, including any parameters that were encoded into it (e.g. if your custom scheme was xyz://some/data?param1=abc¶m2=def, you should receive all of that).
Another important step is to register as a handler for that URL type in your Info.plist file. Read up on CFBundleURLTypes for more.
I'm working with SWFUpload and Django, and I've noticed that authentication tends to break.
There is one part that is holding me up and I'm looking for direction more then a solution as I think know the solution is not yet available. (So I'm making it. )
I need to know how Django creates the WSGI request-object and how it's handled.
After looking at the source of django, it seems that csrf is done via the WSGIobject which have the appropriate cookeis appended to it. Naturally flash posts do not support this unless specified. SWFUpload offers the ability to send cookie data in the post params via a plugin, however I'd like to send them via headers on the URLRequest object. ( So that the Auth-Middleware and CSRF-Middleware can see it. )
My goal is to upgrade SWFUpload to send headers containing the values for what ever objects I pass it. The hard part for me is to figure out how those headers will be interpreted.
How does Django create the request.META object? | Where is the request.session object created?
I'm reading up on the WSGInterface now, but I'd like to accelerate this research. Thanks!
I believe what you're looking for is django.core.handlers.wsgi.
I'm trying to POST some JSON and a binary file from an iPhone to a Django server running django-piston using ASIHTTPRequest
I know how to get it to work if I am ONLY sending JSON strings, and I know how to make it work if I am ONLY sending a file, but doing both is tricky.
So we'll start with ASIHTTPRequest code
ASIFormDataRequest *request = [[ASIFormDataRequest alloc] initWithURL:url];
[request setRequestMethod:#"POST"];
[request setPostFormat:ASIMultipartFormDataPostFormat];
[request appendPostData:[#"{\"save\":{\"name\":\"iostest\"}}" dataUsingEncoding:NSUTF8StringEncoding]];
[request addData:UIImageJPEGRepresentation([UIImage imageNamed:#"test.jpg"], 1.0f)
withFileName:#"test.jpg"
andContentType:#"image/jpeg"
forKey:#"data"];
[request setDelegate:self];
[request startAsynchronous];
My best idea here is that adding raw string data directly to the POST body and then adding a file just doesn't work.
But if I instead try
[request setPostValue:#"{\"name\":\"iostest\"}" forKey:#"save"];
Then the piston data dictionary will store ['save'] as a string instead of a deserialized object, so it will literally deliver the string
"{\"name\":\"iostest\"}"
Here's my Piston handler code
def create(self, request):
data = request.data
print(data['save']) #{\"name\":\"iostest\"}"
print("Files: " + request.FILES['data'].name) #test.jpg
print("Data Save Name: " + data['save']['name']) #crash, interprets this as a string indeces lookup
Ideas are welcome.
I have basically hacked my way around this.
The basic problem is that the request format in which Django expects files to be submitted to the server is one which django-piston literally just drops the ball on.
When it encounters multipart requests, it simply doesn't try to parse the data.
The solution to this problem is to manually call the parsing engine, which, in the case of JSON, is straight out of django.utils (which is kind of disappointing).
You achieve this by using ASIHTTPRequest (or the request module of your choice) to set a standard post value by key, and then access it the old fashioned way.
from django.utils import simplejson
data = simplejson.loads(request.POST['save'])
Which basically just reduces this handler method at this point to nothing more than a regular old Django view in terms of the steps you have to take to get it going.
So clearly, django-piston is not built to deal with files apparently?
My best idea here is that adding raw
string data directly to the POST body
and then adding a file just doesn't
work.
That wouldn't work, no. If you're POSTing form data using 'application/x-www-form-urlencoded' format, or 'multipart/form-data' you're not going to be able to just tack some extra data on the end - it needs to go in as part of the form data. Something like this I guess...
[request setPostValue:#"{\"save\":{\"name\":\"iostest\"}}" forKey:#"data"];
But if I remove the string data and only post the file it still doesn't work.
Is more problematic...
or if it's Piston erroneously misreading the data.
I probably wouldn't look in that direction first - piston doesn't really mess with the request object, so it seems more likely that the ASI request isn't quite right.
I think the place to start would be to inspect the incoming request and check that it really is a valid formPOST request:
Check that request["CONTENT_TYPE"] is set to 'multipart/form-data'
Inspect the request.raw_post_data and make sure that it is valid form data as specified in http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2 - check that the key names are as you expected and that the file content is present. (Obviously you'll want to use a small text file when you're testing this!)
Check which keys actually are present in request.FILES, if any, in case it's as simple as something like a misnamed field.
Failing all that I'd try to narrow down if it's a problem on the client or server side by trying to write a plain python client and seeing if you have the same issue then. Looking around, something like this: http://atlee.ca/software/poster/ might be useful.