I make an HTTP call in flutter for checking the username and password on my login page.
If I put the right username and password, I will get a status code of 200 OK! Everything is fine up to this point.
But if I put a wrong username and password, to get my status code 901 for that, flutter throws an exception: Invalid response status code!
Maybe the HTTP package just works with the regular status codes (not the individual ones)?
You definitely don't want to be returning 901. You should be returning a valid understood status code. For example, I'd use 403 (Forbidden). An easy-to-understand list can be found in the Wikipedia entry https://en.wikipedia.org/wiki/List_of_HTTP_status_codes.
You should return a valid http status code otherwise it will return the error you mentioned:
https://github.com/dart-lang/http/blob/master/lib/src/base_response.dart
Related
I want to make an API negative test scenario with Rest-Assured Library. I'm creating a get request for a data that doesn't exist. When I print this response to the console, I want to see the text 'not found' Because postman says this is the request body. But my test failed on get method. I am getting that error
io.restassured.internal.http.HttpResponseException: status code: 404, reason phrase: Not Found
Actually I know the status code is 404. But I can not test about it. How can i write that negative scenario
Response response = given().
when().
get("https://restful-booker.herokuapp.com/booking/1001");
When accessing Google-Drive, an access-token can expire and we can use the refresh-token to get a new access-token. There are a number of possible reasons though, that the refresh-token itself stops working or expires, see:
https://developers.google.com/identity/protocols/OAuth2#expiration
So my question, what happens if the refresh-token has expired after the 6 months, how can I detect it? Does the request for refreshing the access-token fail with 403 forbidden, or does it return a JSON containing an error message, or something else?
Unfortunately it is hard to find any information about this, and to test it out one has to wait for 6 month...
Solution:
Thanks to Gary Archers answer I could produce the situation with an invalid refresh-token and this is the response I got, maybe it helps somebody else:
HTTP-status-code: 400
JSON:
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
Almost all implementations I've seen return a known error code of 'invalid_grant' that you can check for. It will look something like this, with the server returning a JSON response with an error field and an optional error_description. At this point you need to redirect the user to reauthenticate:
Got some URLs which I'm testing using the requests library. Example code can be found below:
page = requests.get(url)
print (page.status_code)
#output: 200
Some URLs returns a 404 status code when tested manually. Why is the output giving 200 then?
The programmer can define the status code manually. And it may have misled you.
the HTTP status code “200”, means is “file found.” if you redirect to another page, you will get 200 status code
So You do not let your request redirects.
r = requests.get('http://example.com/sdfsdfs', allow_redirects=False)
print(r.status_code)
Until few days ago everything worked fine. But after some changes on FitBit new user can not get OAuth handshake anymore. The problem is when I receive temporary tokens and make call to finish handshake and receive credentials.
So in first step I get:
TOKEN: 1a227cfde686220183763946a98173bc and VERIFIER: p2g5ims7o4ffscev603rbif05g
and in second step I use theme to make call to https://api.fitbit.com/oauth/access_token ...
Signature Base String is:
POST&https%3A%2F%2Fapi.fitbit.com%2Foauth%2Faccess_token&oauth_consumer_key%3D7c5e888aa3dd4d17a26d82a7f541b278%26oauth_token%3D1a227cfde686220183763946a98173bc%26oauth_nonce%3D5hw45lgu%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1391094796%26oauth_verifier%3Dp2g5ims7o4ffscev603rbif05g%26oauth_version%3D1.0
And by that I receive header (with signature calculated using the same function as in first step)
Authorizing with HEADER: OAuth oauth_consumer_key="7c5e888aa3dd4d17a26d82a7f541b278",oauth_token="1a227cfde686220183763946a98173bc",oauth_nonce="5hw45lgu",oauth_signature="X4udgn9A7Q2xI%2FN38QELl%2BIDVqM%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1391094796",oauth_verifier="p2g5ims7o4ffscev603rbif05g",oauth_version="1.0"
That should work but I get 401 error saying:
{"errors":[{"errorType":"oauth","fieldName":"oauth_access_token","message":"Invalid signature or token 'JNGSIMomid/oghtWGrz7crC6KhM=' or token '6c45d0ce39195e848da14cad0a4f9719'"}],"success":false}
I have been working od that for 7 hours now ... and as far as I can see everything is OK ... Error is saying about field name oauth_access_token ... This fields doesn't even exist. I tried anyway and recived error saying that security is not OK ...
Any Idea?
I had the same problem. After doing some research I noticed that the API has changed and the lib I was using was out dated.
To fix that, I updated my lib and did some code changes.
Here is the link of a .Net implementation after the change:
https://github.com/aarondcoleman/Fitbit.NET/wiki/Breaking-Change-on-1-24-2014-as-a-result-of-OAuth-update-in-Fitbit-API
Regards,
Fredy
I'm trying to verify if there is a remote url with following code:
endpoint_uri = URI.parse(#endpoint.url)
endpoint_http = Net::HTTP.new(endpoint_uri.host, endpoint_uri.port)
endpoint_request = Net::HTTP::Head.new(endpoint_uri.request_uri)
endpoint_response = endpoint_http.request(endpoint_request)
I'm still getting 405 Method not allowed. When I use Get instead Head in Net::HTTP::Head.new I'm getting 200 Success but also with whole remote document in response what results in bigger response time (0.3s => 0.9s).
Any ideas why this is happening? Thx
There's a chance that the #endpoint url you're trying to interact with doesn't support HEAD requests (which would be really weird, but still may be the case). Your code works fine for me with a handful of urls (google.com, stackoverflow.com, etc.)
Have you tried a curl request to see what it returns?
curl -I http://www.the_website_you_want_to_test.com