Devise Authentication using cURL - ruby-on-rails

How can I authenticate my Ruby on Rails Application using cURL from terminal using Devise?
I'm trying:
curl --user email:password http://domain.bla/api/auth/sign_in
And is responding:
The page you were looking for doesn't exist.

This works for me :
curl -XPOST -v -H 'Content-Type: application/json' http://domain/api/v1/auth/sign_in -d '{"email": "email#domain.com", "password": "password" }
So I get back the response (something like below, only important part) :
< access-token: lW1c60hYkRwAinzUqgLfsQ
< token-type: Bearer
< client: W_xCQuggzNOVeCnNZbjKFw
< expiry: 1426610121
< uid: email#domain.com
Then I can validate the token, using the client and token previously obtained from the above request, I do it like this :
curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: lW1c60hYkRwAinzUqgLfsQ' -H 'client: W_xCQuggzNOVeCnNZbjKFw' -H "uid: email#domain.com" http://domain/api/v1/auth/validate_token
The result :
{"success":true,"data":{"id":3,"provider":"email","uid":"email#domain.com","firstname":null,"lastname":null,"email":"email#domain.com"}}

I found that the login step needed to be wrapped in a user dictionary, viz:
curl -X POST -v -H 'Content-Type: application/json' \
http://somehost.com/users/sign_in -d \
'{"user" : {"email": "some_user#nowhereville.org", "password": "OpenSecret" }}'
This is Devise 3.5.4.

Related

Unable to add a group member using microsoft graph api in a bash script

If I run below http script from the graph.microsoft.com docs, it works fine.
POST https://graph.microsoft.com/v1.0/groups/9746dce-f530182/members/$ref
Content-type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6Il9Y-pCiTwLhttVX5wg
{
"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/e7cb-2f96bba6"
}
where:
9746dce-f530182 = group-id,
e7cb-2f96bba6 = user-id and
eyJ0eXAiOiJKV1QiLCJub25jZSI6Il9Y-pCiTwLhttVX5wg = auth-token
I would like to run this as a bash script, so that I can automate the token generation and the POST call. My script looks like so.
CLIENT_ID='283f4d25-87bde0ef'
TENANT_ID='2d987312-a4ff5ea0'
CLIENT_SECRET='XSY8Q~4Ls-ahi'
GROUP_ID="9746dc-00182"
USER_ID='e7cb46-bbbba6'
AT_URL="https://login.microsoftonline.com/${TENANT_ID}/oauth2/token"
auth_response=$(curl -X POST -d 'grant_type=client_credentials&client_id='${CLIENT_ID}'&client_secret='$CLIENT_SECRET'&resource=https://graph.microsoft.com' $AT_URL | jq .)
token="$(echo $auth_response | jq -r .token_type) $(echo $auth_response | jq -r .access_token)"
curl -H "Authorization: $token" -H "Content-type: application/json" -d '{"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/'$USER_ID'"}' "https://graph.microsoft.com/v1.0/groups/$GROUP_ID/members/$ref"
But this fails with the below error. What am I missing?
{"error":{"code":"Request_BadRequest","message":"Unsupported resource type 'DirectoryObject' for operation 'Create'.","innerError":{"date":"2022-05-25T11:24:21","request-id":"e189dc-063e","client-request-id":"e189d-2e42063e"}}}
I managed to fis the issue by changing the last line of the script to the following. The problem was that the $ref at the end of the URL was treated as a bash variable.
curl -H "Authorization: $token" -H "Content-Type: application/json" -d '{"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/'${USER_ID}'"}' 'https://graph.microsoft.com/v1.0/groups/'$GROUP_ID'/members/$ref'
Hope this helps someone else.
The final script looks like below
CLIENT_ID='283f4d25-87bde0ef'
TENANT_ID='2d987312-a4ff5ea0'
CLIENT_SECRET='XSY8Q~4Ls-ahi'
GROUP_ID="9746dc-00182"
USER_ID='e7cb46-bbbba6'
AT_URL="https://login.microsoftonline.com/${TENANT_ID}/oauth2/token"
auth_response=$(curl -X POST -d 'grant_type=client_credentials&client_id='${CLIENT_ID}'&client_secret='$CLIENT_SECRET'&resource=https://graph.microsoft.com' $AT_URL | jq .)
token="$(echo $auth_response | jq -r .token_type) $(echo $auth_response | jq -r .access_token)"
curl -H "Authorization: $token" -H "Content-Type: application/json" -d '{"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/'${USER_ID}'"}' 'https://graph.microsoft.com/v1.0/groups/'$GROUP_ID'/members/$ref'

Update Owner field of RT Ticket via REST API 2.0

curl -X PUT
-H "Content-Type: application/json"
-d
'{ “Owner”: { "id" : "root" } }'
-H 'Authorization: token XXX_Token_XXX'
'http://XXX_RT_URL_XXX/REST/2.0/ticket/6'
This command works for updating values of a ticket at the top level of JSON, but values such as 'Owner' fails. The documentation does not denote any method as to update these specific fields. What is the recommended way to update a ticket's Owner field via the Request Tracker REST API 2.0 (rt-extension-rest2)?
Try with the username as the value:
curl -X PUT
-H "Content-Type: application/json"
-d
'{ “Owner”: "root" }'
-H 'Authorization: token XXX_Token_XXX'
'http://XXX_RT_URL_XXX/REST/2.0/ticket/6'
That should accept a username or user ID.

Invalid token error in Linkedin Gem when its work in CURL of Rails app

When i used CURL post from console then its work but when i used linkedin gem method in controller then its not working and get error regarding access token. Where is wrong here not findout.
CURL Code
curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"comment":"hello from google www.google.com! http://ibm.com","visibility":{"code":"anyone"}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxJXygzp_8Exxxxg7_7FaxxxxxxtWzBXAxxxxxa5z1MVK6-kubHJ5JIaGAxxxx234wndpAMc_CxmCsIHxxxxraleZqkU0t_WNEhxxxz8_cKpeOixxxxsd15-X-MdvzYVxxxx9hQ&format=json&title=linkedin HTTP/1.1
LinkedIn gem code
client = LinkedIn::Client.new(
config[:your_consumer_key],
config[:your_consumer_secret]
)
client.authorize_from_access(
config[:oauth_user_token],
config[:oauth_user_secret]
)
client.add_share(
comment: 'Good Morning',
content: {'submitted-url' => 'http://www.github.com/blazeeboy' }
)
Any one have a idea where is wrong here.
============= UPDATE =============
system 'curl -H "Content-Type: application/json" -H "authToken: auth_token" --data '{"comment":"hello from google www.google.com! http://google.com","visibility":{"code":"anyone"}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxygzp_8E3ySvg7_7FahixxxxxxtWzBXAja5OQ8a0wta5z1MVK6-kubHJ5JIxxxxwndpAMc_CxmCsIHxFlexxxxxleZqkU0t_WNxxxxmi7CMz8_cKpexxxx15-X-MdvzYVOxxxxm9hQ&format=json&title=linkedin HTTP/1.1'
Thanks
curl -H "Content-Type: application/json" -H "authToken: auth_token" --data '{}' https://api.linkedin.com/v1/people/~/shares
Try running this :
system "curl -H 'Content-Type: application/json' -H 'authToken: auth_token' --data '{'comment':'hello from google www.google.com! http://google.com','visibility':{'code':'anyone'}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxygzp_8E3ySvg7_7FahixxxxxxtWzBXAja5OQ8a0wta5z1MVK6-kubHJ5JIxxxxwndpAMc_CxmCsIHxFlexxxxxleZqkU0t_WNxxxxmi7CMz8_cKpexxxx15-X-MdvzYVOxxxxm9hQ&format=json&title=linkedin HTTP/1.1"
In rails when you use double quotes inside single quotes it gives error with some commands.
OR you can try like this :
`curl -H 'Content-Type: application/json' -H 'authToken: auth_token' --data '{'comment':'hello from google www.google.com! http://google.com','visibility':{'code':'anyone'}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxygzp_8E3ySvg7_7FahixxxxxxtWzBXAja5OQ8a0wta5z1MVK6-kubHJ5JIxxxxwndpAMc_CxmCsIHxFlexxxxxleZqkU0t_WNxxxxmi7CMz8_cKpexxxx15-X-MdvzYVOxxxxm9hQ&format=json&title=linkedin HTTP/1.1`

Devise authentication fails on first attempt, succeeds afterwards

I'm using Devise (2.1.2) and Rails (3.2.9) and I've enabled basic authentication (for testing). I'm posting a JSON POST request using CURL and I'm seeing weird behavior. The authentication fails the first time I send the request (after server restart) but succeeds after sending the exact same request the second time.
When debugging, it seems that the winning_strategies are nil on the first attempt but populated with three strategies on the second attempt.
What is the cause of this behavior?
Try:
Authenticate:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X POST http://localhost:3000/users/sign_in \
-d "{'user' : { 'email' : 'test#example.com', 'password' : 'password'}}" \
-c cookie
Show:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X GET http://localhost:3000/pages/1.xml \
-b cookie
For post requests -
You need a CSRF token for non-GET requests in Rails 3 .
This is because Rails by default adds an authenticity token to forms to protect from malicious forgery of submitted parameters. As you do not supply this token with your request, rails does not accept it. You can bypass this with
skip_before_filter :verify_authenticity_token

Weird json request via curl

I'm sending json request via curl to my local web server
curl -H 'Content-Type: application/json' -d {"name":"Stanford University", "subdomain":"stanford"} http://localhost:3000/rest/v1/groups.json
But in my rails app in params i'm getting
Parameters: {"name"=>"Stanford University", "subdomain"=>"stanford", "group"=>{"name"=>"Stanford University", "subdomain"=>"stanford"}}
Where did that hash group came from, and how do i controll it?
Look in config/initializers/wrap_parameters.rb. You likely have wrap_parameters enabled for JSON requests.
You can disable this option in the above file with
wrap_parameters false
Recommended Reading: http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html
You have to send it into Json Format
Try Following
curl -H 'Content-Type: application/json' -d "{\"name\":\"Stanford University\", \"subdomain\":\"stanford\"}"
OR
hash = {"name":"Stanford University", "subdomain":"stanford"}
curl -H 'Content-Type: application/json' -d "#{hash.to_json}" http://localhost:3000/rest/v1/groups.json

Resources