Get raw data in symfony 2 request - post

i'm trying to get some HTML code in a post Request with the symfony 2 API.
For example when i post something like "< p > hello < / p > "
I got in my request action handler (using $request->request->get(X)) an escaped string => "p hello /p"
Is there any way to get the raw data in the action handler ?

$request->request->get(X) doesn't escape values. To view posted data use Profiler. Your data are escaped by something else.

Related

How to test POST method with Postman and x-www-form-urlencoded Body?

I'm at the final step of making my first JS Web App using Pug, where I need to test that it supports POST method, which takes in a string should return a JSON object with 2 key.value pairs that represent original string and its length.
I'm instructed to use Postman and x-www-form-urlencoded to test my App, but I don't know how to test the POST method using urlencoded body.
Can someone tell me what I should fill in for KEY and VALUE on Postman, under x-www-form-urlencoded?
//POST method in route file
router.post('/', (req, res, next) => {
res.render('ps3post', {string: req.body.string, stringLength: req.body.string.length});
});
block content
h1 POST method, page rendered by PUG
p= string
p= stringLength
Okay I figured it out.. It seems that KEY needs to be type (string in my example), and VALUE needs to be what I want the actually value to be.

ruby-saml SAMLRequest as POST instead of GET

I am starting to use ruby-saml for one of the projects. IDP that I am using is expecting POST for authentication request with HTTP body containing SAMLRequest. Looking at the source code for authrequest.rb, create method can only do GET instead of POST.
I decided to call the create_params and get the base64 token which I can use from my view to do a POST.
When I use the following code
params = {}
request = OneLogin::RubySaml::Authrequest.new
token = request.create_params(saml_settings, params)
p token
p token["SAMLRequest"]
p decode(token["SAMLRequest"])
When i try base64decode.org or call the decode method, I get encoding for is not correct.
1) Can I do a POST instead of a GET?
2) What am I doing wrong in creating the request for it to be bad encoding?
thanks
1) Can I do a POST instead of a GET?
Yes, but support POST-binding is not just replace GET parameters by POST parameters...the signature on POST-binding is embed on the SAML message and is not another GET parameter.
2) What am I doing wrong in creating the request for it to be bad encoding?
thanks
The AuthNRequest is not only base64encoded, but also deflated.
Try use Base64 Decode + Inflate
You will find that thread interesting:
https://github.com/onelogin/ruby-saml/issues/124

Net::HTTP.post_form cannot send parameter

Hi I'm using rails and socket.io in node.js What I'm trying to do is send a param in rails model using Net::HTTP.post_form and get the param in node.js file which is server.js
model send.rb
def self.push(userid)
url = "http://socket.mydomain.com/push"
res = Net::HTTP.post_form(URI.parse(URI.encode(url)),data)
end
server.js
app.post('/push', function (req, res) {
console.log(req.param.userid)
});
req variable
req.ip =127.0.0.1
req.protocol= http
req.path = /push
req.host = socket.mydomain.com
req.param
I printed all the values but param always empty is there any solution for this? thanks in advance! :D
In Express you can retrieve values posted (HTTP POST) in an HTML form via req.body.searchText if you issue use app.use(express.bodyParser()); Notice that HTML form values come in req.body, not req.params.
Having said that, I am not sure how these values are submitted to the server when you use Socket.io rather than a "normal" HTTP POST on an HTML form.
I realize this is not an exact answer to your question, but wanted to mention how "normal" HTML form values are handled in case it helps and this was way to long to include as a comment.

How to debug HTTP AUTH params in Rails?

Rubyists,
something's wrong with my HTTP AUTH params that are coming into my Rails 3 app. The password has some whitespace at the end. I was debugging my client app and it looks like it is sending it correctly.
I am doing this in my app:
params[:auth_username], params[:auth_password] = user_name_and_password(request)
Then I am sending this into Warden.
I would like to see the raw data to see if the whitespace is there. How to do that?
Edit: I have debugged the wire between httpd and thin process and I am pretty sure the data are coming correctly. It must be something wrong in my Rails 3.0.10. I was able to decode the base64 string that is coming in the headers and it did not contain any whitespace.
This really looks like BASE64 decoder issue. Maybe a padding problem. My string is:
Qmxvb21iZXJnOnRjbG1lU1JT
which decodes to
Bloomberg:tclmeSRS
correctly using non-Ruby base64 decoders. Even in Ruby:
>> Base64.decode64 "Qmxvb21iZXJnOnRjbG1lU1JT"
=> "Bloomberg:tclmeSRS"
I don't get it. Searching for a bugreport in Rails or something like that.
Edit: So it turns out our Apache httpd proxy adds something to the header:
Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic
This leads to the incorrect characters at the end of the password, because:
>> Base64.decode64('Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic'.split(' ', 2).last || '')
=> "Bloomberg:tclmeSRS\005\253\""
The question is now - is this correct? Is it a bug in httpd or rails?
Rails user_name_and_password method makes a call to decode_credentials that performs the following, then splits using ":" :
::Base64.decode64(request.authorization.split(' ', 2).last || '')
Applied to your data :
::Base64.decode64("Qmxvb21iZXJnOnRjbG1lU1JT".split(' ', 2).last || '').split(/:/, 2)
=> ["Bloomberg", "tclmeSRS"]
Everything seems to be ok, the problem sits elsewhere IMO. To dump the authorization data from your controller :
render :text => "Authorization: #{request.authorization}"

Twitter double encode entity references?

Why is twitter double encoding XML entity references?
Here's an example tweet:
xml entity ref test < & '
The response from statuses/friends_timeline:
<status>
<created_at>Wed Jun 24 00:16:15 +0000 2009</created_at>
<id>2302770346</id>
<text>xml entity ref test &lt; & '</text>
<source>web</source>
<truncated>false</truncated>
shouldn't it be
< & &apos;
I did some more test, here's what happens in the http post to send the update:
sniff again < & '
post data:
authenticity_token=secret_sauce_removed&status=sniff+again+%3C+%26+'&twttr=true&return_rendered_status=true
I've confirmed Justin's observation that only < > is double encoded. First line is the xml repsonse, 2nd line json.
<text>" & ' &lt; &gt;</text>
"text":"\" & ' < >"
Twitter documentation says "escaped and HTML encoded status body", I guess escaped means xml encoding < >.
But i still don't understand why they're doing it. No web pages are involved in the whole process. The tweet is sent through the rest API url-encoded, and it is retrieved as xml or json.
It's double coded because the text property is quasi HTML Encoded text (looks like they're only encoding < and > so that you don't start/end a new html element in your tweet). Therefore, before the XML parses it for communication across the wire, you'd have:
xml entity ref test < & '
That string then gets encoded again (so that when it is decoded, it is still the proper HTML Encoded text) which turns it in to the:
xml entity ref test &lt; & '
That you are getting back.
It looks like it's taking the HTML code, and sticking that inside of an XML field, so when you use your XML parser on the XML, you get valid HTML.

Resources