I'm using Devise (2.1.2) and Rails (3.2.9) and I've enabled basic authentication (for testing). I'm posting a JSON POST request using CURL and I'm seeing weird behavior. The authentication fails the first time I send the request (after server restart) but succeeds after sending the exact same request the second time.
When debugging, it seems that the winning_strategies are nil on the first attempt but populated with three strategies on the second attempt.
What is the cause of this behavior?
Try:
Authenticate:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X POST http://localhost:3000/users/sign_in \
-d "{'user' : { 'email' : 'test#example.com', 'password' : 'password'}}" \
-c cookie
Show:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X GET http://localhost:3000/pages/1.xml \
-b cookie
For post requests -
You need a CSRF token for non-GET requests in Rails 3 .
This is because Rails by default adds an authenticity token to forms to protect from malicious forgery of submitted parameters. As you do not supply this token with your request, rails does not accept it. You can bypass this with
skip_before_filter :verify_authenticity_token
Related
I need to get "Get a 2-Legged Token" verification for a read-only access to upload files entered by other users but I'm running into the following error:
{
"developerMessage": "The required parameter(s) client_id,client_secret,grant_type not present in the request",
"errorCode": "AUTH-008",
"more info": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"
}
I followed exactly the example on the site changing just my "client id" and my "client secret":
https://forge.autodesk.com/en/docs/oauth/v1/tutorials/get-2-legged-token/
can anybody help me?
The single quote is wrong format in header of curl.
Try this format
curl --location --request POST 'https://developer.api.autodesk.com/authentication/v1/authenticate' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=your_client_id_xxx' \
-d 'client_secret=your_client_secret_xxx' \
-d 'grant_type=client_credentials' \
-D 'scope=data:read'
It will be return access token
I am using Postman for HTTP call.
It is more convenient
I'm in the process of updating Keycloak straight from version 6.0.1 to 11.0.0, the db migration was successful and was able to login into admin console, however the token generation seems to be broken, I'm sending below curl to generate token
curl --location --request POST 'http://localhost:8480/auth/realms/test/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=testUser' \
--data-urlencode 'password=testPassword' \
--data-urlencode 'scope=testRole' \
--data-urlencode 'client_id=testService' \
--data-urlencode 'client_secret=testServiceSecret'
On sending above request Keycloak complains of Invalid Scopes: testRole, however I've verified the role and user role mappings are in place and this used to work well with Keycloak 6.0.1.
Just on side note, our clients are Full scoped, so it something that is causing issue? Or something else have got changed or is there a way to ignore invalid scopes altogether while generating token?
The following connects to the API's server
httparty -a post -H Content-Type:application/json "https://test.co.uk/interface/search"
and returns an error message (which is by design).
However, if another header is added:
httparty -a post -H Content-Type:application/json -H Accept-Encoding:gzip,deflate "https://test.co.uk/interface/search"
an error occurs in the ruby JSON parser
.rbenv/versions/2.3.4/lib/ruby/gems/2.3.0/gems/json-2.1.0/lib/json/common.rb:156:in
`parse': 765: unexpected token at '' (JSON::ParserError)
No amount of escaping with quotes changes the situation.
httparty -a post -H 'Content-Type:application/json' -H Accept-Encoding:gzip,deflate "https://test.co.uk/interface/search"
same error...
On the other hand, if one excludes the 'application/json' header, multiple headers can be submitted, obtaining a server response (same error message from API server).
httparty -a post -H Accept-Encoding:gzip,deflate -H Content-Length:578 -H Host:test.co.uk -H Connection:Keep-Alive "https://test.co.uk/interface/search"
How can multiple headers be submitted, with the 'application/json' string pass ruby's JSON parsing filter?
Personally I use HTTPie, try to curl like this way.
curl -H "Accept-Encoding:gzip,deflate" \
-H "Content-Length:578" \
-H "Host:test.co.uk" \
-H "Connection:Keep-Alive" \
-X POST \
"https://test.co.uk/interface/search"
How can I authenticate my Ruby on Rails Application using cURL from terminal using Devise?
I'm trying:
curl --user email:password http://domain.bla/api/auth/sign_in
And is responding:
The page you were looking for doesn't exist.
This works for me :
curl -XPOST -v -H 'Content-Type: application/json' http://domain/api/v1/auth/sign_in -d '{"email": "email#domain.com", "password": "password" }
So I get back the response (something like below, only important part) :
< access-token: lW1c60hYkRwAinzUqgLfsQ
< token-type: Bearer
< client: W_xCQuggzNOVeCnNZbjKFw
< expiry: 1426610121
< uid: email#domain.com
Then I can validate the token, using the client and token previously obtained from the above request, I do it like this :
curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: lW1c60hYkRwAinzUqgLfsQ' -H 'client: W_xCQuggzNOVeCnNZbjKFw' -H "uid: email#domain.com" http://domain/api/v1/auth/validate_token
The result :
{"success":true,"data":{"id":3,"provider":"email","uid":"email#domain.com","firstname":null,"lastname":null,"email":"email#domain.com"}}
I found that the login step needed to be wrapped in a user dictionary, viz:
curl -X POST -v -H 'Content-Type: application/json' \
http://somehost.com/users/sign_in -d \
'{"user" : {"email": "some_user#nowhereville.org", "password": "OpenSecret" }}'
This is Devise 3.5.4.
I'm sending json request via curl to my local web server
curl -H 'Content-Type: application/json' -d {"name":"Stanford University", "subdomain":"stanford"} http://localhost:3000/rest/v1/groups.json
But in my rails app in params i'm getting
Parameters: {"name"=>"Stanford University", "subdomain"=>"stanford", "group"=>{"name"=>"Stanford University", "subdomain"=>"stanford"}}
Where did that hash group came from, and how do i controll it?
Look in config/initializers/wrap_parameters.rb. You likely have wrap_parameters enabled for JSON requests.
You can disable this option in the above file with
wrap_parameters false
Recommended Reading: http://api.rubyonrails.org/classes/ActionController/ParamsWrapper.html
You have to send it into Json Format
Try Following
curl -H 'Content-Type: application/json' -d "{\"name\":\"Stanford University\", \"subdomain\":\"stanford\"}"
OR
hash = {"name":"Stanford University", "subdomain":"stanford"}
curl -H 'Content-Type: application/json' -d "#{hash.to_json}" http://localhost:3000/rest/v1/groups.json