I am trying to redirect a user after authentication from a login service to the resource service. There for, when someone tries to access the main page of my app, I check for the auth token inside a cookie and based on that validation, I serve the html file or redirect to the auth service where I am greeting them with a login/register form.
if(cookie?.auth){
return res.status( 301 ).redirect( `${ protocol }://${ process.env.REDIRECT_AUTH }/login?redirect=${ protocol }://${ hostname }:${ PORT }&session=${ req.sessionID }` );
}
This part works as expected. I get redirected to the endpoint. The question mark appears here. After I enter the credentials, I make a post request to the auth service and if everything goes right, I call the res.redirect(location), the location being the redirect query listed in the link above with some parameters as well.
Here is the snippit:
return res.status( 301 ).redirect( `${ location }?auth=${ token }` as string );
Of course, I am checking if the request query contain the credentials I need. The request actually returns 200, but instead of being redirected to the page, I get the file as a response payload.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
HAASDASD
</body>
</html>
My immediate conclusion was that is about the difference between the GET vs POST method and therefor I get a different result. Is there anyone who stumbled into something similar?
Related
I have to find if the given user belongs to the given group in google cloud. I am using groups memberships api lookup.
here is my code
package main
import (
"context"
"google.golang.org/api/cloudidentity/v1beta1"
)
func main() {
ctx := context.Background()
cloudidentityService, err := cloudidentity.NewService(ctx)
if err != nil {
panic(err)
}
res, err := cloudidentityService.Groups.Memberships.Lookup("GroupName").MemberKeyId("MemberLookingForInGroup").Context(ctx).Do()
if err != nil {
panic(err)
}
}
I am getting 404 error on this:
panic: googleapi: got HTTP response code 404 with body: <!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 404 (Not Found)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}#media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}#media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}#media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</style>
<a href=//www.google.com/><span id=logo aria-label=Google></span></a>
<p><b>404.</b> <ins>That’s an error.</ins>
<p>The requested URL <code>/v1beta1/memberKey.namespace/memberships:lookup?alt=json&memberKey.id=membertoloookup&prettyPrint=false</code> was not found on this server. <ins>That’s all we know.</ins>
Checking Google documentation, the error is due to not having an API method associated or the request refers to one or more resources that were not found.
I recommend you to check what Clark McCauley proposed, check if you have the correct API associated.
Here is an official document that can help you better troubleshoot errors.
I have a website build with Laravel 4.2 and a controller that are accessible only to logged user:
Route::group(['prefix' => 'pannello-utente', 'before' => 'auth'], function ()
{
Route::get('elenco-animali/{nome?}', ['uses' => 'PazientiController#index']);
Route::get('download/{cartella}/{file}', ['uses' => 'PazientiController#download']);
});
the auth method request user to insert email and password.
In the PazientiController I have the __construct method that perform some queries that retrieve a code and use it in the other method:
public function __construct()
{
$this->current_user = Auth::user();
//Recupero il codice cliente salvato nel profilo utente
$this->codice = User::find($this->current_user->id)->first()->profile->codice_cliente;
}
This code is saved only in the database and, at the moment, no other application have it so I need to execute that query every time.
I need that, now via curl then via smartphone app, the user can access to the method, so I need users to log in before:
curl --user chri788#gmail.com:adminadmin localhost:8888/*****/public/pannello-utente/elenco-animali
But I get this:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost:8888/*****/public/login" />
<title>Redirecting to http://localhost:8888/*****/public/login</title>
</head>
<body>
Redirecting to http://localhost:8888/****/public/login.
</body>
</html>
How can I access to that controller?
The --user flag for curl triggers HTTP Basic Authentication. Laravel supports this, but not with the auth filter - it needs the auth.basic filter.
You can write a custom filter that checks both auth and auth.basic, or you can provide a separate set of routes (maybe prefixed with api) that uses the alternate filter.
http://laravel.com/docs/4.2/security#http-basic-authentication
I'm using varnish to cache our pages. When we get a 503 -- which happens a little too often -- I'd like to put some sort of page tracking on there. I'd like to place the GA code in there. I can't seem to find any instance of anyone else doing this. Has anyone done this? Is there some sort of T&C violation in doing this?
For Varnish you can use vcl_error to include your own responses (that have the Google Analytics code).
Edit: I have not tested any of these. They are just examples.
An example:
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
if (obj.status == 503) {
synthetic {"
<html>
<head>
<title></title>
</head>
<body>
<h1>Error</h1>
<p>Something</p>
<!-- ANALYTICS CODE -->
</body>
</html>
"};
return(deliver);
}
}
Alternatively you can add your own pages from the file system by using vmod (which is included as standard with version 3.*+).
# Add this to the top of your config
import std;
# vcl_error
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
if (obj.status == 503) {
set obj.http.error503 = std.fileread("/path/to/errors/503.html");
synthetic obj.http.error503;
return(deliver);
}
}
I try to get the sfFacebookConnectPlugin to run by following the tutorial on the symfony homepage.
Everything seems well configured. But when I try to login with sfFacebookConnectAuth/signin.
I get the form error "The username and/or password is invalid.".
I even don't know where to start with the debugging.
First Step could be to find out the right Application-Settings on the Facebook-Side (e.g. Post-Authorize Callback URL, Connect-URL or Canvas Callback URL)
I use symfony 1.4.5 doctrine with sfGuardDoctrinePlugin (on a live host with subdomain.)
Thx for your help.
I found that page: http://burgiblog.com/2009/09/18/developing-facebook-applications-with-symfony/ now it works, I changed three things after reading the tutorial:
modules/sfFacebookConnectAuth/config/security.yml: Use "false" instead of "off"
I added "callback_url" in apps/frontend/config/app.yml
And I used the facebook action in the tutorial
I need to find out, what the problem exactly was. And I need to enhance some things to the plugin. E.g. saving the user data to my profile class etc. (Now I saves a cryptic username instead of the right FB username.)
It says on the plugin page that this plugin is only supported/stable up to Symfony 1.2. Might make sense to email the plugin author directly regarding 1.4 compatibility.
I'm having some problems with sfFacebookConnectPlugin. I tried replicating the simple example from http://burgiblog.com/2009/09/18/developing-facebook-applications-with-symfony/ . And calling the index page, I get redirected to the facebook authentication page but after logging in, I do not get redirected back. I stay logged into facebook only. What am I doing wrong?
Thanks.
This is my code:
[/frontend/config/app.yml]
# default values
all:
facebook:
api_key: xxx
api_secret: xxx
api_id: xxx
callback_url: 'http://localhost'
redirect_after_connect: false
redirect_after_connect_url: ''
connect_signin_url: 'sfFacebookConnectAuth/signin'
app_url: '/my-app'
guard_adapter: ~
js_framework: none # none, jQuery or prototype.
# It is highly recommended to use a js framework if you want a correct experience in IE
sf_guard_plugin:
profile_class: sfGuardUserProfile
profile_field_name: user_id
profile_facebook_uid_name: facebook_uid # WARNING this column must be of type bigint ! 100000398093902 is a valid uid for example !
profile_email_name: email
profile_email_hash_name: email_hash
facebook_connect:
load_routing: true
user_permissions: []
[layout.php]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<?php use_helper('sfFacebookConnect') ?>
<?php include_http_metas() ?>
<?php include_metas() ?>
<?php include_title() ?>
<link rel="shortcut icon" href="/favicon.ico" />
</head>
<body>
<?php echo $sf_content ?>
<?php include_bottom_facebook_connect_script(); ?>
</body>
</html>
[actions.class.php]
<?php
/**
* facebook actions.
*
* #package
* #subpackage facebook
* #author Your name here
* #version SVN: $Id: actions.class.php 12479 2008-10-31 10:54:40Z fabien $
*/
class homeActions extends sfActions
{
/**
* Executes index action
*
* #param sfRequest $request A request object
*/
public function executeIndex(sfWebRequest $request)
{
sfFacebook::requireLogin();
//get the user object
$user = $this->getUser();
// facebook user id
$this->fb_uid = $user->getCurrentFacebookUid();
// get or create user based on fb_uid
$fb_user = sfFacebook::getOrCreateUserByFacebookUid($this->fb_uid);
}
}
[indexSuccess.php]
<?php if ($sf_user->isFacebookConnected()): ?>
<fb:serverfbml style="width: 740px;">
<script type="text/fbml">
<fb:fbml>
<fb:request-form target="_top" action="[where to redirect after invite]" method="post" type="[name of your app]" content="[text the user will receive]<fb:req-choice url="http://apps.facebook.com/[your app]/" label="Accept!" " image="" invite="true">
<fb:multi-friend-selector cols="4" actiontext="[some text above the invite form]" />
</fb:request-form>
</fb:fbml>
</script>
</fb:serverfbml>
<?php else: ?>
<p>Ooops?</p>
<br />
<?php endif; ?>
I am trying to learn the ClientLogin Interface detailed on the Account Authentication APIs on Google code website.
I am using Firefox 3.5pre (Shiretoko) and XMLHttpRequest object in Javascript to follow the process. Here's a stripped down version of what I have:
<html>
<head>
<title>Test</title>
<script type="text/javascript">
//<![CDATA[
function update() {
var auth_params = "accountType=HOSTED_OR_GOOGLE&Email=val"
+"&passwd=val&service=cl&source=MMA-Learning";
var request = new XMLHttpRequest();
request.open('POST', 'https://www.google.com/accounts/ClientLogin', true);
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
request.setRequestHeader("Content-Length", auth_params.length);
request.setRequestHeader("Connection", "close");
request.onreadystatechange = function () {
if (this.readyState == 4 && this.status == 200) {
alert ("Request done");
}
};
try {
request.send( auth_params );
} catch (e) {
alert ("Send Exception:\n"+e);
}
}
//]]>
</script>
</head>
<body>
Authenticate
</body>
</html>
When I click on the Authenticate link, all I get back is a Bad Request response. Examining the request headers, I don't see Content-Type set to application/x-www-form-urlencoded.
I am using Firebug 1.5X to examine the traffic.
For now, all I want to do is generate request mentioned in the Sample Request section and get a response mentioned in the Sample Responses section. If I get there, I want to get some account specific data like, unread Google Reader feeds etc.
I suspect that you've been bitten by Javascript's "same origin" policy. It prevents Javascript, including XmlHttpRequest, from accessing one domain from another. More information is available from Mozilla.
There are hacks to get around this, but I have no idea if they'll work with Google's API.
the 'p' in 'passwd' is a small 'p' instead of a capital 'P'
you probably figured that out tho. When you post and you find the answer, it is always polite if you post the answer as well. This helps the people in the future who will look at your post for information
That 'p' took me two hours to find because i persummed that the code google gave was copied correctely and there was no case mistakes
no point in Internet being full of questions with no answers