Twilio mobile number verification - VerificationCheck was not found on Express - express

The requested resource /Services/serviceSSID/VerificationCheck was not found is the eroor showing in the console
my code is
otpLogin:async (req,res)=>{
console.log(req.body.otp);
try {
const isOTP = await client.verify.services(serviceSSID).verificationChecks.create({
to:`+91${req.body.phone}`,
code:req.body.otp
})
if(isOTP)console.log(isOTP);
return res.status(200).json({message:" mobile number verified"})
} catch (error) {
console.log(error.message)
return res.status(500).json({message:"something went wrong"})
}
}

Twilio developer evangelist here.
From the documentation:
Twilio deletes the verification SID once it’s:
expired (10 minutes)
approved
when the max attempts to check a code have been reached
If any of these occur, verification checks will return a 404 not found error like this:
Unable to create record: The requested resource /Services/VAXXXXXXXXXXXXX/VerificationCheck was not found
If you’d like to double check what happened with a given verification - please use the logs found in the Twilio Console under your Verification Service:
I've found that if you submit a form twice by clicking a submit button twice quickly, that the verification is successfully checked and then because it was a success deleted, then the second check fails with a 404 like this and that is the error result you see. To avoid this, you should stop users from being able to submit the form twice by disabling the submit button after the first attempt.

I can confirm that philnash 2nd statement is correct. However wouldn't it have been handled way better if instead we just get a response from client.verify.services(serviceSSID).verificationChecks that the 2nd (and so on checks) failed??

Related

React native in app purchase not giving latest receipt

I am using react-native-iap package. I am trying to get latest subscription and check its validity
await RNIap.validateReceiptIos(receiptBody, true).then((receipt) => {
try {
const renewalHistory = receipt.latest_receipt_info
const expiration = renewalHistory[0].expires_date_ms
expired = Date.now() > expiration
productId = renewalHistory[0].product_id
} catch (error) {}
})
I am multiple auto renewal subscription in a single group. I subscribe to one and I execute code above give me the subscribed product and i tag it as subscribed. First try works fine. Now after that I subscribe again another package and run code above gives me the previous subscription not the current that i subscribed. Sometime second steps also works fine but issue came in third step. Reason I found is I am not getting latest subscribed receipt info in latest_receipt_info above.
Have a look to this tutoriel on YouTube it may help you : https://youtu.be/4JLHRV2kiCU
Also, here is what he said in the comment section :
where I write renewalHistory[renewalHistory.length - 1], this works fine in the test environment. HOWEVER, it seems that when the app is published, this doesn't work and you should instead do renewalHistory[0].
I fixed this in my app by first trying to validate using the production URL, using renewalHistory[0].
If you receive a 21007 status code after trying to validate with the production URL, you validate using the test URL using renewalHistory[renewalHistory.length - 1]

intermittent error from rally 'Not authorized to perform action: Invalid key' for POST request in chrome extension

I developed a chrome extension using Rally's WSAPI v2.0, and it basically does the following things:
get user and project, and store them
get current iteration everytime
send a post request to create a workitem
For the THIRD step, I sometimes get error ["Not authorized to perform action: Invalid key"] since end of last month.
[updated]Error can be reproduced everytime if I log in Rally website via SSO before using the extension to send requests via apikey.
What's the best practice to send subsequent requests via apikey in my extension since I can't control end users' habits?
I did see some similar posts but none of them is helpful... and in case it helps:
I'm adding ZSESSIONID:apikey in my request header, instead of user /
password to authenticate, so I believe no security token is needed
(https://comm.support.ca.com/kb/api-key-and-oauth-client-faq/kb000011568)
url starts with https://rally1.rallydev.com/slm/webservice/v2.0/
issue is fixed after clearing cookies for
https://rally1.rallydev.com/, but somehow it appears again some time
later
I checked the cookie when the issue was reproduced, and found one with name of ZSESSIONID and its value became something else rather than the apikey. Not sure if that matters though...
code for request:
function initXHR(method, url, apikey, cbFunc) {
let httpRequest = new XMLHttpRequest();
...
httpRequest.open(method, url);
httpRequest.setRequestHeader('Content-Type', ' application\/json');
httpRequest.setRequestHeader('Accept', ' application\/json');
httpRequest.setRequestHeader('ZSESSIONID', apikey);
httpRequest.onreadystatechange = function() {
...
};
return httpRequest;
}
...
usReq = initXHR ('POST', baseURL+'hierarchicalrequirement/create', apikey, function(){...});
Anyone has any idea / suggestion? Thanks a million!
I've seen this error when the API key had both read-only and full-access grants configured. I would start by making sure your key only has the full-access grant.

Firestore: "There was an unknown error while processing the request"

This is my query:
var timesRef = db.collection('times');
var timesWeek = timesRef
.where('Date', '>=', this.mon)
.where('Date', '<=', this.sun)
.where('Task', '==', this.task)
.where('User', '==', this.user);
timesWeek.get()
.then(function(querySnapshot) {
querySnapshot.forEach(function(doc) {
console.log(doc.data());
});
})
.catch(function(error) {
console.log('Error getting documents: ', error);
});
It yields this error:
Error: The query requires an index. You can create it here:
https://console.firebase.google.com/project/myprojectlog-bd174/database/firestore/indexes?create_index=EgV0aW1lcxoICgRUYXNr...CGggKBERhdGUQAhoMCghfX25hbWVfXxAC
Problem is, when I click that link I arrive at a page with an error message in the middle: "There was an unknown error while processing the request. Try again". Every single time.
Could there be a typical reason why this happens?
I know I can create a composite index manually but I wasn't able to do so successfully (I tried to create one with Date: ascending, Task: ascending, User: ascending, I'm getting the same error).
Just in case here's a screenshot of the browser console.
Verify that the project corresponds with your current account, or try logout / login with the corresponding account for that project.
I think you are creating an index on a different project or you are using wrong project ID somewhere in your code. Your URL points to project myprojectlog-bd174, and in browser console screenshot it is timelog-bd174. Or you replaced manually when pasting here in question? :) Try opening that link from browser console in incognito window, you might have been logged in with wrong user on Firebase console or you have reached a limit for free plan.

Laravel 5.7 Handle email verification errors from API

I'm using laravel 5.7 to build an API REST.
When I add the verified middleware to my route group and I try to login with an unverified user by my client api, I get the error 400 Bad request. This error is too generic and don't show the problem clearly for my customer (it's happens in a login form).
If I to edit the render() method in Handler.php to ignore the isApiCall() and return parent::render($request, $e);, so I get the full error (Your email address is not verified, status 403), but when I try to return this in a json object with response()->json([$e]), the response is always empty.
So how to handle properly the api errors to be return the full message from exception, in this case?
You probably have already solved this problem, but this solution might help someone else:
The reason why your response was returning an empty array is because you were passing an Exception type object into the json function that is expecting an array. The response should look like this:
return response()->json(['message' => $e->getMessage()]);
This will return a json response like:
{
"message": "Your email address is not verified"
}

How to tell whether Accounts.addEmail succeeded or failed, and if it failed, the reason why

I have a page where the user can type in a new email address and then this method attempts to add it to their account:
Meteor.methods({
add_new_email: function(address)
{
Accounts.addEmail(Meteor.userId(), address);
}
});
I'm using the accounts-password package in Meteor.
I'd like to give the user meaningful feedback after they try to add the new address, in particular if it failed why did it fail? I have looked at the docs but there doesn't seem to be any method to find out failure reason.
I know that I can count the user's email addresses before and after trying to add the new one, but that doesn't tell me if the address already belongs to another user, or if it's an existing address of the user's, or whatever is the failure reason.
Is there any way to find out the result of an API call like this?
You can read the information about what this method does here:
https://github.com/meteor/meteor/blob/master/packages/accounts-password/password_server.js#L847
As you can see, the method will fail only in one case:
The operation will fail if there is a different user with an email
only differing in case
Therefore if the method fails you can tell to the user that the email is already registered.
After experimenting some more, it seems that all I need to do is add a callback to my client when I call the method, and check there for an error. Any error is automatically returned to the callback.
Server:
Meteor.methods({
add_new_email: function(address)
{
Accounts.addEmail(Meteor.userId(), address);
}
});
Client:
Meteor.call('add_new_email', 'me#example.com', function(error){
if (error) console.log("got an error " + error.reason);
});
I had not realised that the error from the API would be passed up into my method. Meteor - it's always more clever than I expect!
Note also that you can use Meteor.Error in your methods to throw errors which will be passed up to client callbacks in exactly the same way, see the docs:
if (!Meteor.userId()) {
throw new Meteor.Error("not-authorized", "You must be signed in to write a new post");
}
I know I'm a bit late to the party but I ran into this problem today and found your post.
I needed to be able to tell on the server side whether it failed or not so what I did was put it in a try-catch like so:
let addSucceeded = false;
try{
Accounts.addEmail(user._id, newEmailAddress);
addSucceeded = true;
} catch(err) {}
console.log(addSucceeded);
Only if the Accounts.addEmail does not fail will addSucceeded be set to true. To make sure I don't run into the "fail because it replaced the same user's email address in a different case" scenario, I always toLowerCase() the email address when saving.