Delphi RESTClient Joomla get user token - authentication

I am attempting to use TRESTClient/REST Debugger to get the User ID and token from a Joomla website.
The url is as follows:
For the Login API Call Please provide the Username and password in the API request body - https://thesite.com/index.php?app=users&resource=login&option=com_api&format=raw
The request must contain 2 values:
key-> username, value-> exampleUser
key-> password, value-> xyz
I am failing to get the correct response. I am able to get results from other resources from the same website, but this I am only getting an empty body.

You need to change the parameter type of the username and password parameter to BODY instead of GET/POST. This will place them into the request body instead of the URL.

Related

Get new access token with Authorization Code OAuth2 - Using Robot framework

I have some troubles with getting Access token with grant type authorization code using Robot framework with Oauth2.
We use also a username/password authentication and after give the following parameters we get back our access token:
Grant Type, Callback URL, Auth URL, Access Token URL, Client ID, Client Secret, Scope, State.
I tried with RequestsLibrary and ExtendedRequestsLibrary as well, but no success so far.
Actually I do not know how to add parameters: callback url, auth url, access token url and state.
First try - using RequestsLibrary
Get admin token
&{HEADER_TOKEN}= Create Dictionary Content-Type=${CONTENT_TYPE}
&{DATA_TOKEN}= Create Dictionary token_name=backend_token grant_type=${GRANT_TYPE} redirect_uri =${CALLBACK_URL} auth_url=${AUTH_URL} access_token_url=${ACCESS_TOKEN_URL} client_id=${CLIENT_ID} client_secret=${CLIENT_SECRET} scope=${SCOPE} state=${STATE} username=${USERNAME} ${PASSWORD}
${BACKEND_RESPONSE}= RequestsLibrary.Post Request ${BACKEND_SESSION} /oauth/token data=${DATA_TOKEN} headers=${HEADER_TOKEN}
Log to console ${BACKEND_RESPONSE}
Should Be Equal As Strings ${BACKEND_RESPONSE.status_code} 200
Second try - using ExtendedRequestsLibrary
Get brand new admin token
${SESSION_RESPONSE}= Create Password Oauth2 Session client ${TOKEN_URL} ${CLIENT_ID} ${CLIENT_SECRET} ${USERNAME} ${PASSWORD} base_url=${BASE_URL}
&{HEADER_TOKEN}= Create Dictionary Content-Type=${CONTENT_TYPE}
&{DATA_TOKEN}= Create Dictionary token_name=client grant_type=${GRANT_TYPE} callback_url=${CALLBACK_URL} auth_url=${AUTH_URL} access_token_url=${ACCESS_TOKEN_URL} client_id=${CLIENT_ID} client_secret=${CLIENT_SECRET} scope=${SCOPE} state=${STATE}
${BACKEND_RESPONSE}= ExtendedRequestsLibrary.Post Request client /oauth/token data=${DATA_TOKEN} headers=${HEADER_TOKEN}
Log to console ${BACKEND_RESPONSE}
Should Be Equal As Strings ${BACKEND_RESPONSE.status_code} 200
Log to console ${BACKEND_RESPONSE.status_code}
If you have any idea just let me know.
thx!
using RequestsLibrary try with this approach it should work:-
Create Session baseUri https://xxxxxx.xx.xxx/xxx/xx verify=True
&{params}= Create Dictionary client_id=${client_id} client_secret=${client_secret} grant_type=${grant_type}
&{headers}= Create Dictionary Content-Type=application/json
${resp}= Post Request baseUri /oauth/token none none ${params} ${headers}
Log to Console ${resp.json()['access_token']}
Status Should Be 200 ${resp}
you are passing data=${DATA_TOKEN} as a body in your post request. You need to send it as query params. First parameter will be alias 2nd is uri 3rd is data 4th is Json and 5th is query params so in
Post Request baseUri /oauth/token none none ${params} ${headers}
you will find 3rd and 4th parameter as none. Hope this works

Unable to test login using jmeter

I am newbie to jmeter. I am trying to test to login to my site say (example.com/session/new).
I have added the http cookie manager and 2 http request defaults.
In the first, am visiting example.com/session/new and extracting the authenticity token in the response data using regex meta content="(.+?)"name="csrf-token" . Now, in the second http request, I have a post request with the parameters as
name:utf value:(tickmark)
name :authenticity_token value: ${token}
name:email value:test#test.com
name:password value:test.
name:commit value:Sign In
And then am asserting for a text post login.
When I run the test, the assertion fails. as it results in 404.
In the request, I can see utf8=%E2%9C%93+&authenticity_token=%24%7Btoken%7D&email=test%40test.com&password=test&commit=Sign+In. Please help me fix this.
I know this is an old post, but I've been struggling with this exact same query, so I've decided to post my answer in case it helps anyone - it worked first time for me. So after requesting the login page for my site, the following csrf token is embedded in the html response;
<input type="hidden" name="csrfToken" value="fe5a48ebda7b98cbbf885b4a220ebe0c23b11125-1459096615520-1ac64aa945986cb1bd318d9c"/>
So when making the initial request for the login page, instead of using a Regular Expression Extractor, if the token is in the body of the HTML response, use an XPath Extractor instead.
If your response is not XML/XHTML compliant then tick the 'use tidy' checkbox.
For reference name add the reference you wish to refer to the token as e.g. token. When you add your parameters to the login request, you can then refer to your csrfToken as ${token}
Then for X-Path query use;
//input[#name="csrfToken"]/#value
The following tutorial shows you how to use a Regular Expression Extractor, but it should also help you to understand how to set up the query a bit more;
https://www.youtube.com/watch?v=SVxB3Tk4O4A&feature=iv&src_vid=hGkrSFKcj10&annotation_id=annotation_85358
Looks like you did every thing good , except correlation . After decoding your error url , I found that you correlation is not working . Below is the decoding URL "utf8=✓ &authenticity_token=${token}&email=test#test.com&password=test&commit=Sign In."
In your "Regular expression extractor" add below details
1. Reference Name:token
2. Regular Expression : name="csrfToken" value="(.+?)"
3. Template : $1$
4. Match No: 1
Note: Check the occurrences of "csrfToken", if you required first occurrence then enter 1 , if you required 2nd occurrence enter 2 ....etc.

Disqus - How to pass current logged in user?

I am using Disqus API to fetch details of the logged in user. I am not sure how to pass the current logged in user.
I have both api_key(public) and remote_auth and I am using Jquery ajax to send api request over http.
If I do something like this,
https://disqus.com/api/3.0/users/details.json?api_key=[apikey]
It says "You must either provide a user or authenticate the user." Now I have the loggedin users remote_auth.
FYI: This is how I am creating the remote_auth. Example User Id: 3096795, email = "a#a.com", Name="Test". Now when this user logs in to the website, it logs in to Disqus as well. I can see this user in http://disqus.com/api/sso/users/ with id = 3096795.
I have couple of questions:
1) Can I use jquery ajax to send a authenticated user and get user details? Or this can be done only via Server side? (Java/Php)
2) If I pass ?remote_auth=[remote_auth] as a query string, will it work?
3) if yes, remote_auth value has spaces in between HMAC->SHA1(secret_key, message + ' ' + timestamp) so how can I pass it as query string parameter?
4) If no, then how to pass a user to the listActivity.json endpoint? If I am passing the userid, then it returns me some other user and not the user I created.
The below request returns a different user.
https://disqus.com/api/3.0/users/details.json?api_key=[apikey]&user=3096795
How can I ensure the userid I am passing is unique and not already taken by a different disqus account?
Am I missing something?
Your remote_auth is a form of authentication, just like access_token, so you'll want to pass that in your request as remote_auth=<YOUR_PAYLOAD>.
If you pass "user=" that ID would have to be the Disqus user ID, which isn't the same as your remote_auth ID. Your remote_auth is a form of authentication, just like the access_token. However, keep in mind that we don't return as many details for SSO users as authenticated Disqus users. This is because the details are managed by you, the SSO site owner.
To answer your other questions:
You can use the client-side API to get these details, but we recommend the server-side API + caching the results to avoid bumping into API limits.
URL-encode the payload and this will work
Easier using https://github.com/anthavio/disquo
DisqusApplicationKeys keys = new DisqusApplicationKeys("...api_key...", "...secret_key...", "...access_token...");
DisqusApi disqus = new DisqusApi(keys);
//SSO is available only to premium accounts
SsoAuthData ssoauth = new SsoAuthData("custom-12345-id", "Firstname", "Surname");
//SSO User identity is used to create post
disqus.posts().create(ssoauth, keys.getApiSecret(), threadId, "Hello world " + new Date(), null);

Verify user through PayPal GetVerifiedStatus API

I have been trying to get this GetVerifiedStatus API to work but it just doesn't work.
I have tried using a valid email address on
http://www.dev-tool.com/pptester/NVP/CallType.aspx?ServiceID=51&CallTypeID=53
As well as directly and through curl but they all give error of 'Api credentials are incorrect'.
Does anyone know how to do it?
Then I have another question, paypal says that GetVerifiedStatus API takes in email,first name and last name. (as mentioned in )
However there is this guy who says that he verified using email, password and signature successfully... anybody has any idea where do password and signature comes in it from?
Thanks
The link you're referring to is talking about an API username, password and signature.
To use GetVerifiedStatus, you must send email, firstName, lastName and matchCriteria.
See also page 63 of https://www.paypal-biz.com/development/documentation/PP_AdaptiveAccounts.pdf
To use GetVerifiedStatus.php here is what you have to do:
Create an account paypal sandboc
Create a preconfigured account
Click on API and Payment Card Credentials to view your account credentials
Update the following code with the credentials you got from step 3
//PayPal API Credentials
$API_UserName = "sbapi_1287090601_biz_api1.paypal.com"; //TODO
$API_Password = "1287090610"; //TODO
$API_Signature = "ANFgtzcGWolmjcm5vfrf07xVQ6B9AsoDvVryVxEQqezY85hChCfdBMvY"; //TODO
//PAYPAL SANDBOX LOGIN EMAIL
$API_SANDBOX_EMAIL_ADDRESS = "rishaque#paypal.com"; <<<<< THIS IS YOUR LOGIN EMAIL ADDRESS
I hope this help.

Twitterizer 2; Argument null exception

I 'm a newbie to twitter api/twitterizer. I get the following exception for the code shown below. The error occurs when i request access token. Any suggestion on how to fix this??
I downloaded the latest dll(2.3.1) from the twitterizer website.
{"Value cannot be null. Parameter name: String"}
Dim OAuthTokens As New OAuthTokens
Dim accessToken As New Twitterizer.OAuthTokenResponse
accessToken = OAuthUtility.GetAccessToken(ConsumerKey, ConsumerSecretkey, "oauth_token", "oauth_verifier")
thanks
As I said on the forums, the oauth_token and oauth_verifier are given to you in previous steps of the authorization process. Calling the GetAccessToken method is the last step in the process.
Here's an over-simplification of the steps:
1. Get a request token
2. Send/Redirect the user to the authorization/authentication url
3. (The user logs in, grants you access, and Twitter directs them back to your application)
4. Exchange the request token for an access token