I am writing an application using data from Redmine. I use its REST API to get data.
It works fine with projects or issues, but when I try to access users' data I just can't because it asks for credentials in the browser, and it responds with HTTP error code 401 to my HTTP request from my program.
How do I find a solution to this problem?
Environment:
Redmine version 2.1.2.stable
Ruby version 1.8.7 (i386-mingw32)
Ruby on Rails version 3.2.8
Environment production
Database adapter MySQL
I've figured out. It is described very detailed on the Redmine wiki.
There are a couple of options to authenticate yourself.
The easiest is to include a plus field in your query, named key. You must include your user's REST API key there in each query.
Like:
localhost/redmine/users.xml?key=eaksdnynkdnasdfnaskdsar
It is very interesting because in earlier versions (2.1.0) it asks for the authentication for each XML file. But in my version, 2.1.3, it doesn't ask, only if I request users data.
Related
I just installed Directus, but I have to create the HTML interface, and I can't extract the data via the API. How can I use the static API? That is, with some kind of static token (the front will do it with PHP).
I have the Directus suite (APP + API https://github.com/directus/directus) installed and the HTML will be hosted on the same server.
Directus has built-in static tokens that can be assigned to any Directus User, and inherits that user's permissions. You can set this static token in directus_users.token (plaintext), and then use it to authenticate to the API. This is less secure than the other auth methods, but that depends on how you use it.
https://docs.directus.io/api/reference.html#tokens
The other option would be to set the data you need to "public". Obviously that only works if that data is public (READ)... but that is the case for many websites.
Thanks RANGER, I have the following installation:
URL:
https://cms.domain.com/public/ (APP + API Directus)
I have reviewed the column of the table you comment, and there is indeed a token already established:
BGJFwQ1KlHnH91V2oIwMbOsG
$contents = file_get_contents('https://cms.domain.com/public/_/collections/categories?access_token=BGJFwQ1KlHnH91V2oIwMbOsG');
var_dump($contents);
But it does not work, I have read the documentation more than 10 times and I have been with the subject for days, I wanted to solve it myself, but I cannot find the error using file_get_contents () or curl in PHP to call the API.
The Directus ADMIN is in:
https://cms.domain.com/public/admin/#/
I have taken the token from the ADMIN user, and therefore I understand that you have all the permissions to use the API. In the example, I wanted to list the "categories" (collection), which have 3 records.
Solved: curl https://cms.domain.com/public/name-of-project/collections?access_token=BGJFwQ1KlHnH91V2oIwMb34343G
Solved: I should use the **project name instead of "_" (default project).**
I am sorry that it is such a basic mistake, but I have come across several people with this problem.
System Info:
Ubuntu 18.04.1
Apache 2.4.29
PHP 7.2.19
Server always reports that a csrf token on a login form is invalid. I have followed the symfony guide a couple Symfony guides https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-login-forms and https://symfony.com/doc/current/security/form_login_setup.html
I have searched all over and cannot seem to find things to look at. I have check all sorts of file permissions and the only thing I can think of is to use php version 7.1 where i know it works.
Here you can see the token generated on the /login and
And the same data in authenticator
PHP did not have write access to its session storage.
I'm trying to get omniauth-saml configured, but I'm not entirely sure what I need to put in app_id and app_secret for this configuration.
I'm using this gem: https://github.com/PracticallyGreen/omniauth-saml
If I leave those fields blank, of course I get:
Received wrong number of arguments. [nil, nil]
The documentation within the gitlab.yml file links to more documentation about gitlab and omniauth, but that document no longer exists (redirects to old README).
Any assistance would be appreciated, thanks!
https://github.com/gitlabhq/gitlab-public-wiki/wiki/Working-Custom-Omniauth-Provider-Configurations#working-cas-configuration
The working CAS configuration shows you how you skip using the standard configuration and just pass the options directly to the provider using devise.rb. That's how I would configure omniauth-saml as well.
I was able to get SAML working with Gitlab 6.2.4, but it is not the most elegant solution. I am using Okta as the IdP, but I believe the configuration is sufficiently generic and could be applied to any SAML IdP.
Added omniauth-saml to the Gemfile and ran bundle
bundle install --without development test postgres --path vendor/bundle --no-deployment
Created GITLAB/config/initializers/omniauth.rb
Devise.setup do |config|
config.omniauth :saml,
idp_cert_fingerprint: "your IdP certificate fingerprint",
idp_sso_target_url: "your IdP SAML end point"
end
Modified GITLAB/app/controllers/omniauth_callbacks_controller.rb (added this following the definition for ldap)
def saml
handle_omniauth
end
I had to manually add the callback for SAML as I was getting the same error as the original poster when I tried to properly define SAML as a provider in gitlab.yml. This is the only way I could get Gitlab to start and authenticate via SAML. This feels very hacky, so there is probably a more elegant way to implement this; however, I could not find an example anywhere.
https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations#working-saml-configuration
I managed to get it to work, so I documented the procedure on the GitLab wiki.
EDIT: It seems like SAML is now supported officially. No Single Logout yet, though… This seems to be an omniauth limitation.
I am creating an application based on Rails and AngularJS. I would like to implement an authentication system by using gem Devise.
I am wondering how to do it. I read some articles about attribute :token_authenticatable : I will have to put my token at the end of all requests I will send.
I have also read this demo project https://github.com/sectore/CafeTownsend-Angular-Rails
They have implemented a SessionService which can create and delete server session. (I suppose, I can use Devise for this job). In rails controler, they get session[:user_id] to know if user is authenticated or not...
My question : Do I need a token system or a cookies system to authenticated my requests ?
Thanks
If your server will be on the same domain as your client, ie: will only be expecting request from your angular client, and the client is hosted on the same URL as the server, then you should use cookies over ssl (for simplicity), EG:
Your site:
www.myangularsite.com/somepage
Your Server
www.myangularsite.com/someserverfunction
They both have the same domain.
However, if you plan on having your server side on a different URL, maybe as an API, then go with tokens, EG:
Your site:
www.myangularsite.com/somepage
Your Server
api.myangularsite.com/someserverfunction
or
myrubyapi.com/someserverfunction
The URL domain is different.
I have foursquare app that gets authorization from Foursquare. It used to work but after the server upgrade it stopped working as timeout after 30 seconds.
We were using Apache 2.2.6 and PHP 5.2.12 and upgraded it to Apache 2.2.22 & PHP 5.3.17. We updated php codes according to 5.3.17 which are mostly db stuff. Anyhow our Foursquare server side app isn’t not working since. We tried it on other old server with old setup, then it works.
Specifically, access token is not returned on the request for authorization on our app when a user try to use it.
We are using this format below for making the request.
https://foursquare.com/oauth2/access_token
?client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&grant_type=authorization_code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
&code=CODE
All of values are filled accordingly.
Any hint or clue would be helpful!
You can try requesting the URL from your browser, and seeing the response generated. This should give you more information about the error occurring.
In your browser, you can imitate a user and follow the flow that they would use to authorize your app. Then, you can take the code parameter from the url, and visit the access_token link in your browser to see the response.