MalformedURLException in application tests - testing

I'm working on application tests and have found an issue.
My app. has an authenticate(email, password) action inside the
Security controller and when invoked, from the login page, with a
valid e-mail and invalid password it sends me back to the login page
with an error message, located in the flash scope.
The app. test code follows :
Response response =
GET("/security/authenticate?email=validUser&password=invalid", true);
String pattern = "invalid password";
assertContentMatch(pattern, response);
When this code is run throws the next exception :
A java.lang.RuntimeException has been caught,
java.net.MalformedURLException: no protocol: /login
Did some research and found that :
the exception is thrown when a new URL object creation is attempted,
to be able for redirection, using an invalid URL. In this case no
protocol is present
looking at app. test in samples apps. GET is used without
redirection, meaning that after GET only the http code is verified but
no attempt to follow the redirection
Has anyone had this same issue also ?
Any open bug to look for info or add my 2 cents ?

Here you can find a description of the problem as well as code snippet to work around the issue:
https://play.lighthouseapp.com/projects/57987/tickets/1553-functionaltestget-with-redirect-crashes

Related

Auth0 invalid state parameter in go lang

I have been following the Auth0 go example here, and it works fine when I am testing it locally, but when I deploy my test app, when going through the flow, I am getting an invalid state parameter.
I can see that the error is happening in this code block:
if r.URL.Query().Get("state") != session.Values["state"] {
// BUG it is failing here in prod
http.Error(w, "Invalid state parameter", http.StatusBadRequest)
return
}
If i highlight the URL in the browser, and press enter, the auth with work fine as expected and redirect me accordingly. It appears to me this is happening because the session cookie being generated by gorilla/sessions might not be ready on the first attempt, but on the second attempt it is, but this is a strict assumption.
I made sure that I am setting the pragma: no-cache header assuming that the browser, but thats not it.
Any ideas how to overcome this issue on a deployed app (the app is behind a https url).

MobileFirst Obtain Access token and Login give no response after setting WL.App.setServerURL

As per my requirement, I am using WL.APP.setServerURL before every login request WLAuthorizationManager.loginof mobilefirst.
When I do first an valid/Invalid login attempt it works fine. As on next attempt I do WL.App.setServerURL, and then WLAuthorizationManager.login (login request) OR WLAuthorizationManager.obtainAccessToken (obtain access token request) don't respond anything. No success and no fail. Although non-secure adapter method works fine.
If I do WL.APP.setServerURL only once on application startup, everything works fine but in between call cause application failure.
let url = ... //fetcht url from adapter call
WL.App.setServerUrl(url, function (sucess) {
WLAuthorizationManager.login(securityCheckName, loginParam).then((data) => {
.... //After login code
}, (response) => {
//Login fail code
});
}, function (error) {
});
Flow :-
I call above code on click of login button.I call a method to get server url from adapter first then I set that url as server url.
When I do an invalid attempt of login it works find for first time, and on next call MFP login, it doesn't respond. Not success nor fail in application.
I am getting error in native logs android.
Android Error logs :-
E/SecurityCheckChallengeHandler(30199): SecurityCheckChallengeHandler.submitChallengeAnswer in SecurityCheckChallengeHandler.java:51 :: submitAnswer has been called for unknown request
.
MobileFirst server version :- 8.0.0.00-20170911-123510
MobileFirst Cordova(plugin) version :- 8.0.2017102403
The WL.App.setServerUrl API is meant to be used sparingly whenever the app needs to connect to a server other than the one defined in mfpclient.properties. If you want to keep the server URL constant, you should just put it up in the mfpclient.properties.
Having said that, the behaviour you mention is not expected - can you update your question with a code snippet of your app performing login & setServerUrl

How to return 400 http error code instead of 401 without any scripts?

I need to return error code 400, when user enter bad credintials for suppress browser's basic auth dialog
But i cannot change response code on server side.
I guess it is possible with some .htaccess rules, but google don't have a answer to my question, i just found solutions for 403 -> 404, but it don't work for me.
How can i do that?
You can send custom error responses but you cannot change the actual error code returned. That would be a very practice.
See https://httpd.apache.org/docs/2.4/custom-error.html
Btw, if you enter bad credentials, you will be taken to the 401 page. You'll only get the auth dialog again if you try to reload the page (or, try to load protected items from the 401 page itself, which of course creates an infinite loop and never allows you to escape the auth dialog).

Add upload scope for vimeo API in https://api.vimeo.com/oauth/authorize will always return error

I try the vimeo oauth first step, get the authrization code, below is the browser url:
https://api.vimeo.com/oauth/authorize?response_type=code&client_id=*************&redirect_uri=************&scope=public+private+upload&state=**********
I set the scope is public private upload.
Then the web page always report me error:
An error has occurred. You won't be able to connect to Vimeo until it is fixed by the developer.
Dear app owner, we are unable to generate access tokens using one or more of the scopes you provided.
I use this and it works correctly:
https://api.vimeo.com/oauth/authorize?response_type=code&client_id=********&redirect_uri= http%3A%2F%2Fintrepidis.blogspot.co.uk%2F&scope=public%20edit%20upload&state=****
Just make sure the redirect_uri exactly matches (apart from url encoding) the Your Callback URLs section on the Vimeo developer page for your app.

FB.ui() with method: "feed" is broken

It seems that method: 'feed' within FB.ui() using FB JavaScript SDK is broken. Consider the following example:
Having an app running as Page Tab on a FB page AND Canvas-App
All needed fields in the app section are filled out correctly
Using FB.ui() with method: 'feed' to let a user tell someone about it
The link-Property of method: 'feed' is set the Canvas-URL and for testing to the Page Tab URL of the app
Everything worked for us until a few days ago (don't remember the exact day)
Debugged over and over and couldn't find a bug
We always get the following error, now even with apps that formerly worked:
"An error occurred with xxx. Please try again later.
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application."
At least you got an error message.
I've the same but the following :
"An error occurred with xxx. Please try again later."
No error code or something.
Did you changed something on your app config ?
Your error code might means :
bad redirect_uri (mb you hav'nt the same appId or something)
You just changed your app domain name and your redirect uri isn't in the same domain
Try to access your app with your redirect_uri, if an error shows up you need to fix your redirect.
Good luck !