call to magento soap api expires immediately - api

I'm trying to do a call to the magento api to get the details of a specific customer. When I do this call I always get the following error:
PHP Fatal error: Uncaught SoapFault exception: [5] Session expired. Try to relogin. in /var/www/magento-client/magento-customer.php:12
Stack trace:
/var/www/magento-client/magento-customer.php(12): SoapClient->__call('call', Array)
/var/www/magento-client/magento-customer.php(12): SoapClient->call('a1a6863c7dadd95...', 'customer.info', 3)
{main}
thrown in /var/www/magento-client/magento-customer.php on line 12
I have a valid api user in the backend, the api session timeout in the backend is set to 9999999999999, and I've even tried to override the isSessionExpired function in the magento core code, but nothing works.
The code is as follows:
$url = 'http://magentourl/api/soap/?wsdl';
$apiUser = "user";
$apiPass = "password";
$proxy = new SoapClient($url);
$sessionId = $proxy->login($apiUser, $apiPass);
// Get new customer info
var_dump($sessionId);
var_dump($proxy->call($sessionId, 'customer.info', 3));
die();
Does anyone have any ideas what the problem could be?

This occurs if you send headers with the request, check if headers are sent.

maybe you should try to truncate the api_session table in the mysql database

Related

How to catch errors thrown from "FilesInterceptor" decorator

I'm using the NestJS #FilesInterceptor to parse an array of files in a multipart request, here's how I use it:
#FilesInterceptor('files', 3, { some other options })
I need a specific error to be thrown if more than 3 files are sent, but what I get is a socket hangup client-side
Error: socket hang up
and this is the error logged in the console of the server:
Error: Unexpected end of multipart data
In the end: server crashed :(
So, how can I catch this error to handle it and prevent crashing?
It doesn't seem to be an instance of HttpException so the exception filter is not useful.
I could have done the length check in the controller, but I need { some other options }, so I must set a value for the maxCount
I found out the problem: the server has a global interceptor that implements a timeout for incoming requests. If I remove it, then the error is parsed correctly to an HttpException the client gets a BadRequest as expected
I'm still confused about why this doesn't work when I put it all together...

Azure Storage : Unable to access Container blobs with defined Credentials

We are setting a Key for the Storage Account and then using to access the contents as below;
var storageCredentials = new StorageCredentials(mediaStorageAccountName, base64EncodedKey);
var storageAccount = new CloudStorageAccount(storageCredentials, true);
var connString = storageAccount.ToString(true);
Then, using the same "storageAccount" to create the Blob Client;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
And to get the Container;
var container = blobClient.GetContainerReference(ContainerName);
"storageAccount" Credential properties are "IsSAS" FALSE, "IsSharedKey" TRUE, "IsToken" FALSE and "KeyName" is NULL.
But, when Blob is being accessed with OpenReadAsync, its failing with following exception;
The remote server returned an error: (403) Forbidden.,The remote server returned an error: (403) Forbidden. Line number: Microsoft.WindowsAzure.Storage Trace: at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.EndExecuteAsync[T](IAsyncResult result)
at Microsoft.WindowsAzure.Storage.Blob.CloudBlob.EndExists(IAsyncResult asyncResult)
at Microsoft.WindowsAzure.Storage.Core.Util.AsyncExtensions.<>c__DisplayClass2`1.b__0(IAsyncResult ar)
It is basically getting all the references to Container/Blobs etc correctly (gives correct name), but when its tried to read/download/upload those, it fails.
Also, instead of using the "storageAccount" reference directly, even if it is secured with following, it gives same exception;
CloudStorageAccount storageAccount = new CloudStorageAccount(
new Microsoft.WindowsAzure.Storage.Auth.StorageCredentials(storageAccountName, base64EncodedKey), true);
What is wrong here and how to fix this?
Why is KeyName NULL? Is that causing this issue?
The 403 forbidden exception often caused by a wrong access key is used.
As you are using Authorize with Shared Key, all authorized requests must include the Coordinated Universal Time (UTC) timestamp for the request. You can specify the timestamp either in the x-ms-date header, or in the standard HTTP/HTTPS Date header.
The storage services ensure that a request is no older than 15 minutes by the time it reaches the service. This guards against certain security attacks, including replay attacks. When this check fails, the server returns response code 403 (Forbidden).
So, review your server datatime.

intermittent error from rally 'Not authorized to perform action: Invalid key' for POST request in chrome extension

I developed a chrome extension using Rally's WSAPI v2.0, and it basically does the following things:
get user and project, and store them
get current iteration everytime
send a post request to create a workitem
For the THIRD step, I sometimes get error ["Not authorized to perform action: Invalid key"] since end of last month.
[updated]Error can be reproduced everytime if I log in Rally website via SSO before using the extension to send requests via apikey.
What's the best practice to send subsequent requests via apikey in my extension since I can't control end users' habits?
I did see some similar posts but none of them is helpful... and in case it helps:
I'm adding ZSESSIONID:apikey in my request header, instead of user /
password to authenticate, so I believe no security token is needed
(https://comm.support.ca.com/kb/api-key-and-oauth-client-faq/kb000011568)
url starts with https://rally1.rallydev.com/slm/webservice/v2.0/
issue is fixed after clearing cookies for
https://rally1.rallydev.com/, but somehow it appears again some time
later
I checked the cookie when the issue was reproduced, and found one with name of ZSESSIONID and its value became something else rather than the apikey. Not sure if that matters though...
code for request:
function initXHR(method, url, apikey, cbFunc) {
let httpRequest = new XMLHttpRequest();
...
httpRequest.open(method, url);
httpRequest.setRequestHeader('Content-Type', ' application\/json');
httpRequest.setRequestHeader('Accept', ' application\/json');
httpRequest.setRequestHeader('ZSESSIONID', apikey);
httpRequest.onreadystatechange = function() {
...
};
return httpRequest;
}
...
usReq = initXHR ('POST', baseURL+'hierarchicalrequirement/create', apikey, function(){...});
Anyone has any idea / suggestion? Thanks a million!
I've seen this error when the API key had both read-only and full-access grants configured. I would start by making sure your key only has the full-access grant.

Login to yammer through axapta

I have an assignment to develop a functionality for the Microsoft Dynamics AX (2012) i.e. in the SalesTable form I need to open a browser with automatically authentication to Yammer.
By analyzing the http webRequests (with Fiddler tool ) I have discovered that for this purpose there several web request are sending (with specific parameters and cookies) in certain sequence, such as:
1. https://www.yammer.com/oauth2/authorize?client_id=VALUE&redirect_uri=https://www.yammer.com
2. https://www.yammer.com/dialog/authenticate?client_id=VALUE
3. https://www.yammer.com/images/public-site-spacer.gif
4. https://persona.yammer.com/login_provider.json?email=VALUE&state=VALUE
5. https://login.microsoftonline.com/common/oauth2/authorize?client_id=VALUE&domain_hint=VALUE&login_hint=&nonce=2VALUE&redirect_uri=VALUE&response_mode=query&response_type=id_token&scope=open_id&site_id=VALUE&state=VALUE
6. https://login.microsoftonline.com/common/userrealm/?user=VALUE&api-version=VALUE&stsRequest=VALUE&checkForMicrosoftAccount=VALUE
7. https://login.microsoftonline.com/common/login
All these request I sending programmatically and can catch the web Response object from such web request, except request #7. With Fiddler tool I can see than additional request has been send automatically to the:
1. https://persona.yammer.com/office_sessions?id_token=VALUE&state=&session_state=VALUE
and to the URI above just after #8
2. https://www.yammer.com/?persona_token=VALUE&state=
When I try to create requests #8 and #9 programmatically (let’s say #8My and #9My) I have an error.
My final goal is to get some mandatory parameters such as: ("browser_token", "oauth_token" and "code") from the webResponses on the #8 and #9 requests.
Can you please help me to define how to get them? Maybe I should skip some request listed above or add some additional requests (which one?)?
Thank you
Commented as of 16.06.2016
I will try to localize the problem (because there are quite a lot of gaps and for the sake of clarity I will ask questions one by one), thank you for understanding.
Below there is a screenshot of my requests
enter image description here
On the step #7 I’m sending the following request:
GET https://persona.yammer.com/login_provider.json?email=myEmail#myDomain.com&state=41a563bc24e263ed5b35fbe63e7c5c556a0477024d88b28fb012ed6de48b1d39 HTTP/1.1
Host: persona.yammer.com
Cookie: yamtrak_id=2b9ea0d1-55c4-4368-b893-d9b7e3b1da32
Fiddler shows me, that in response of this request (#7), there is parameter “_session_id=” (value is showed below and in red rectangular on the screenshot)
_session_id=Zlk2YjlkcFZPdTZlOHAwVHl4L0lodC85K1VvaUFkbWxNZU5LZzNLcWR6SU1JWEI4c0l1aFpjMmhGNlllcEFVQ1VtNVN6R1lwTGxoZFNIYW5zb3pKSlE9PS0tdWxIVXEzR3JIN0RQcUsvU2svOVY4QT09--6fc208ae3d6d939e3e2e7eecfffd1d23d3051f39;
This parameter (_session_id) will be used in request #12.
But when I grab (programmatically) the cookies in response of the request #7, the value of this parameter is absolutely different from mentioned above (and the name of the parameter is “_session=” (instead of “_session_id=”).
_session=BAh7CUkiD3Nlc3Npb25faWQGOgZFRkkiJTU0OGYyOTQ0YTAxNzYyNjUzZmJlMGI2ZmZjOTU3ZWI4BjsAVEkiC21vYmlsZQY7AEZGSSIQX2NzcmZfdG9rZW4GOwBGSSIxTlZRZkFJRTZHeHdJWUtxcUtVNHEzWXNKeDZ2Z2FiQUZ6NXJIalM0Nk0zTT0GOwBGSSIKZmxhc2gGOwBGbzolQWN0aW9uRGlzcGF0Y2g6OkZsYXNoOjpGbGFzaEhhc2gJOgxAY2xvc2VkRjoNQGZsYXNoZXN7CToKZXJyb3IwOgl0cmZlMDoLbm90aWNlMDoJdHJmbjA6CUBub3cwOgpAdXNlZG86CFNldAY6CkBoYXNoewk7CVQ7ClQ7C1Q7DFQ%3D--ea5007eba2efabc2627f2e5af66c4c57f22d53bb
Here is the code of how I’m getting the Cookies string from the HttpWebResponse
public string getStringCookies(System.Net.HttpWebResponse _response)
{
string cookies = string.Empty;
try
{
cookies = _response.Headers["Set-Cookie"];
}
catch (Exception ex)
{
Console.WriteLine("Error in SetCookies: " + ex.Message);
}
return cookies;
}
So the question is: what should I do in order to catch the _session_id parameter in the response of the request #7?

Deleting Webhooks

I have a shop with permission to read|write both orders and products. I setup some Webhooks and now I want to delete them. I am getting back 401 errors.
Starting with 4 webhooks
Trying to delete webhook 1982492
Error nil, Failed. Response code = 401. Response message = Unauthorized.
Trying to delete webhook 1982494
Error nil, Failed. Response code = 401. Response message = Unauthorized.
Trying to delete webhook 1982496
Error nil, Failed. Response code = 401. Response message = Unauthorized.
Trying to delete webhook 1982498
Error nil, Failed. Response code = 401. Response message = Unauthorized.
Ended with 4 webhooks
So, how does one delete Webhooks set on products and orders?
Webhooks (and ScriptTags) that are created by an app are automatically removed when the app is uninstalled. It looks like that might be what is happening here.
If you are doing this in response to an app/uninstalled webhook, there is no reason. It's already handled!
If you remove the endpoint that the webhook connects to, it will be deleted after 19 attempts to connect to it.
From the shopify docs (http://wiki.shopify.com/WebHook#Automatic_Retries_and_Deletion)
If an error is returned or a timeout occurs when sending a webhook,
Shopify will retry the same request for 48 hours using an exponential
back-off approach. In total 19 attempts will be made to deliver the
information.
You can also just delete the app, it will remove the webhooks
Here’s a conversation with my Shopify console to show it working correctly:
$ shopify console
using iliketurtles.myshopify.com
irb(main):001:0> include ShopifyAPI
=> Object
irb(main):002:0> w = Webhook.create topic: "orders/create", address: "http://whatever.place.com", format: "json"
=> #<ShopifyAPI::Webhook:0x007f8ff1895778 #attributes={"topic"=>"orders/create", "address"=>"http://whatever.place.com", "format"=>"json", "id"=>2026848, "created_at"=>"2012-08-10T15:11:25-04:00", "updated_at"=>"2012-08-10T15:11:25-04:00"}, #prefix_options={}, #persisted=true, #remote_errors=nil, #validation_context=nil, #errors=#<ActiveResource::Errors:0x007f8ff18948c8 #base=#<ShopifyAPI::Webhook:0x007f8ff1895778 ...>, #messages={}>>
irb(main):003:0> w.destroy
=> #<Net::HTTPOK 200 OK readbody=true>
As others have mentioned, I think your issue is permissions related.