Issue with building an API on top of Devise - ruby-on-rails-3

I'm building a JSON API on top of devise in order to be able to communicate from mobile devices.
So far so good, I am able to create a user account, to get an auth_token. But when I am trying to perform a PUT request, I get some problems , for example the update action for the user. The behavior is really stange, and I can't figure out what is wrong.
curl -i -H "Accept: application/json" 'http://localhost:3000/users' -X PUT -d 'auth_token=A830ALUv7ztTdSfl3qxFgi13BJpEf6VzNYe4yk8rEhVxbYYlOc0YMtTGMxkz&user[name]=plop'
Returns
HTTP/1.1 401 Unauthorized
Connection: close
Date: Wed, 02 Mar 2011 06:41:29 GMT
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
X-UA-Compatible: IE=Edge
X-Runtime: 0.157513
Transfer-Encoding: chunked
{"error":"You need to sign in or sign up before continuing."}
On the logs on the server i get this .... Really strange.
Started PUT "/users" for 127.0.0.1 at 2011-03-01 22:41:29 -0800
Processing by Users::RegistrationsController#update as JSON
Parameters: {"auth_token"=>"A830ALUv7ztTdSfl3qxFgi13BJpEf6VzNYe4yk8rEhVxbYYlOc0YMtTGMxkz", "user"=>{"name"=>"plop"}}
Completed in 1ms
Whereas if I modify just the name of the post value from user to users form example, the request works
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Mar 2011 06:43:30 GMT
Content-Type: application/json; charset=utf-8
ETag: "5e1311709931861e469ce2c8a3b2d0e6"
Cache-Control: max-age=0, private, must-revalidate
X-UA-Compatible: IE=Edge
Set-Cookie: _u_session=BAh7CEkiGXdhcmRlbi51c2VyLnVzZXIua2V5BjoGRVRbCEkiCVVzZXIGOwBGWwZvOhNCU09OOjpPYmplY3RJZAY6CkBkYXRhWxFpUGGaQG%2FaX1pAfhpAaRpAexpAGkAaQ1JIiIkMmEkMTAkMDVBeDczV29UdVFEZHQxZ1JjN0NXdQY7AFRJjW9uRGlzcGF0Y2g6OkZsYXNoOjpGbGFzaEhhc2h7BjoLbm90aWNlSSIrWW91IHVwZGF0ZWQgeW91ciBhY2NvdW50IHN1Y2Nlc3NmdWxseS4GOwBUBjoKQHVzZWRvOghTZXQGOgpAaGFzaHsASSIPc2Vzc2lvbl9pZAY7AEYiJTcyNmIyZjJiODZhOTBiNjUwZDlhZmIwMzA5MTRkMTlm--0e15953fd7edecb0e08255349c4e55f1eddc8d81; path=/; HttpOnly
X-Runtime: 0.162436
Transfer-Encoding: chunked
{"redirect":"/","status":"ok"}
I precise that, even without my code(For the API) I can't perform this request !!!!
Thanks for your help !

I don't believe that Devise handles JSON calls, there is an open issue on github that is scheduled for the 1.3 release to address this problem.

Related

Jmeter not showing up proper response instead giving details of server and connection details

I am using Jmeter 5.4.1 version, my API is of oauth1.0 type. When I ran my api through postman , it gave my proper json response for example an proper id, but the same api when ran through jmeter gives 200 response code but giving details of server and connection in response body and not the reponse that is expected(a proper id).
Below is the response :
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 12 May 2021 12:33:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=eqvp0l22u2jo30moqn194meugp; expires=Wed, 12-May-2021 13:33:10 GMT; Max-Age=3600; path=/; domain=dev.moorup.no; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
enter image description here
You're looking at Response Headers tab of the View Results Tree listener therefore you're seeing the HTTP Response Headers
Just switch to Response Body tab and you will be able to see "raw" HTML Response and several options of rendering it:
Also be aware that it is possible to convert your Postman scripts to JMeter, for OAuth you will still have to do some correlation, but for the main logic record and replay should work more or less fine

How to test with api-designer (RAML editor)?

Just like postman does, does api-designer support that?
I try to POST my request to my service (127.0.0.1:8180) and if I click 'API is behind a firewall', it POST http://127.0.0.1:8180/v1/deviceļ¼Œand the response is:
Status
0
Headers
If uncheck 'API is behind a firewall', it POST /proxy/http://127.0.0.1:8180/v1/device, and the response is
Status
404
Headers
connection:
keep-alive
content-length:
51
content-type:
text/html; charset=utf-8
date:
Fri, 09 Sep 2016 14:24:06 GMT
x-content-type-options:
nosniff
x-powered-by:
Express
Body
Cannot POST /proxy/http://127.0.0.1:8180/v1/device
1
Cannot POST /proxy/http://127.0.0.1:8180/v1/device
CozyAzure.
Unfortenly, api-designer has several problems with the proxy. I didn't spend much time for the issue and started to use postman collections for this. You can Importing RAML folders as Collections and make a request with postman.

How to test user registration api with paw?

What do I set in Paw to allow for a login? I have tried to use the allow cookies with to no avail.
I am working through this tutorial on Github to learn the MEAN stack. Sign up seems to be working but sign in is not.
Sign up request is:
GET /auth/success HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: connect.sid=s%3A6q22s9GpNRDITB3wKBoxS1emnKCcIR3B.pI3dzqqtSBSBVgkzl7Uib4aqNAf%2Bh5iszoWDMzWPpR8
Host: localhost:3000
Connection: close
User-Agent: Paw/2.2.2 (Macintosh; OS X/10.10.3) GCDHTTPRequest
and the result is:
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 121
ETag: W/"79-56130229"
Date: Thu, 18 Jun 2015 19:52:43 GMT
Connection: close
{"state":"success","user":{"username":"admin","password":"$2a$10$AD5NBc6c6iZ09/eXuYd9oOfTEZ6MnRNYWneLy.SNPFAWf/HX1V0.6"}}
The user is created. But the login request fails every time; the request is:
GET /auth/failure HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: connect.sid=s%3A6q22s9GpNRDITB3wKBoxS1emnKCcIR3B.pI3dzqqtSBSBVgkzl7Uib4aqNAf%2Bh5iszoWDMzWPpR8
Host: localhost:3000
Connection: close
User-Agent: Paw/2.2.2 (Macintosh; OS X/10.10.3) GCDHTTPRequest
the response is:
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 72
ETag: W/"48-ed4f121"
Date: Thu, 18 Jun 2015 19:53:03 GMT
Connection: close
{"state":"failure","user":null,"message":"Invalid username or password"}
What it comes down to is: Is there something in paw that needs to be enabled to allow sign in testing or is my code more likely to be the problem? My code is almost verbatim from the module three part of that Github repo linked above. Any and all help would be appreciated.
Note: I did not post code on purpose as to not clutter the question. If you need to see something I can add it just let me know.
While I was not sure of my exact error I had with more trouble shooting i saw that you need to make sure that you have follow redirects on and cookies being saved.

How to upload zip attachment to issue using REST API?

i'm trying now to upload zip attachment through REST API but no success. It works, when I'm trying to attach picture, but when I use the same command for zip
curl -D- -u Bogdan:Password -X POST -H "X-Atlassian-Token: nocheck"
-F "file=#xla-snapshot.zip" http://localhost:5555/rest/api/2/issue/XA-1/attachments
I have such response:
HTTP/1.1 100 Continue HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1
X-AREQUESTID: 1352x1015x1 X-ASEN: SEN-2117746 Set-Cookie:
JSESSIONID=97A763E5E09F7F8476CEDF07A2ACD7C6; Path=/; HttpOnly
X-Seraph-LoginReason: OK Set-Cookie:
atlassian.xsrf.token=B7X0-QLNV-RIK8-C6T9|aca131a97f4fdb61cebd0bfb6681c66824d62464|lin;
Path=/ X-ASESSIONID: nzll4r X-AUSERNAME: Bogdan Cache-Control:
no-cache, no-store, no-transform X-Content-Type-Options: nosniff
Content-Type: application/json;charset=UTF-8 Transfer-Encoding:
chunked Date: Thu, 20 Nov 2014 21:32:11 GMT
When I modified and explicitly said content type that it is zip
url -D- -u Bogdan:Password -X POST -H "Content-Type:
application/zip" -H "X-Atlassian-Token: nocheck" -F
"file=#xla-snapshot.zip"
http://localhost:5555/rest/api/2/issue/XA-1/attachments
I got an "Unsupported Media Type" response:
HTTP/1.1 100 Continue HTTP/1.1 415 Unsupported Media Type Server:
Apache-Coyote/1.1 X-AREQUESTID: 1353x1016x1 X-ASEN: SEN-2117746
Set-Cookie: JSESSIONID=6225FF25F6D71BADB6890C9F448608B6; Path=/;
HttpOnly X-Seraph-LoginReason: OK Set-Cookie:
atlassian.xsrf.token=B7X0-QLNV-RIK8-C6T9|e2c7fc222c74c37f5080150df1cd865eaa8daf7e|lin;
Path=/ X-ASESSIONID: 1lbjx70 X-AUSERNAME: Bogdan
X-Content-Type-Options: nosniff Content-Type: text/html;charset=utf-8
Content-Language: en Content-Length: 1092 Date: Thu, 20 Nov 2014
21:33:07 GMT
Is it possible actually to upload archives via REST Api?
Actually the problem was that the file was too big for download, the limit is 10 Mb, and I was trying to upload more than it.
Quite sad that looking at this documentation https://docs.atlassian.com/jira/REST/latest/#d2e4527 there is no information about 404, when it can happen. And no information how you can guess the real cause

GitHub Not Recognizing Passed Client ID and Secret

By registering your application you can increase your rate limit for GitHub's API from 60 to 5000 requests[1]. You don't have to use OAuth and can simply pass you're client ID and secret in the URL to have GitHub recognize your application[2]. But when I curl the rate limit check:
curl -i https://api.github.com/ratelimit?client_id=xxx&client_secret=yyy
The following is returned:
HTTP/1.1 200 OK
Server: GitHub.com
Date: Sat, 13 Jul 2013 01:53:50 GMT
Content-Type: application/json; charset=utf-8
Status: 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 51
X-RateLimit-Reset: 1373683093
X-GitHub-Media-Type: github.beta
X-Content-Type-Options: nosniff
Content-Length: 55
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
Access-Control-Allow-Origin: *
ETag: "[redacted]"
Cache-Control: max-age=0, private, must-revalidate
Vary: Accept-Encoding
{"rate":{"limit":60,"remaining":51,"reset":1373683093}}
Does anyone know what I'm doing wrong? Do I really have to use the full OAuth?
Putting the URL in quotes when running the command fixed the problem.
It's worth noting that you can also register "Personal Access Tokens" from the Applications menu option inside GitHub. This gives you a token with the increased 5,000 API calls/hour without having to do the OAuth dance.