I am using Dredd to test one of my endpoints. I think the test is failling due to the headers, because I'm getting the following expected:
headers:
Content-Type: application/json
body:
[
{
"id": 15107,
"name": "Route Name",
"date": "2022-01-27T09:00:00",
"full_user_name": "Test Admin",
"url": "api/2/users/1/routes/15107"
}
]
statusCode: 200
And the following actual:
statusCode: 200
headers:
date: Wed, 02 Feb 2022 12:54:11 GMT
server: WSGIServer/0.2 CPython/3.6.9
content-type: application/json; charset=utf-8
vary: Accept, Cookie
allow: GET, POST, PATCH, HEAD, OPTIONS
access-control-allow-origin: None
access-control-allow-methods: POST,GET
access-control-allow-headers: Origin,Content-Type,Accept,Accept-Encoding
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
content-length: 136
bodyEncoding: utf-8
body:
[
{
"id": 15107,
"name": "Route Name",
"date": "2022-01-27T09:00:00",
"full_user_name": "Test Admin",
"url": "api/2/users/1/routes/15107"
}
]
The only difference I see is the headers. Is there any way to ignore those? Like, for instance, content-length header. Maybe I only need to include the auth header in the Open API file. Right now I have specified documentation as follows:
...
securitySchemes:
ApiKey:
type: apiKey
name: Authorization
in: header
description: Authentication token
security:
- ApiKey: []
And running dredd as follows with a python server:
dredd oas-routes.yaml http://127.0.0.1:8000/api/2/users/1/routes --header="Authorization: Token 6b232e1c00bbc8b12d0066a483bf401009fbdb21"
Any idea how to do this correctly? I'm quite new to testing with dredd to be honest.
Related
https://fitness.googleapis.com/fitness/v1/users/{userId}/dataSources/{dataSourceId}/dataPointChanges
I could not find the data for the place holders in this link.
Could someone please point out where to find the dataSource and userId.
Thank you
I thought that that information would auto fill. But this is the response that I am receiving
HTTP/1.1 403 Forbidden
Content-length: 281
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Thu, 16 Feb 2023 20:21:30 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "PERMISSION_DENIED",
"message": "The caller does not have permission",
"code": 403,
"errors": [
{
"reason": "forbidden",
"message": "The caller does not have permission",
"domain": "global"
}
]
}
}
DELETE /blogger/v3/blogs/5513539034599838234/posts/4774307106656272015?key=AIzaSyC0W3U9uPnhVADKMhIb5Uj0EmunOsAh7oc&access_token= HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: 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
HTTP/1.1 403 Forbidden
Content-length: 281
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Wed, 15 Jun 2022 09:08:50 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-type: application/json; charset=UTF-8
`{
"error": {
"status": "PERMISSION_DENIED",
"message": "The caller does not have permission",
"code": 403,
"errors": [
{
"reason": "forbidden",
"message": "The caller does not have permission",
"domain": "global"
}
]
}
}'
I'm attempting to POST Authenticate using REST Client in vscode, but it isn't accepting my form-data. This is the http code from postman which appears to match specs on https://marketplace.visualstudio.com/items?itemName=humao.rest-client but I don't understand why it doesn't like my credentials when submitting from vscode. Any help or pointers greatly appreciated.
Request:
POST /myservicestack/authenticate/credentials HTTP/1.1
Host: services.mydomain.com
Accept: application/json
cache-control: no-cache
Postman-Token: cdax7d61-8d8b-4f3q-b45v-74a240f33693
Content-Disposition: form-data; name="UserName"
myemail#address.com
Content-Disposition: form-data; name="Password"
My Password!
Content-Disposition: form-data; name="RememberMe"
true
------WebKitFormBoundary7MA4YWxkTrZu0gW--
Response:
{
"responseStatus": {
"errorCode": "ValidationException",
"message": "Validation failed: \r\n -- 'User Name' should not be empty.\r\n --
'Password' should not be empty.",
"errors": [
{
"errorCode": "NotEmpty",
"fieldName": "UserName",
"message": "'User Name' should not be empty.",
"meta": {
"PropertyName": "User Name"
}
},
{
"errorCode": "NotEmpty",
"fieldName": "Password",
"message": "'Password' should not be empty.",
"meta": {
"PropertyName": "Password"
}
}
]
}
}
The tool here is a red-herring and you should be checking what data format the server endpoint is expecting its data in. Typically REST services are expecting requests as JSON, but that is not universally true.
So for example (including both header and body):
POST https://example.com/comments HTTP/1.1
content-type: application/json
{
"UserName": "myemail#address.com",
"Password": "My Password!",
"RememberMe": true
}
If you want to see what the server may be receiving, then you can check against a service such as https://requestbin.com/ - just don't include any sensitive data.
I am trying get all the possible regions to which a vm can be provisioned using the azure rest api.
The end point which i found is
https://management.core.windows.net/<subscription-id>/locations
which is documented here
but i am getting an error.
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>ForbiddenError</Code><Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message></Error>
Also i tried using the query param ?api-version=2016-04-01 and header x-ms-version: 2016-04-01 without any luck.
According to your error code ForbiddenError, it seems that there is no authorization or incorrect authorization in the header. If it is that case, please have a try to add the authorization in the header. Authorization format is starting with "Bearer" like "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIā¦..." . More info about how to get the access token please refer to the document. It works for me correctly, and I use the x-ms-version: 2014-10-01, details please refer to the snapshot.
You're using an ancient management endpoint.
Here's the query for ARM (using ARMClient):
C:\>armclient.exe get https://management.azure.com/subscriptions/
xxxxx-xxxxx-xxxxx-xxxxx/locations?api-version=2016-09-01 -verbose
---------- Request -----------------------
GET /subscriptions/xxxx-xxxx-xxxxx-xxxxx/locations?api-version=2016-09-01 HTTP/1.1
Host: management.azure.com
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.1.1.0
Accept: application/json
x-ms-request-id: xxxxxxxxxxxx
---------- Response (326 ms) ------------
HTTP/1.1 200 OK
Pragma: no-cache
x-ms-ratelimit-remaining-subscription-reads: 14999
x-ms-request-id: xxxxxxxxxxxxx
x-ms-correlation-request-id: xxxxxxxxxxx
x-ms-routing-request-id: NORTHEUROPE:20170109T094615Z:exxxxxxxxxxxxxx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-cache
Date: Mon, 09 Jan 2017 09:46:15 GMT
{
"value": [
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx/locations/eastasia",
"name": "eastasia",
"displayName": "East Asia",
"longitude": "114.188",
"latitude": "22.267"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx/locations/southeastasia",
"name": "southeastasia",
"displayName": "Southeast Asia",
"longitude": "103.833",
"latitude": "1.283"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx/locations/centralus",
"name": "centralus",
"displayName": "Central US",
"longitude": "-93.6208",
"latitude": "41.5908"
},
{
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx/locations/eastus",
"name": "eastus",
"displayName": "East US",
"longitude": "-79.8164",
"latitude": "37.3719"
},
...
If you intentionally want to query the old RDFE management API you'll need to include the management certificate in your call.
I think you can use a token with RDFE too, but not a Bearer token. Just sniff whatever Get-AzureLocation -debug in PowerShell is doing.
I have a file container hosting my images. I did create some additional properties for that container using slc loopback:property and put in a string types such as: title, description, date(date). I am able to upload my image via api/containers/{container}/upload
Using Advanced REST Client, I add an HTTP Header: application/x-www-form-urlencoded
I then input data into my forms. I add my image and send, here is my response:
```
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
X-Xss-Protection: 1; mode=block
X-Frame-Options: DENY
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Content-Length: 205
Etag: W/"cd-dUHU2bNp6fDC61813wVPRw"
Date: Fri, 24 Jun 2016 20:52:13 GMT
Connection: keep-alive
```
```
{
"result": {
"files": {
"fileUpload2": [
{
"container": "images",
"name": "pnw.png",
"type": "image/png",
"size": 269360
}
]
},
"fields": {
"created": [
"04/20/2016"
],
"title": [
"title"
],
"description": [
"this is a description"
]
}
}
}
```
I am curious, is the fields object stored somewhere? (I do have mongo connector good to go) or is this in memory? I can't seem to find it anywhere and not sure how to do a GET req. My ultimate goal is to do one image post with additional parameters/properties and retrieve the same in one instance. Thanks!
I will go another route as I do not think I am understanding content-disposition correctly.