this is a quiz channel and after joining I want to get all the users who joined all the quizzes
quiz channel
def join("quiz:" <> id, _params, socket) do
presence = Nuton.Presence.list("quiz:" <> id)
if presence == %{} do
send(self(), {:after_join_quiz, id})
response = %{message: "you can now listen"}
{:ok, response, socket}
else
quiz = "quiz:#{id}"
%{^quiz => %{metas: metas}} = presence
if Enum.count(metas) > 1 do
{:error, %{reason: "Some other user already accepted the invitation"}}
else
send(self(), {:after_join_quiz, id})
response = %{message: "you can now listen"}
:ok = ChannelWatcher.monitor(:quiz, self(), {__MODULE__, :leave, [id]})
{:ok, response, socket}
end
end
end
def handle_info({:after_join_quiz, id}, socket) do
presence = Presence.list(socket)
if presence == %{} do
{:ok, _} =
Presence.track(socket, "quiz:" <> id, %{
user_name: socket.assigns.current_user.username,
user_id: socket.assigns.current_user.id,
quiz_id: id
})
{:noreply, socket}
else
{:ok, _} =
Presence.track(socket, "quiz:" <> id, %{
user_name: socket.assigns.current_user.username,
user_id: socket.assigns.current_user.id,
quiz_id: id
})
Core.Endpoint.broadcast(
"user:all",
"invitation:decline",
%{message: "Some other user already accepted the invitation"}
)
{:noreply, socket}
end
end
with specific quiz_id I can get all the user who joined the channel but with all I cant is there any issue in my code plz check if it is
Controller
quiz_users = Nuton.Presence.list("quiz:all")
You'd need to cycle through all of the channels, somehow, to get that information. I believe there was a PR to get this info, before, actually, so you can cycle through all.
What would be better: if you have the socket join 2 channels, like a "lobby" or "all" channel and then each individual channel. When you track, you can specify the string for the topic instead of only putting in the socket:
track(socket, "quiz:all", socket.assigns.user.id,%{})
Related
I am working to validate Paypal webhook data but I'm running into an issue where it's always returning a FAILURE for the validation status. I'm wondering if it's because this is all happening in a sandbox environment and Paypal doesn't allow verification for sandbox webhook events? I followed this API doc to implement the call: https://developer.paypal.com/docs/api/webhooks/v1/#verify-webhook-signature
Relevant code (from separate elixir modules):
def call(conn, _opts) do
conn
|> extract_webhook_signature(conn.params)
|> webhook_signature_valid?()
|> # handle the result
end
defp extract_webhook_signature(conn, params) do
%{
auth_algo: get_req_header(conn, "paypal-auth-algo") |> Enum.at(0, ""),
cert_url: get_req_header(conn, "paypal-cert-url") |> Enum.at(0, ""),
transmission_id: get_req_header(conn, "paypal-transmission-id") |> Enum.at(0, ""),
transmission_sig: get_req_header(conn, "paypal-transmission-sig") |> Enum.at(0, ""),
transmission_time: get_req_header(conn, "paypal-transmission-time") |> Enum.at(0, ""),
webhook_id: get_webhook_id(),
webhook_event: params
}
end
def webhook_signature_valid?(signature) do
body = Jason.encode!(signature)
case Request.post("/v1/notifications/verify-webhook-signature", body) do
{:ok, %{verification_status: "SUCCESS"}} -> true
_ -> false
end
end
I get back a 200 from Paypal, which means that Paypal got my request and was able to properly parse it and run it though its validation, but it's always returning a FAILURE for the validation status, meaning that the authenticity of the request couldn't be verified. I looked at the data I was posting to their endpoint and it all looks correct, but for some reason it isn't validating. I put the JSON that I posted to the API (from extract_webhook_signature) into a Pastebin here cause it's pretty large: https://pastebin.com/SYBT7muv
If anyone has experience with this and knows why it could be failing, I'd love to hear.
I solved my own problem. Paypal does not canonicalize their webhook validation requests. When you receive the POST from Paypal, do NOT parse the request body before you go to send it back to them in the verification call. If your webhook_event is any different (even if the fields are in a different order), the event will be considered invalid and you will receive back a FAILURE. You must read the raw POST body and post that exact data back to Paypal in your webhook_event.
Example:
if you receive {"a":1,"b":2} and you post back {..., "webhook_event":{"b":2,"a":1}, ...} (notice the difference in order of the json fields from what we recieved and what we posted back) you will recieve a FAILURE. Your post needs to be {..., "webhook_event":{"a":1,"b":2}, ...}
For those who are struggling with this, I'd like to give you my solution which includes the accepted answer.
Before you start, make sure to store the raw_body in your conn, as described in Verifying the webhook - the client side
#verification_url "https://api-m.sandbox.paypal.com/v1/notifications/verify-webhook-signature"
#auth_token_url "https://api-m.sandbox.paypal.com/v1/oauth2/token"
defp get_auth_token do
headers = [
Accept: "application/json",
"Accept-Language": "en_US"
]
client_id = Application.get_env(:my_app, :paypal)[:client_id]
client_secret = Application.get_env(:my_app, :paypal)[:client_secret]
options = [
hackney: [basic_auth: {client_id, client_secret}]
]
body = "grant_type=client_credentials"
case HTTPoison.post(#auth_token_url, body, headers, options) do
{:ok, %HTTPoison.Response{status_code: 200, body: body}} ->
%{"access_token" => access_token} = Jason.decode!(body)
{:ok, access_token}
error ->
Logger.error(inspect(error))
{:error, :no_access_token}
end
end
defp verify_event(conn, auth_token, raw_body) do
headers = [
"Content-Type": "application/json",
Authorization: "Bearer #{auth_token}"
]
body =
%{
transmission_id: get_header(conn, "paypal-transmission-id"),
transmission_time: get_header(conn, "paypal-transmission-time"),
cert_url: get_header(conn, "paypal-cert-url"),
auth_algo: get_header(conn, "paypal-auth-algo"),
transmission_sig: get_header(conn, "paypal-transmission-sig"),
webhook_id: Application.get_env(:papervault, :paypal)[:webhook_id],
webhook_event: "raw_body"
}
|> Jason.encode!()
|> String.replace("\"raw_body\"", raw_body)
with {:ok, %{status_code: 200, body: encoded_body}} <-
HTTPoison.post(#verification_url, body, headers),
{:ok, %{"verification_status" => "SUCCESS"}} <- Jason.decode(encoded_body) do
:ok
else
error ->
Logger.error(inspect(error))
{:error, :not_verified}
end
end
defp get_header(conn, key) do
conn |> get_req_header(key) |> List.first()
end
I'm trying make authorization/authentication graphql subscriptions with elixir and absinthe using cookies and I used the follow link:
https://nts.strzibny.name/graphql-subscriptions-with-elixir-and-absinth/
I'm trying authenticate the user for subscribe the right topic but I don't have access to the cookies in the subscription connection. Why?
After I saw the follow link:
https://hexdocs.pm/absinthe_phoenix/Absinthe.Phoenix.Socket.html
And in my user_socket.ex I pass the user_id as query param, this works, but it's not secure at all... I can pass the id that I want ??!!
Can someone help me?
#moduledoc false
use Phoenix.Socket
use Absinthe.Phoenix.Socket,
schema: MyAppGraphQL.Schema
## Channels
# channel "room:*", MyAppWeb.RoomChannel
# Socket params are passed from the client and can
# be used to verify and authenticate a user. After
# verification, you can put default assigns into
# the socket that will be set for all channels, ie
#
# {:ok, assign(socket, :user_id, verified_user_id)}
#
# To deny connection, return `:error`.
#
# See `Phoenix.Token` documentation for examples in
# performing token verification on connect.
def connect(%{"user_id" => user_id}, socket) do
case current_user(user_id) do
nil ->
:error
current_user ->
socket =
Absinthe.Phoenix.Socket.put_options(socket,
context: %{
current_user: current_user
}
)
{:ok, socket}
end
end
def connect(_, _), do: :error
defp current_user(user_id), do: MyApp.Accounts.lookup_user_with_company(user_id)
# Socket id's are topics that allow you to identify all sockets for a given user:
#
# def id(socket), do: "user_socket:#{socket.assigns.user_id}"
#
# Would allow you to broadcast a "disconnect" event and terminate
# all active sockets and channels for a given user:
#
# MyAppWeb.Endpoint.broadcast("user_socket:#{user.id}", "disconnect", %{})
#
# Returning `nil` makes this socket anonymous.
def id(_socket), do: nil
end```
When running my application using sinatra, I get the error message PG::SyntaxError at /bookmarks
ERROR: syntax error at or near "{" LINE 1: SELECT * FROM users WHERE id = {:id=>"5"} ^
It happens when I click the submit button on /users/new route which should then take me to index route /.
The backtrace provides the following information
/Users/BartJudge/Desktop/Makers_2018/bookmark-manager-2019/lib/database_connection.rb in async_exec
#connection.exec(sql)
/Users/BartJudge/Desktop/Makers_2018/bookmark-manager-2019/lib/database_connection.rb in query
#connection.exec(sql)
/Users/BartJudge/Desktop/Makers_2018/bookmark-manager-2019/lib/user.rb in find
result = DatabaseConnection.query("SELECT * FROM users WHERE id = #{id}")
app.rb in block in <class:BookmarkManager>
#user = User.find(id: session[:user_id])
This is the database_connection file
require 'pg'
class DatabaseConnection
def self.setup(dbname)
#connection = PG.connect(dbname: dbname)
end
def self.connection
#connection
end
def self.query(sql)
#connection.exec(sql)
end
end
This is the user model
require_relative './database_connection'
require 'bcrypt'
class User
def self.create(email:, password:)
encypted_password = BCrypt::Password.create(password
)
result = DatabaseConnection.query("INSERT INTO users (email, password) VALUES('#{email}', '#{encypted_password}') RETURNING id, email;")
User.new(id: result[0]['id'], email: result[0]['email'])
end
attr_reader :id, :email
def initialize(id:, email:)
#id = id
#email = email
end
def self.find(id)
return nil unless id
result = DatabaseConnection.query("SELECT * FROM users WHERE id = #{id}")
User.new(
id: result[0]['id'],
email: result[0]['email'])
end
end
This is the controller
require 'sinatra/base'
require './lib/bookmark'
require './lib/user'
require './database_connection_setup.rb'
require 'uri'
require 'sinatra/flash'
require_relative './lib/tag'
require_relative './lib/bookmark_tag'
class BookmarkManager < Sinatra::Base
enable :sessions, :method_override
register Sinatra::Flash
get '/' do
"Bookmark Manager"
end
get '/bookmarks' do
#user = User.find(id: session[:user_id])
#bookmarks = Bookmark.all
erb :'bookmarks/index'
end
post '/bookmarks' do
flash[:notice] = "You must submit a valid URL" unless Bookmark.create(url: params[:url], title: params[:title])
redirect '/bookmarks'
end
get '/bookmarks/new' do
erb :'bookmarks/new'
end
delete '/bookmarks/:id' do
Bookmark.delete(id: params[:id])
redirect '/bookmarks'
end
patch '/bookmarks/:id' do
Bookmark.update(id: params[:id], title: params[:title], url: params[:url])
redirect('/bookmarks')
end
get '/bookmarks/:id/edit' do
#bookmark = Bookmark.find(id: params[:id])
erb :'bookmarks/edit'
end
get '/bookmarks/:id/comments/new' do
#bookmark_id = params[:id]
erb :'comments/new'
end
post '/bookmarks/:id/comments' do
Comment.create(text: params[:comment], bookmark_id: params[:id])
redirect '/bookmarks'
end
get '/bookmarks/:id/tags/new' do
#bookmark_id = params[:id]
erb :'/tags/new'
end
post '/bookmarks:id/tags' do
tag = Tag.create(content: params[:tag])
BookmarkTag.create(bookmark_id: params[:id], tag_id: tag.id)
redirect '/bookmarks'
end
get '/users/new' do
erb :'users/new'
end
post '/users' do
user = User.create(email: params[:email], password: params[:password])
session[:user_id] = user.id
redirect '/bookmarks'
end
run! if app_file == $0
end
self.find(id), in the user model, is where the potentially offending SQL query resides.
I've tried;
"SELECT * FROM users WHERE id = #{id}"
and "SELECT * FROM users WHERE id = '#{id}'"
Beyond that, I'm stumped. The query looks fine, but sinatra is having none of it.
Hopefully someone can help me resolve this.
Thanks, in advance.
You're call find with a hash argument:
User.find(id: session[:user_id])
but it is expecting just the id:
class User
...
def self.find(id)
...
end
...
end
Then you end up interpolating a hash into your SQL string which results in invalid HTML.
You should be saying:
#user = User.find(session[:user_id])
to pass in just the id that User.find expects.
You're also leaving yourself open to SQL injection issues because you're using unprotected string interpolation for your queries rather than placeholders.
Your query method should use exec_params instead of exec and it should take some extra parameters for the placeholder values:
class DatabaseConnection
def self.query(sql, *values)
#connection.exec_params(sql, values)
end
end
Then things that call query should use placeholders in the SQL and pass the values separately:
result = DatabaseConnection.query(%q(
INSERT INTO users (email, password)
VALUES($1, $2) RETURNING id, email
), email, encypted_password)
result = DatabaseConnection.query('SELECT * FROM users WHERE id = $1', id)
...
I am working on a script to automatically login to a gmail account and write the email attachments. I have working code, but I am currently trying to refactor into a cleaner layout. I am having trouble figuring out how to convert tuples into variables that can be returned and then passed as arguments into subsequent functions. Is this even possible within this type of solution?
The login and filter work, but I get the following error, having to do with the typ, email_selection item: NameError: name 'email_selection' is not defined
import email, getpass, imaplib, os, sys
from date_range import start_date, end_date
#enter_credentials
user_name = input('Enter your gmail username:\n')
password = getpass.getpass('Enter your password:\n')
imap_key = imaplib.IMAP4_SSL('imap.gmail.com',993)
#login_to_the_mailbox
def login_to_the_mailbox(imap_key, user_name, password):
typ, login_attempt = imap_key.login(user_name, password)
if typ != 'OK':
print ('Not able to login!')
else:
print ('Login successful!')
#filter_the_mailbox
def filter_the_mailbox(imap_key, start_date, end_date):
imap_key.select('Inbox')
typ, email_selection = imap_key.search(None, "(UNSEEN)", "(SENTSINCE {0})".format(start_date), "(SENTBEFORE {0})".format(end_date))
if typ != 'OK':
print ('Not able to filter mailbox.')
else:
print ('Mailbox filtered!')
return email_selection
#fetch_the_mail
def fetch_the_mail(imap_key, email_selection):
for msg_id in email_selection[0].split():
typ, message_parts = imap_key.fetch(msg_id, '(RFC822)')
if typ != 'OK':
print ('Error fetching mail.')
else:
print ('Mail fetched!')
Is there a way to query for user presence in XMPP, given that the user's subscription type is 'both'?
Since i am building for mobile platform, i have blocked all incoming presence stanzas using privacy list. In my use case, a user would be at least be subscribed to 500 users and processing these many presence stanzas would put a lot of stress on the mobile device.
So instead of processing all the user stanzas, i would like to get the presence for a user only when i query for it.
There is no such feature at the moment inside ejabberd, but that's definitely something you can develop as a plugin. You can write a plugin that will be handling http requests using HTTP webserver and do whatever processing and security check you want before answering with the user presence.
For future reference, i have managed to pull together some code(thanks to mod_last.erl) and build a module that lets you query for user presence. Suggestions & feedbacks will be highly appreciated.
-module(mod_query_presence).
-behaviour(gen_mod).
-export([start/2, stop/1,
process_sm_iq/3
]).
-include("ejabberd.hrl").
-include("jlib.hrl").
-include("logger.hrl").
-include("mod_privacy.hrl").
-define(NS_QUERY_PRESENCE, <<"jabber:iq:qpresence">>).
start(Host, Opts) ->
IQDisc = gen_mod:get_opt(iqdisc, Opts, fun gen_iq_handler:check_type/1,
one_queue),
gen_iq_handler:add_iq_handler(ejabberd_sm, Host,
?NS_QUERY_PRESENCE, ?MODULE, process_sm_iq, IQDisc),
?INFO_MSG("Loading module 'mod_iqtest' v.01", []).
stop(Host) ->
gen_iq_handler:remove_iq_handler(ejabberd_sm, Host, ?NS_QUERY_PRESENCE),
?INFO_MSG("Stoping module 'mod_iqtest' ", []).
process_sm_iq(From, To,
#iq{type = Type, sub_el = SubEl} = IQ) ->
case Type of
set ->
IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]};
get ->
User = To#jid.luser,
Server = To#jid.lserver,
Resource = xml:get_tag_attr_s(list_to_binary("resource"), SubEl),
{Subscription, _Groups} =
ejabberd_hooks:run_fold(roster_get_jid_info, Server,
{none, []}, [User, Server, From]),
if (Subscription == both) or (Subscription == from) or
(From#jid.luser == To#jid.luser) and
(From#jid.lserver == To#jid.lserver) ->
UserListRecord =
ejabberd_hooks:run_fold(privacy_get_user_list, Server,
#userlist{}, [User, Server]),
case ejabberd_hooks:run_fold(privacy_check_packet,
Server, allow,
[User, Server, UserListRecord,
{To, From,
#xmlel{name = <<"presence">>,
attrs = [],
children = []}},
out])
of
allow -> get_presence(IQ, SubEl, User, Server, Resource);
deny ->
IQ#iq{type = error, sub_el = [SubEl, ?ERR_FORBIDDEN]}
end;
true ->
IQ#iq{type = error, sub_el = [SubEl, ?ERR_FORBIDDEN]}
end
end.
get_presence(IQ, SubEl, LUser, LServer, LResource) ->
case ejabberd_sm:get_session_pid(LUser, LServer, LResource) of
none ->
IQ#iq{type = error,
sub_el = [SubEl, ?ERR_SERVICE_UNAVAILABLE]};
Pid ->
{_U, _Resource, Status, StatusText} = ejabberd_c2s:get_presence(Pid),
IQ#iq{type = result,
sub_el =
[#xmlel{name = <<"query">>,
attrs =
[{<<"xmlns">>, ?NS_QUERY_PRESENCE},
{<<"status">>, Status},
{<<"StatusText">>, StatusText}],
children = []}]}
end.
IQ request format
<iq id='id' to='56876c654366178e0e75a8cd#192.168.1.150' type='get'>
<query xmlns='jabber:iq:qpresence' resource='Smack'/>
</iq>
IQ reply format if user is online
<iq from='56876c654366178e0e75a8cd#192.168.1.150' to='56876c654366178e0e75a8cd#192.168.1.150/Smack' id='last1' type='result'>
<query xmlns='jabber:iq:qpresence' status='dnd' StatusText='YO'/>
</iq>
If the user is not online, you will get an service-unavailable error.