I'm looking for a codeception configuration to use the Codeception REST Module to make calls against a secured https url.
For example I want to check the online status of our slack bot:
$slackApiUrl = 'https://slack.com/api/users.getPresence';
$params = [
'token' => $apiToken,
'user' => $botUserId,
];
$I->sendPOST($slackApiUrl, $params);
When I execute the test, I'll get a guzzle error like
[GuzzleHttp\Exception\ConnectException] cURL error 35: SSL: CA certificate set, but certificate verification is disabled (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
I knew, that the default of codeception switch off https secured urls but how can I activate https, when I need it?
My suite.yml:
class_name: AcceptanceTester
modules:
enabled:
- REST:
url: *****
depends: PhpBrowser
- PhpBrowser
- Asserts
- \Helper\Acceptance
I could answer myself. It`s the codeception version. After updating to Codeception v2.2, the same test works like expected.
Codeception PHP Testing Framework v2.2.8
Powered by PHPUnit 5.7.15 by Sebastian Bergmann and contributors.
[Groups] slack
Acceptance (live) Tests (1) --------------------------------------------------------------------------
Modules: REST, PhpBrowser, Asserts, \Helper\Acceptance
------------------------------------------------------------------------------------------------------
slackCest: Check slack bot online status
I send post "https://slack.com/api/users.getPresence"
[...]
[Response] {"ok":true,"presence":"active"}
I am going to Check SlackBot online status
I see response contains json {"ok":true,"presence":"active"}
PASSED
Related
I'm trying to upgrade my APEX application (APEX 20.2.0.00.20) with a Keycloak authorization procedure.
What I am doing:
A - On Keycloak:
Realm: we already have a realm configured, which is used by other apps, in other development technologies.
1 - Client configuration - first attempt:
Root URL: ${authBaseUrl}
Valid Redirect URIs: /realms/[realm]/[client]/*
Base URL: /realms/[realm]/[client]/
Web Origins: *
2 - Client configuration - second attempt:
Root URL: empty
Valid Redirect URIs: http://[APEX app IP]:7020/*
Base URL: http://[APEX app IP]:7020/ords/[workspace]/r/[app_name]/
Web Origins: *
APEX configuration:
Authentication Scheme:
Credential Store: [APEX webcredential configured to keycloak client]
Authentication Provider: generic oauth2 provider.
Authorization Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/auth
Token Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/token
User Info Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/userinfo
Token Authentication Method: basic authentication and client id in body
Scope: email
Authentication URI Parameters: empty
Username: #sub# (#APEX_AUTH_NAME#)
Convert Username To Upper Case: no
Verify Attributes: yes
** Tests **
I run my APEX app URL in workspace.
Test result of Client configuration nr. 1:
The following URL is shown as result:
https://[keycloak host]/auth/realms/[realm]/protocol/openid-connect/auth?response_type=code&client_id=[client_name]&scope=email&redirect_uri=http://[APEX address]:7020/ords/apex_authentication.callback&state=[A TOKEN/HASH]
And on the screen, the keycloak background image with the message:
Invalid parameter: redirect_uri. and a return to application link.
Test result of Client configuration nr. 2:
The keycloak login URL is activated and the login form is shown.
I type my user and password (keycloak user, configured on the client) and submit.
The following URL is shown as result:
https://[keycloak host]:7020/ords/apex_authentication.callback?state=[A TOKEN/HASH]
And on the screen, a APEX grey background (I know is a apex screen because a error with the icon is shown here) with the message:
Error processing request.
Contact your application administrator.
Question:
I think the second configuration is better, because I can do the Login on keycloak, but the redirect by keycloak to APEX fails, I think I APEX side.
Maybe any information sent by keycloak is wrong or it is missed.
Anyone knows what is the right configuration in APEX and keycloak?
I'm out of ideas. I have a .NET Core 2.1 web app using Facebook Login. Facebook Login worked just fine until I upgraded from .NET Core 1.1 to 2.1. This works fine locally (localhost), but fails on our staging server (Apache on CentOS, EC2).
Our Facebook Login redirect URI is set up correctly in the Facebook app's login settings: http://example.com/ and https://example.com/ (see screenshot below).
What's interesting is in our .NET Core 1.1 branch, the request to http://example.com/signin-facebook?code=SOME_CODE shows up in the log once. In our .NET Core 2.1 branch, the request shows up twice, back-to-back.
Any idea how to dig more into the Facebook middleware that IdentifyFramework is using under the hood?
Facebook Login Settings:
Debug Log:
.NET Core 2.1.802, CentOS (Linux), EC2 instance
// debug ouput
AuthenticationScheme: Facebook was challenged.
Executed action Foobar.Controllers.AccountController.FacebookLogin
Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 2.1144ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://example.com/signin-facebook?code=SOME_LONG_CODE
Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://example.com/signin-facebook?code=SOME_LONG_CODE
Error from RemoteAuthentication: OAuth token endpoint failure: Status: InternalServerError;
Headers: WWW-Authenticate: OAuth "Facebook Platform" "invalid_code"
"Error validating verification code.
Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"
Error from RemoteAuthentication: OAuth token endpoint failure: Status: InternalServerError;
Headers: WWW-Authenticate: OAuth "Facebook Platform" "invalid_code"
facebook-api-version: v2.12
I am trying to make an API call with rest token based authentication from swagger. But at server side, I don't find token in the request. I tried the same API call with poster and swagger. In Poster it works fine but in swagger it doesn't.
Below is my JSON file which I am using to make API call with token:
swagger: '2.0'
info:
title: City
description: City Information
version: 1.0.0
host: '127.0.0.1:8090'
schemes:
- http
basePath: /App
produces:
- application/json
paths:
/city/list:
get:
summary: city
description:
Show cities name and its attributes.
security:
- APIAuthKey: []
responses:
'200':
description: An array of city
default:
description: Unexpected error
securityDefinitions:
APIAuthKey:
type: apiKey
in: header
name: X-AUTH-TOKEN
And this is how swagger sends request with X-AUTH-TOKEN:
But, when I use the same API call wit same parameters and X-AUTH-TOKEN in Poster, It works fine. Below, I have highlighted that how I send request with Poster:
Can anyone please suggest if I'm doing anything wrong or missing something? Why am I unable to send token with request correctly to fetch at server side in request header?
I have a rest API running on localhost:8001/my_app/api/, and I have apache setup to reverse proxy it from localhost/my_app/api. That's working fine.
In order to have permissions to do anything with the api, it requires my session cookie, my csrftoken cookie and a X-CSRFToken HTTP header. I've configured adapters/application.js as follows:
adapters/application.js
import Ember from 'ember';
import DRFAdapter from './drf';
export default DRFAdapter.extend({
headers: Ember.computed(function() {
return {
'X-CSRFToken': Ember.get(document.cookie.match(/csrftoken\=([^;]*)/), '1'),
};
}).volatile(),
ajax: function(url, method, hash) {
hash = hash || {}; // hash may be undefined
hash.crossDomain = true;
hash.xhrFields = {withCredentials: true};
return this._super(url, method, hash);
}
});
If I do a ember build -prod and copy the contents of the dist dir to /var/www/myApp/, apache serves my app, and it works just fine.
It's when I try to use ember-cli's builtin development server where I run into problems. I'm getting 403 errors from my api. It turns out that while the X-CSRFToken header is being sent neither of my cookies are. If I look in my chrome developer tools, it shows that I have both cookies - they simply aren't in the request headers. They're both from localhost, so I'm a bit confused.
Also, I currently I have CORS on my rest backend setup. Here are the headers I'm currently receiving:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4200
I thought that since allow-credentials == true and allow-origin != * that cookies were supposed to be allowed. sigh.
Here's my API_HOST and contentSecurityPolicy:
config/environment.js
if (environment === 'development') {
ENV.APP.LOG_TRANSITIONS = true;
ENV.APP.API_HOST = "http://localhost"
ENV.contentSecurityPolicy = {
'default-src': "'none'",
'script-src': "'self' 'unsafe-eval' localhost",
'font-src': "'self'",
'connect-src': "'self' localhost",
'img-src': "'self'",
'style-src': "'self'",
'media-src': "'self'"
};
}
As you can see above, the api requests are being sent through my reverse proxy. I've played around with ember serve --proxy trying both http://localhost:80/ and http://localhost:8001/ but neither have helped. I've also tried setting my development ENV.API_HOST = 'http://localhost:8001/'; with and without the various proxy values.
This edit, build, deploy, refresh my browser, test, & repeat process is REALLY slow and getting old REALLY fast.
Could someone please explain to me how to get the ember-cli development server to properly access my rest api?
I am preparing acceptance tests for my SOAP API methods. I've already made two of them and if I launch each of them separately, they pass without any problems. But if I call them together using codecept run acceptance, second always fails with [LogicException] The page history is empty on $I->see(); method. Why is it so?
I'm using codeception v2.0.11 and my suit is:
class_name: AcceptanceSOAPTester
modules:
enabled:
- PhpBrowser
- SOAP
- ApiHelper
config:
PhpBrowser:
url: http://localhost/
SOAP:
endpoint: http://localhost/soap/
schema: http://www.w3.org/2001/XMLSchema-instance