Which URL made the request to my Google Apps Script? - paypal

How can I determine the source URL of a GET or POST request sent to a Google Apps Script web application?
I am making a (PayPal IPN) listener script and would like to be able to distinguish weather the request came from a the test environment (sandbox) or from the live environment.
The origin of the request to the listener determines the response from the script. The listener has to send a response back to PayPal and depending on which environment the request came from, the response needs to go back either to the sandbox server or to the live server.
I am hoping to distinguish between requests from sandbox.paypal.com or www.paypal.com, in my Google Apps Script.
To work around this requirement, I have set it manually for now:
if (PPRunMode == 'test') {//in testmode send response to sandbox site
PPUrlBase = "https://www.sandbox.paypal.com/cgi-bin/webscr";
}
else {//url for live website
PPUrlBase = "https://www.paypal.com/cgi-bin/webscr";
}
But was wondering if this can be determined automatically.

Unfortunately, no request-source information is provided to your Google Apps Script web application, so there is no direct way to determine where a request came from.
You do have the ability to provide parameters to your web app, though, so you could have the code in the sandboxed environment use that to indicate a test condition.
For example, this URL could be used by the sandboxed code for a GET request:
https://script.google.com/macros/s/---SCRIPT-ID---/exec?test=true
^^^^^^^^^^
In the doGet(e) function, you would handle the parameter like this:
function doGet(e) {
if (e.parameter.test) { //in testmode send response to sandbox site
PPUrlBase = "https://www.sandbox.paypal.com/cgi-bin/webscr";
}
else {//url for live website
PPUrlBase = "https://www.paypal.com/cgi-bin/webscr";
}
...
}
For a POST request, the solution is similar. See URL parameters in the Web Apps and Google Sites Gadgets guide for details.

If you publish your Google App Script you get two urls :
https://script.google.com/macros/s/AKfycbxsCNyssA0dzMMmsNip3DW66hiJ62ks_F1yYUn0SDu073S2dOw/exec
https://script.google.com/macros/s/AKfycbxzpvZ9e9_vzs3d6Q0ky_RHLoYDruCl-6Xm8D6YmI4/dev
You can notice the difference, not sure if that is what you are pointing to

Related

WPF talking to secured web api using AutoRest

I just can't seem to get anywhere with this.
I have a web api running fine, with a wpf application using the api via AutoRest.
The api has been uploaded to Azure (App Services)
I now want to lock down the api, so users log in via Active Directory. Again, all users are currently there.
RestCredentials = new TokenCredentials(tokenAuthResult.AccessToken);
Using the RestCredentials I pass in the credentials as type
ServiceClientCredentials
using (var db = new BuxtedAPI(Model.Helpers.Credentials.RestCredentials))
{
var res = db.GetComboList();
ComboValueList = new ObservableCollection<ComboValue>(res);
return ComboValueList;
}
I can see on the log in Azure that the user successfully logs in.
But the system just dies with
Operation returned an invalid status code 'InternalServerError'
No more feedback at all.
Just to note, I am using swagger also here.
I am assuming that the BuxtedAPI call that passing the credentials should pass through the bearer token for the api call to authorise.
I have set nothing else on on webapi code base, no [AUTHORIZED] or anything.
Any chance anyone can help me along here.
Thanks Scott
If anyone else gets in this situation.
The process required Resource Id to be the web app and the clientid to be the native app id.
Scott

My azure website sometimes fail Facebook log in but can't know the reason

I'm using Azure Websites service for my web project.
I have an ASP.NET MVC 5 project, and now using ConfigureAuth method.
FacebookAuthenticationOptions opt = new FacebookAuthenticationOptions
{
AppId = CodeHelper.FbAppId,
AppSecret = CodeHelper.FbAppSecret
};
opt.Scope.Add("email,publish_stream");
app.UseFacebookAuthentication(opt);
I'm using the same codes for other projects on common IIS server, they always works well.
But on Azure website, when users try to log in with Facebook, it sometimes works and sometimes fail.
Is there anyone has same experience and got solution?
[2014. 10. 24 - added]
The request has cookies.
ARRAffinity=2f93765894d1796d0e56ae32b4e3eed12fa5f132f1866dcd0de7e74c9ac623d2;
__RequestVerificationToken=ou0dasfT-sfeIOE6iorrpaq3BhYTU4msV5mHqkE49PeRA5H3pMkjFg4bqXXpKtMRkhDRB69Rp----AbJSgfWdDoQ2aGbqImRF9Hg3dWHxrw1;
.AspNet.Correlation.Facebook=pFlBijSiTSofAUMCBLIal9GomTD7fqLdh7yWiHRbEaE
But /Account/ExternalLoginCallback fails.
Ref.
Microsoft.AspNet.Mvc.5.2.2
Can you, please, check the the Site Url in facebook app setting in developer.facebook.com. And also can you please make sure the redirect_uri on OAuth request is the correct one.
It would be great if you can share fiddler session (pls do not forget to remove the secrets)

Using a WebViews cookies with an HTTP Client

This is with reference to using Google Contacts Data API.
It requires that the application gets authentication view a WebBrowser/WebView (in the case of android).
Therefore the RequestTokenUrl is passed to the webview which will show a Google Sign-in page and then ask the user if it allows the application to access their account.
Once authorized, there needs to be some kind of callback to the activity.
The activity will then use the WebViews cookie (which should contain the AccessToken) with an HTTP client to request data from Google Data API. This could be anything, in our case it is the Google Contacts.
Any ideas on how this can be done?
EDIT: Found another way around the problem by using OAuth 2.0.
This still required getting the AuthorizationCode from the WebView but that is accessed through the pagetitle instead of a cookie.
The selected answer still addresses the original question correctly.
The following code which uses the reflection library will print a line with the cookies:
Sub WebView1_PageFinished (Url As String)
Dim r As Reflector
r.Target = r.RunStaticMethod("android.webkit.CookieManager", "getInstance", Null, Null)
Log(r.RunMethod2("getCookie", Url, "java.lang.String"))
End Sub

Google Data/OAuth/AppEngine/Python - Properly Registering a Web Application

I'm creating a webapp with this combination of tools. I'm authenticating with App Engine in the following manner:
class googleLogin(webapp.RequestHandler):
def get(self):
callbackURL = 'http://%s/googleLoginCallback' % getHost()
#Create a client service
gdClient = gdata.docs.service.DocsService()
gdata.alt.appengine.run_on_appengine(gdClient)
gdClient.SetOAuthInputParameters(gdata.auth.OAuthSignatureMethod.HMAC_SHA1,
_GoogleConsumerKey,
consumer_secret=_GoogleConsumerSecret)
#Get a Request Token
requestToken = gdClient.FetchOAuthRequestToken(scopes=_GoogleDataScope,
extra_parameters={'xoauth_displayname': APP_NAME})
#Persist token secret
self.session = Session()
self.session[TOKENSECRETKEY] = requestToken.secret
gdClient.auto_set_current_token = True
gdClient.SetOAuthToken(requestToken)
authUrl = gdClient.GenerateOAuthAuthorizationURL(callback_url=callbackURL)
self.redirect(authUrl)
I authenticated my domain with Google at https://www.google.com/accounts/ManageDomain, entering a target URL and am using the given Consumer Key/Secret. For instance, if my domain was 'juno.appspot.com', I am using http://juno.appspot.com as the target url path prefix.
The process is working; however, Google presents this message to the user in a yellow security box:
"The application that directed you
here claims to be 'xxxxxx'. We are
unable to verify this claim as the
application runs on your computer, as
opposed to a website. We recommend
that you deny access unless you trust
the application."
I don't think I should be getting this error, since my server is getting the request token and creating the authorization URL. Does anyone have any insight on how to get rid of this warning?
Google's domain registration has an option to upload a certificate, but I shouldn't need to do that because I'm using OAuth with the HMAC_SHA1 signature method.
Also, not that it should matter, but I'm doing all this through a UIWebView on the iPhone. I'm specifically trying to do all authentication server-side to avoid exposing my Consumer Key/Secret.
Thank you for any tips :)
Solved.
The culprit is this line from above:
extra_parameters={'xoauth_displayname': APP_NAME})
Setting this value for a registered application intentionally triggers a warning to users, as indicated by the Google documentation:
xoauth_displayname:
(optional) String identifying the
application. This string is displayed
to end users on Google's authorization
confirmation page. For registered
applications, the value of this
parameter overrides the name set
during registration and also triggers
a message to the user that the
identity can't be verified. For
unregistered applications, this
parameter enables them to specify an
application name, In the case of
unregistered applications, if this
parameter is not set, Google
identifies the application using the
URL value of oauth_callback; if
neither parameter is set, Google uses
the string "anonymous".
Removing this line no longer allows me to use a 'nice' name in place of the domain, but it gets rid of that annoying yellow box :)
I'm not sure exactly where the issue may be in your code, but I've got a one page oauth/appengine/gdata example which may at least set you in the right direction. Have you tried to navigate to the site directly from the iPhone/desktop browser to see what message is delivered?
Hope it helps.
Alternatively, is it possibly to do with the user agent the UIWebView sets?

FB.getLoginStatus not calling its callback

The title really says it all. Under some (undetermined) conditions FB.getLoginStatus() just stops working and won't invoke the callback I gave it. The only interesting clues I've found are
FB.Auth._loadState is stuck on "loading" -- whatever is supposed to make it click over to "loaded" isn't happening
slight delays like putting in alert() calls tend to make it start working
Any hints at all about even how to investigate this welcome.
This usually happens for me when I am running the page under a different domain from what has been registered in Facebook. Typically this is when I am developing locally.
If you are running locally, you'll have to set up a local web server and then modify your hosts file to point the the registered domain to 127.0.0.1 in order to test on your local machine. Don forget to remove that line from the hosts file when you want to test it on the server.
According to:
https://developers.facebook.com/bugs/240058389381072
You cannot put your application under sandbox mode, or else it won't work. Go into your app settings, advanced, and switch it. This stumped me for a couple hours until I happened upon the bug report.
I had similar problem with FB API. It turned out, that my Facebook App was misconfigured. Please make sure that this is not the case for you. My problem was that my "Site URL" param in FB application was pointing to https, but I was using http protocol for development. Any call against FB api after FB.init was not calling my callback functions. So the first thing to do should be to double check App config.
Now, if some reason you depend on FB api but you wish to have a fallback option in case it;s inoperative - workaround with timer should be ok for you. Just set up a timer and disable it if FB Api gives you proper response. If not - fallback to some custom function which will perform some additional logic.
function callFbApi() {
var timeoutHandler = setTimeout(function() { requestFailed(); }, 1000);
function requestFailed() {
// When this happens, it means that FB API was unresponsive
doSomeFallbackWork();
alert('hey, FB API does not work!');
}
FB.getLoginStatus(function(response) {
clearTimeout(timeoutHandler); // This will clear the timeout in case of proper FB call
doSomeUsualWorkAfterFbReplies();
return false;
}, true);
}
If your application is in sandbox mode, Facebook acts as if your application is invisible to anyone who is not listed as an application developer. If you're not logged in, then it would stand to reason that your app is now invisible.
The callback will only fire if you're initializing with a visible application. Otherwise the following response is returned:
<span>Application Error: There was a problem getting data for the application you requested. The application may not be valid, or there may be a temporary glitch. Please try again later. </span>
For more info please see my comment on this bug ticket:
https://developers.facebook.com/bugs/240058389381072
Maybe you are using the asynchronous call. The same thing happened when I called FB.init with window.fbAsyncInit. All I did was delay the FB.getLoginStatus with a setTimeout function
window.setTimeout(checkLogStatus, 1000);
function checkLogStatus(){
alert("check");
// fetch the status on load
FB.getLoginStatus(handleSessionResponse);
}
It seemed to work after that
On the new version of the Developer app, you have to make sure to have put the correct URL you are using to access the application in the Website field under the
Select how your app integrates with Facebook
section.
Make sure the protocol is HTTPS and not HTTP.
I had a similar problem. The site worked every time when I was opening the browser, but fails when I tried to reload.
The cause was the missing "www" on the site name on Facebook configurations. Note that putting "www" (like www.yoursite.com) works on both situations (yoursite.com or www.yoursite.com).
As others have posted, you must be accessing your site at the same URL that facebook expects. For example if facebook has a callback "example.com" but you're browser has "www.example.com", that can cause this problem.
In addition, if third-party cookies are not allowed by your browser, you may also see this problem. Or you may see the callback erroneously reporting the user is not connected.
Just posting a situation I had were calling FB.getLoginStatus got absolutely no response.
My application is designed to run in a tab, and I only entered the Page Tab URLs on the app admin page, and not the App On Facebook (i.e. Canvas) URLs. The tab loads perfectly, but any calls to the FB JS SDK provoke no response.
In Facebook App Settings, go to Client OAuth Settings, look at Valid OAuth redirect URIs
Make sure you have listed all URIs which are the domains from which Facebook SDK is being invoked. For example:
I develop at localhost:5000 and deploy to Heroku. Notice the format: http://domain.name/