Well, I have tried every thing mentioned in Fresh-desk API (http://freshdesk.com/api#create_ticket) to create new ticket but with no success.
Even though i am able to create a new ticket from a Curl request, but when i use a browser REST client it says:
{
"logout": "success"
}
I have used the following : https://companyname.freshdesk.com/helpdesk/tickets.json
Headers: Content-type:application/json Authorization:(Basic Authorization using APIKEY:X)
{ "helpdesk_ticket":{ "description":"No ticket is created ...", "subject":"Support needed..", "email":"anything_xyz#gmail.com", "priority":1, "status":2 } }
I have tried clearing my browser cache many times. But the issue remains the same. Please someone suggest.
What kind of REST-Client do you use?
I was facing the same problem as I used the REST-Client Postman (=Chrome Browser extension). Clearing the browers cache solved that issue for me.
Related
I am using the SAP Cloud SDK for Java to do CRUD on the SalesOrder APIs in S/4. Everything works well in that I can carry out these actions from Postman. However, these requests from Postman only work if I include a pre-request script to get a csrf token as outlined in this blog post
If I run the requests without the pre-request script outlined in the blog post, I get a '403 Forbidden'. As I said it works from Postman, but I would like to understand how this should be handled without the need for this script, for example if I was making a request from another application. Does the SDK allow me to handle this from the application code somehow. Maybe I am missing something.
Thanks for your time.
EDIT:
I am not making requests to the S/4 directly from Postman. I have an app deployed which is using the Cloud SDK to make the requests to S/4. It works if I use the pre-request script to fetch the CSFR token and attach it to the request before I send it, but 403 if I don't. So, if we imagine I am not using Postman but some ui somewhere to fill a form and send this request my understanding is that I shouldn't, as you suggested, have to worry about this token, that my service in the middle which uses the SDK and the VDM should handle this for me. This is what I am struggling to understand.
This is the servlet code:
#Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response)
throws ServletException, IOException {
String body = IOUtils.toString(request.getReader());
JSONObject so = new JSONObject(body);
String distributionChannel = so.get("DistributionChannel").toString();
String salesOrderType = so.get("SalesOrderType").toString();
String salesOrganization = so.get("SalesOrganization").toString();
String soldToParty = so.get("SoldToParty").toString();
String organizationDivision = so.get("OrganizationDivision").toString();
String material = so.get("Material").toString();
String requestedQuantityUnit = so.get("RequestedQuantityUnit").toString();
SalesOrderItem salesOrderItem = SalesOrderItem.builder()
.material(material)
.requestedQuantityUnit(requestedQuantityUnit).build();
SalesOrder salesOrder = SalesOrder.builder()
.salesOrderType(salesOrderType)
.distributionChannel(distributionChannel)
.salesOrganization(salesOrganization)
.soldToParty(soldToParty)
.organizationDivision(organizationDivision)
.item(salesOrderItem)
.build();
try {
final ErpHttpDestination destination = DestinationAccessor.getDestination(DESTINATION_NAME).asHttp()
.decorate(DefaultErpHttpDestination::new);
final SalesOrder storedSalesOrder = new CreateSalesOrderCommand(destination, new DefaultSalesOrderService(),
salesOrder).execute();
response.setStatus(HttpServletResponse.SC_CREATED);
response.setContentType("application/json");
response.getWriter().write(new Gson().toJson(storedSalesOrder));
logger.info("Succeeded to CREATE {} sales order", storedSalesOrder);
} catch (final Exception e) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
logger.error(e.getMessage(), e);
logger.error("Failed to CREATE sales order", e);
}
}
And the CreateSalesOrder command:
public SalesOrder execute() {
return ResilienceDecorator.executeSupplier(this::run, myResilienceConfig);
}
protected SalesOrder run() {
try {
return salesOrderService.createSalesOrder(salesOrder).execute(destination);
} catch (final ODataException e) {
throw new ResilienceRuntimeException(e);
}
}
I am using the version 3.16.1 of the SDK and have set logging level to DEBUG for the SDK in the manifest:
SET_LOGGING_LEVEL: '{ROOT: INFO, com.sap.cloud.sdk: DEBUG}'
and logging level to DEBUG in logback
If I remove the pre-request script from the request and send it I get the 403 response and logs shows the following messages:
"logger":"com.sap.cloud.sdk.service.prov.api.security.AuthorizationListener","thread":"http-nio-0.0.0.0-8080-exec-4","level":"DEBUG","categories":[],"msg":"Reading
user principal"
"logger":"com.sap.cloud.sdk.service.prov.api.security.AuthorizationListener","thread":"http-nio-0.0.0.0-8080-exec-4","level":"DEBUG","categories":[],"msg":"Destroying Authorization as it is end of request." }
"logger":"com.sap.cloud.sdk.service.prov.api.security.AuthorizationService","thread":"http-nio-0.0.0.0-8080-exec-4","level":"DEBUG","categories":[],"msg":"Destroying Authorization JWT Token." }
As the other answers focus on the app to S/4 communication and you adjusted your question to make clear that you mean the User (e.g. Postman) to app communication I'll provide some additional information.
As mentioned by the other answers the CSRF handling to the S/4 system (or any OData endpoint) is automatically handled on side of the OData VDM.
What you are now encountering is the secure default configuration of the SAP Cloud SDK Maven Archetypes, which have the RestCsrfPreventionFilter activated by default.
This filter automatically protects all non-GET endpoints from CSRF by requiring you to fetch a CSRF Token prior to your request which you then provide.
This is completely unrelated to the OData VDM call to the S/4 system in the background.
To remedy your problems there are now three next steps:
Use a GET endpoint instead of POST
Probably only as a temporary workaround
Remove the RestCsrfPreventionFilter temporarily from your web.xml
This should not be done for productive uses, but might make your life in the initial evaluation easier.
"Live with it"
As this is a commonly used pattern to protect your application against CSRF it's advised to keep the filter in place and do the CSRF-Token "flow" as required.
Further Reading
OWASP description of CSRF: https://owasp.org/www-community/attacks/csrf
OWASP cheat sheet on CSRF protection (linked to the approach used by the filter): https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#use-of-custom-request-headers
JavaDoc of the RestCsrfPreventionFilter: https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/filters/RestCsrfPreventionFilter.html
Inkers
You're correct, with an API tool like Postman you have to make a HEAD request first to get a CSRF token.
However, in Cloud SDK for Java, we take care of getting and refreshing CSRF token for you when you're making any CRUD request.
Here's an example of reading a Saler Oder item and updating it afterward:
// Create a new sales order item
SalesOrderItem item = new SalesOrderItem();
item.setSalesOrder(SALES_ORDER);
item.setNetAmount(new BigDecimal(NET_VALUE));
item = service.createSalesOrderItem(item).execute(destination).getResponseEntity().get();
// Modify it with a PATCH update to 9000 net value
item.setNetAmount(new BigDecimal(NET_VALUE_UPDATED));
ModificationResponse<SalesOrderItem> response = service.updateSalesOrderItem(item).modifyingEntity().execute(destination);
Try it and let up know if it works fine for you. We're happy to assist if you'll encounter any difficulties.
The SDK makes an attempt to fetch a CSRF token automatically within execute(destination). This happens before issuing the actual request. If the attempt is successful the token will be included in the request. If not, the request will be send regardless.
Please increase the log level to debug for all com.sap.cloud.sdk packages if you think this is not happening correctly. Also it would be great to see the actual HTTP requests that go in and out which you can enable by setting the log level of org.apache.http.wire also to debug. Then attach the stack trace here together with the SDK version you are using and the exact code you are invoking.
I'm working in a React-Native app, and I'm also allowing users to login using FBSDK.
There seems to be an issue at the moment when trying to get the profile picture URL.
There are also several reports of this, like this one but still, after a year doesn't seem to be solved.
Attempted many ways but none worked, it always tries to download the file, seems it's missing the mime-type according to what the browser says.
The URL it gives is the following:
https://platform-lookaside.fbsbx.com/platform/profilepic/?asid={{myfbid}}&height=50&width=50&ext=1583348357&hash=AeTnFpMVwBXgFy_J
Also tried using the graph url directly: http://graph.facebook.com/{myid}/picture
And if I add the &redirect=false, it returns a data object with the platform-lookaside URL.
Everything I try, it tries to download.
This is how I'm currently trying to get the image using Graph API.
new GraphRequestManager().addRequest(new GraphRequest(
'/me',
{
accessToken: fbToken,
parameters: {
fields: {
string: 'picture.type(large)'
}
}
},
graphRequestCallback
)).start();
It works, but the URL is the same.
Any idea on how can I solve this? I might be missing something or the bug is still happening?
If you just change the graph url (http://graph.facebook.com/{myid}/picture) from http to https, it should work for you. Not sure if that's a new fix in React Native or not, but that solved it for me.
I already tried reading the documents as well try out the changing default behaviors https://flask-jwt-extended.readthedocs.io/en/latest/changing_default_behavior.html to handle the error (the link shows how to handle expired token) and search around in google everything in every keyword combination i could do but seems no one has example about this.
I tried using #jwt.revoked_token_loader to handle the RevokedTokenError but it seems it doesn't work as I applied it like this
#jwt.revoked_token_loader
def revoked_token_response(revoked_token):
jwtkn = revoked_token['jti']
return jsonsify({
'msg': 'token {} already been revoked!'.format(jwtkn)
)}, 401
actually, i don't know exactly how does the example on the link to handle expired tokens had parameter of 'expired_token', is that self-declaration like what I did above on the 'revoked_token'?? as far as I know, 'jti' is like a default value in the flask-jwt-extended package as I see error whenever I don't use this (in my db, it is different but there is no problem at all.
I tried following this tutorial and it works out fine on my side (as well his original code source) but I see that this one doesn't have a catch exception also on Revoke Tokens https://codeburst.io/jwt-authorization-in-flask-c63c1acf4eeb
I use postman and if based on the tutorial link, here's how i get this
i do login
i use the access token generated to access protected routes ('/secrets')
i do logout
i use again the access token generated to access protected routes
after the last one, i get this error on my server side (ide):
....flask_jwt_extended\utils.py", line 216, in verify_token_not_blacklisted
raise RevokedTokenError('Token has been revoked')
flask_jwt_extended.exceptions.RevokedTokenError: Token has been revoked
127.0.0.1 -- [02/Jul/2019 22:25:26] "GET /secrets HTTP/1.1" 500 -
in postman, this is what I get:
{
'message': 'Internal Server Error'
}
my target is to send out a custom json response instead of 'Internal Server Error'
edit:
I am no wiz on programming or such, a beginner that wanted to practice out python about secured web development. I don't yet quite understand still how decorator works out in terms of application, etc. so i don't know if others tweaks out the flask-jwt-extended package to work such things out.
Getting back a 500 error normally occurs because of a bug in other flask extensions and how that interact with native flask errorhandlers. You can find a bunch of discussions about it here (https://github.com/vimalloc/flask-jwt-extended/issues/86), but the tl;dr version is you might need to set app.config['PROPAGATE_EXCEPTIONS'] = True if using something like Flask-Restul, or use a hack like this if using flask-restplus:
jwt = JWTManager(app)
api = Api()
jwt._set_error_handler_callbacks(api)
If those don't help you, please take a look through that linked github issue, and if nothing in there helps make a reply in that issue detailing your setup.
Cheers.
My code hasn't changed, it was working yesterday or so.
I can oauth, get the token but then doing the following:
WebClient wc = new WebClient();
wc.DownloadStringCompleted += result;
wc.DownloadStringAsync(new Uri("https://graph.facebook.com/me&access_token=xxxTOKENxxx", UriKind.Absolute));
Returns a NotFound WebClient exception: "The remote server returned an error: NotFound."
Strange thing is that when pasting that same url on Chrome or IE it does work(PC).
Tried on Emulator and on 2 different real WP devices, even pasting the same url on the WP browser.
Feels like facebook is rejecting Windows Phone for some reason?
Anyone has an idea of what might be happening?
look like there is a bug on Facebook being tracked
click here if you want to follow
https://developers.facebook.com/bugs/367369176650486?browse=search_4fd82eadc62186861827790
after reading the link someone says graph.beta.facebook.com does work instead of graph.facebook.com
I can confirm its not you. WP7 sample from the SDK from GitHub is failing. ASP.NET sample is now returning an "Error occured in . Please try again later." error. As you noted, copying and pasting the URL into IE resolves and returned the expected JSON. Clearly something has changed.
I'm trying to get all downloads from an repo on github with help of https://github.com/ornicar/php-github-api
There is no download Object in this project, so i've created my own:
class Github_Api_Download extends Github_Api{
public function getDownloads($repo, $username){
$string = 'repos/'.urlencode($username).'/'.urlencode($repo).'/downloads';
$response = $this->get($string);
die(print_r($response));
return $response;
}
}
When i run this, i'm getting only
Server Error
HTTP 401: Unauthorized
it should be possible to get this without authentication too, because if i use the url in the browser, it's working
my authentication is working, because all the actions (e.g. create new repo,etc..) are working fine
Anybody can help me?:)
I was looking for this earlier, so I wrote my own little function and posted it on my blog. Hope this helps.
Check this out