Using Coldfusion I would like to create a REST service
I would like to post it to: https://www.test.co.za/ using the username "person1" and password "password1".
The data type would be: application/json
And I would like to pass the following parameters:
callbackURL (string)
amount (bigdecimal)
reference (string)
description (string)
This will then return:
reference (string)
redirectURL (string)
status (string)
This is what I have got so far:
index.cfm
<cfset restInitApplication("C:\ColdFusion10\cfusion\wwwroot\restApp","IIT")>
<cfhttp url="http://127.0.0.1:8500/rest/IIT/rest" method="get">
<cfoutput>#cfhttp.filecontent#</cfoutput>
rest.cfc
<cfcomponent rest="true" restpath="restService">
<cffunction name="sayHello" access="remote" returntype="String" httpmethod="GET">
<cfset callbackURL = "https://www.google.com">
<cfset amount = "100,50">
<cfset reference = "123456789">
<cfset description = "This is a description">
<cfreturn rest>
</cffunction>
</cfcomponent>
I would like to know if I am on the right track and how I would post my values to https://www.test.co.za/ with a username and password
I am not sure if it will look something like this:
<cfhttp
url="https://www.test.co.za/"
method="post"
port="8500"
result="res">
</cfhttp>
Thanks in advance
Related
Amazon's documentation on how to verify is posted here: https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#checking-the-signature-of-the-request
I'm stuck trying to get this to work:
Once you have determined that the signing certificate is valid, extract the public key from it.
Base64-decode the Signature header value on the request to obtain the encrypted signature.
Use the public key extracted from the signing certificate to decrypt the encrypted signature to produce the asserted hash value.
Generate a SHA-1 hash value from the full HTTPS request body to produce the derived hash value
Compare the asserted hash value and derived hash values to ensure that they match.
Here's what I have so far. I have the verification done as far as the subject and valid pem file, the issue is I have no idea how to 'Compare the asserted hash value and derived hash values to ensure that they match.'
<!---get the request sent from amazon---->
<cfset local.request = deserializeJson(
toString(getHttpRequestData().content)
)>
<!---collect headers for authentication---->
<cfif this.isTesting is False>
<cftry>
<cfset local.request.headers.SignatureCertChainUrl = getHttpRequestData().headers.SignatureCertChainUrl>
<cfcatch type="any">
<cfset local.request.request.type = "SessionEndedRequest"><!---end session if SignatureCertChainUrl not passed--->
</cfcatch>
</cftry>
<cftry>
<cfset local.request.headers.Signature = getHttpRequestData().headers.Signature>
<cflog file="Alexa" text="URL Sig: #local.request.headers.Signature#" >
<cfcatch type="any">
<cfset local.request.request.type = "SessionEndedRequest"><!---end session if Signature not passed--->
<cflog file="Alexa" text="Signature is not defined" >
</cfcatch>
</cftry>
<cfif isDefined("local.request.headers.SignatureCertChainUrl") and
isDefined("local.request.headers.Signature")>
<cfif find('https://s3.amazonaws.com/echo.api/',local.request.headers.SignatureCertChainUrl)
or find('https://s3.amazonaws.com:443/echo.api/',local.request.headers.SignatureCertChainUrl)><!---not ssl so kill it--->
<cflog file="Alexa" text="URL Chain: #local.request.headers.SignatureCertChainUrl#" >
<cfset local.request.headers.SignatureCertChainUrlFormatted = replacenocase(local.request.headers.SignatureCertChainUrl,'echo.api/../echo.api','echo.api')>
<cfhttp url="#local.request.headers.SignatureCertChainUrlFormatted#" method="get"></cfhttp>
<cffile action="write"
file="C:\inetpub\alexa\cert\echo.pem"
output="#cfhttp.FileContent#">
<!---check date is valid---->
<cfexecute name="C:\OpenSSL-Win32\bin\openssl.exe"
arguments="x509 -noout -dates -in C:\inetpub\alexa\cert\echo.pem"
variable="local.cert.OpenSSL_dates"
timeout="10" >
</cfexecute>
<cfset local.cert.datesFormatted = replacenoCase(local.cert.OpenSSL_dates,'notbefore','')>
<cfset local.cert.datesFormatted = replacenoCase(local.cert.datesFormatted,'notafter','')>
<cfset local.cert.datesFormatted = replacenoCase(local.cert.datesFormatted,'=','')>
<cfset local.cert.notBefore = trim(listgetat(local.cert.datesFormatted,1,'='))>
<cfset local.cert.notAfter = trim(listgetat(local.cert.datesFormatted,2,'='))>
<cfif datecompare(convertCertTime(local.cert.notBefore),now()) is '-1' and
datecompare(convertCertTime(local.cert.notAfter),now()) is '1'>
<!---cert date is valid--->
<cfelse>
<cfset local.request.request.type = "SessionEndedRequest">
</cfif>
<!---check 'echo-api.amazon.com' in subject---->
<cfexecute name="C:\OpenSSL-Win32\bin\openssl.exe"
arguments="x509 -noout -subject -in C:\inetpub\alexa\cert\echo.pem"
variable="local.cert.OpenSSL_Subject"
timeout="10" >
</cfexecute>
<cfif NOT findNOcase('echo-api.amazon.com',local.cert.OpenSSL_Subject)>
<cfset local.request.request.type = "SessionEndedRequest">
</cfif>
<!---check 'CN=Symantec Class 3 Secure Server CA' in issuer---->
<cfexecute name="C:\OpenSSL-Win32\bin\openssl.exe"
arguments="x509 -noout -issuer -in C:\inetpub\alexa\cert\echo.pem"
variable="local.cert.OpenSSL_issuer"
timeout="10" >
</cfexecute>
<cfif NOT findNOcase('Symantec Class 3 Secure Server CA',local.cert.OpenSSL_issuer)>
<cfset local.request.request.type = "SessionEndedRequest">
</cfif>
<cfexecute name="C:\OpenSSL-Win32\bin\openssl.exe"
arguments="x509 -noout -pubkey -in C:\inetpub\alexa\cert\echo.pem"
variable="local.cert.OpenSSL_Pubkey"
timeout="120" >
</cfexecute>
<cffile action="write"
file="C:\inetpub\alexa\keys\#local.request.request.requestId#.key"
output="#local.cert.OpenSSL_Pubkey#">
<!---decyrpt header signature---->
<!----Base64-decode the Signature header---->
<cfset local.cert.encryptedSig = toString(ToBinary(local.request.headers.Signature)) />
<cffile action="write"
file="C:\inetpub\alexa\keys\#local.request.request.requestId#.sig"
output="#local.cert.encryptedSig#">
<cfelse>
<cfset local.request.request.type = "SessionEndedRequest">
</cfif>
<!----end of header decrypting----->
<cfelse>
<!---if either of these are not defined kill the session---->
<cfset local.request.request.type = "SessionEndedRequest">
</cfif>
</cfif>
Try charsetDecode to utf-8 before Base64 decode
Use this before Base64 decode
<CFSET local.request.headers.Signature = charsetDecode( local.request.headers.Signature, "utf-8" )>
The API sends a verification code via a phone call that the user then enters into a website... basically verifying that there phone number is valid.
But I'm having trouble signing the request. No matter what I try it returns "Invalid Signature"
The API documentation:
http://docs.telesign.com/rest/content/verify-call.html
The authentication documentation:
http://docs.telesign.com/rest/content/rest-auth.html
The authentication examples:
http://docs.telesign.com/rest/content/auth-examples.html
The code:
<cffunction name="encryptHmacSHA1" returntype="binary" access="public" output="false">
<cfargument name="base64Key" type="string" required="true">
<cfargument name="signMessage" type="string" required="true">
<cfargument name="encoding" type="string" default="UTF-8">
<cfset var messageBytes = JavaCast("string",arguments.signMessage).getBytes(arguments.encoding)>
<cfset var keyBytes = binaryDecode(arguments.base64Key, "base64")>
<cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec")>
<cfset var mac = createObject("java","javax.crypto.Mac")>
<cfset key = key.init(keyBytes,"HmacSHA1")>
<cfset mac = mac.getInstance(key.getAlgorithm())>
<cfset mac.init(key)>
<cfset mac.update(messageBytes)>
<cfreturn mac.doFinal()>
</cffunction>
<cfscript>
// PHONE NUMBER TO CALL
phoneNumberToCall = "15554565555";
// KEYS
keys = structNew();
keys.customerID = "D561FCF4-BA8D-4DFC-86D1-1A46DF47A308";
keys.apiKey = "mDzGHsMOc2g/ivkuINEFVh6fn/v4kdjvlTvtgFVOShu7hVWXS0eV2nLSw1FXgEzDSuOjhlKLXvneiq+YFG1/Vg==";
// DATES
dates = structNew();
dates.timeZoneInfo = GetTimeZoneInfo();
dates.dateToUse = DateAdd("h",dates.timeZoneInfo.utcHourOffset,now());
dates.signingDate = DateFormat(dates.dateToUse,"ddd, dd mmm yyyy") & " " & TimeFormat(dates.dateToUse,"HH:mm:ss") & " +0000";
// HEADERS
headers = [
"POST",
"application/x-www-form-urlencoded",
"#dates.signingDate#",
"phone_number=#phoneNumberToCall#&ucid=OTHR",
"/v1/verify/call"
];
headerText = arrayToList(headers, chr(10)) & chr(10);
// CREATE SIGNATURE
stringToSign = binaryEncode( encryptHmacSHA1(keys.apiKey, headerText), "base64");
// AUTHORIZE HEADER
Authorization = "TSA" & " " & keys.customerID & ":" & stringToSign;
</cfscript>
<cfhttp method="POST" url="https://rest.telesign.com/v1/verify/call" port="443" charset="UTF-8" result="verifyPhoneCall">
<cfhttpparam type="header" name="authorization" value="#Authorization#">
<cfhttpparam type="header" name="content-type" value="application/x-www-form-urlencoded">
<cfhttpparam type="header" name="date" value="#dates.signingDate#">
<cfhttpparam name="phone_number" value="#phoneNumberToCall#" type="formfield">
<cfhttpparam name="ucid" value="OTHR" type="formfield">
</cfhttp>
<cfdump var="#verifyPhoneCall#">
The headers need to be included in the signature with "new lines". And the docs also say that they need to be in the same order that the http tag is sending them in. I don't think I have the order correct... or even how I'm supposed to set an order in the cfhttp call.
Any help is appreciated. And yes the keys are real. I'll generate new ones soon.
Thanks,
Brian
Looking over their documentation on Constructing the CanonicalizedPOSTVariables Element it mentions that the POST body must match the string used when constructing the signature (emphasis mine):
... when you construct the signature string, you must use the body of
the POST request exactly as it is delivered to the service.
By default, cfhttpparam url encodes any formField values. Since you are not encoding those values when you construct the signature, the content submitted by cfhttp does not match. Hence the error.
Either disable automatic encoding for all of the form fields in the signature:
<cfhttpparam name="phone_number"
value="#phoneNumberToCall#"
type="formfield"
encoded="false">
... or use type="body" instead. Then you have complete control over the post content:
<cfhttpparam type="body"
value="phone_number=15554565555&ucid=OTHR">
Update:
Also, get rid of the final new line ie chr(10) in the "headerText". Otherwise your cfhttp content still will not match the signature. ie Use this:
headerText = arrayToList(headers, chr(10));
.. instead of:
headerText = arrayToList(headers, chr(10)) & chr(10);
I'm trying to do server side facebook connect, but the sdk (get it here) provided gives the following error:
Invalid CFML construct found on line 523 at column 78.
ColdFusion was looking at the following text:
{
And it doesn't explain why it's throwing this error. I'm not good at cfscript, so I don't know whether the sdk uses the correct syntax, but it throws the error on this function, at the braces of the struct in the function arguments:
private String function getUrl(String path = "", Struct parameters = {})
{
var key = "";
var resultUrl = "https://www.facebook.com/" & arguments.path;
if (structCount(arguments.parameters)) {
resultUrl = resultUrl & "?" & serializeQueryString(arguments.parameters);
}
return resultUrl;
}
I had thought that using an sdk would be a no brainer, but apparently I'm missing something.
What am I doing wrong?
Part 2:
The code now comes to a halt at:
for (var propertyName in arguments.properties) {
httpService.addParam(type="formField", name=propertyName, value=arguments.properties[propertyName]);
}
Are you not allowed to use a for loop in cfscript?
Try structNew() or "#structNew()#" instead of {}
This should work for connecting to Facebook and getting an access token:
<cfset appID = ""/>
<cfset secret_key = ""/>
<cfset app_url = ""/>
<cfparam name="URL.Code" default="0">
<cfparam name="URL.state" default="0">
<cfparam name="SESSION.Redirect" default="0">
<cfset code_ = URL.Code>
<cfif code_ EQ "" OR code_ EQ 0>
<cfset SESSION.State = Hash(CreateUUID(),"MD5")>
<cfset dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" & appID & "&redirect_uri=" & app_url & "&scope=email,user_photos,publish_stream" & "&state=" & SESSION.State>
<cflocation url="#dialog_url#" addtoken="no">
</cfif>
<cfif SESSION.State EQ URL.State>
<cfset token_url = "https://graph.facebook.com/oauth/access_token?client_id=" & appID & "&redirect_uri=" & app_url & "&client_secret=" & secret_key & "&code=" & code_>
<cfhttp url="#token_url#" result="AccessToken" method="GET">
<cfelse>
<p>The state does not match. You may be a victim of CSRF.</p>
</cfif>
I have these form values I'm trying capture in a session:
prop_zip
prop_st
address
city
fname
lname
email
pri_phone_1
pri_phone_2
pri_phone_3
Here is my session code:
<cfapplication name="qsErrorVals" clientmanagement="yes" sessionmanagement="yes" sessiontimeout="#createTimeSpan(0,0,360,0)#">
<cflock timeout="120" name="#session.sessionID#" type="exclusive">
<cfset session.prop_st="#prop_st#">
<cfset session.prop_zip="#prop_zip#">
<cfset session.address="#address#">
<cfset session.fname="#fname#">
<cfset session.lname="#lname#">
<cfset session.email="#email#">
<cfset session.pri_phone_1="#pri_phone_1#">
<cfset session.pri_phone_2="#pri_phone_2#">
<cfset session.pri_phone_3="#pri_phone_3#">
</cflock>
So far, I can only save two of the variables from the form:
prop_zip
prop_st
The rest I'm having trouble with saving the form values to the session. I've defined the variables I want to store in the session before creating the session and I've tried using this code:
<cfset session.email="#form.email#">
etc...
Still I can only save the two variables I mentioned. What am I doing wrong?
Eh, I usually take the easy way out. In addition to the recommendations about cfapplication, scoping and paraming form vars in Micah's answer, I'd copy the whole form struct into session.
session.theForm = structCopy(form);
It's difficult to answer specifically without looking at all of your code but hopefully this example will help.
The cfapplication tag should go in an Application.cfm or Application.cfc file.
The session code should most likely be placed in another file.
I'd recommend specifying a scope attribute of session in the cflock tag.
Application.cfm file:
<cfapplication name="qsErrorVals" clientmanagement="yes" sessionmanagement="yes" sessiontimeout="#createTimeSpan(0,0,360,0)#">
ErrorVals.cfm or whatever you want to call the file:
<cfparam name="form.prop_st" default="NY" > <!--- I've added default data for testing --->
<cfparam name="form.prop_zip" default="12345" >
<cfparam name="form.address" default="1st Main St." >
<cfparam name="form.fname" default="John" >
<cfparam name="form.lname" default="Doe" >
<cfparam name="form.email" default="me#domain.com" >
<cfparam name="form.pri_phone_1" default="123-123-1234" >
<cfparam name="form.pri_phone_2" default="123-123-1234" >
<cfparam name="form.pri_phone_3" default="123-123-1234" >
<cfscript>
prop_st = trim(form.prop_st); // validate, trim, etc.
prop_zip = trim(form.prop_zip);
address = trim(form.address );
fname = trim(form.fname );
lname = trim(form.lname );
email = trim(form.email);
pri_phone_1 = trim(form.pri_phone_1);
pri_phone_2 = trim(form.pri_phone_2);
pri_phone_3 = trim(form.pri_phone_3);
</cfscript>
<cflock scope="session" type="exclusive" timeout="10" >
<cfset session.prop_st = prop_st>
<cfset session.prop_zip = prop_zip>
<cfset session.address= address>
<cfset session.fname= fname>
<cfset session.lname= lname>
<cfset session.email= email>
<cfset session.pri_phone_1= pri_phone_1>
<cfset session.pri_phone_2= pri_phone_2>
<cfset session.pri_phone_3= pri_phone_3>
</cflock>
<cfdump var="#session#">
I have a legacy application where an email.cfm file is used with a cfmail tag to send e-mail:
<cfmail from="abc#123.com" to="def#456.com" subject="New e-mail!">
// lots of HTML
</cfmail>
Now I'd like to update it for ColdFusion Model Glue 3. I want to send it using a mail object in the controller, and include in the body a CFM page:
var mail = new mail();
mail.setFrom("abc#123.com");
mail.setTo("def#456.com");
mail.setSubject("New e-mail!");
mail.setBody( ** SOME CFM FILE ** );
mail.send();
Does anybody have any idea how I can do this?
You can render the content you want to email in a cfsavecontent block and then use that in the email, like:
<cfsavecontent variable="myemail">
...add some HTML, include another file, whatever...
</cfsavecontent>
<cfscript>
mail.setBody( myemail );
</cfscript>
See http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7d57.html
Call the CFC assigning it to a variable, like cfset request.emaiBody = cfc.function(). Then just put it in your setBody tag.
OP was convinced to use CFML, but to answer the question as it was initially asked:
var mail = new Mail();
mail.setFrom("abc#123.com");
mail.setTo("def#456.com");
mail.setSubject("New e-mail!");
mail.setType("html");
savecontent variable="mailBody" {
include "email.cfm";
}
mail.setBody(mailBody);
mail.send();
I ended up following Henry's advice in the comments and created a CFML-based CFC:
<cfcomponent>
<cffunction name="SendMail">
<cfargument name="from"/>
<cfargument name="to"/>
<cfargument name="subject"/>
<cfmail from="#from#" to="#to#" subject="#subject#">
<!--- HTML for e-mail body here --->
</cfmail>
</cffunction>
</cfcomponent>
Dave Long's suggestion is also good, which is to create components using <cfcomponent>, then wrapping the code in <cfscript> tags. This gives you the ability to fall back to CFML in case the there is no cfscript equivalent or it's easier to do with CFML:
<cfcomponent>
<cfscript>
void function GetData()
{
RunDbQuery();
}
</cfscript>
<cffunction name="RunDbQuery">
<cfquery name="data">
SELECT * FROM ABC;
</cfquery>
<cfreturn data>
</cffunction>
</cfcomponent>