I am using the Zend_Service_Twitter class to retrieve my userTimeline, however since August, I am no longer able to use Basic Authentication. This is perfectly fine, since userTimeline does not require authentication at all.
Strange enough, Zend_Service_Twitter thinks userTimeline requires full authentication (using oAuth tokens) to retrieve an unprotected twitter userTimeline. Is there a way around this that allows me to use all the normal userTimeline twitter api variables.
Thanks
I recently ran into this same issue - however, instead of trying to fix the broken Zend class, I just used the Search API.
$searchString = 'from:leeked';
$twitterSearch = new Zend_Service_Twitter_Search('json');
$this->twitter = $twitterSearch->search($searchString, array('rpp' => 15));
Related
I have a JavaEE Application. I am trying to implement OAuth.
But I am facing some strange issues:
As per the documentation to manually building the sign in web flow I have to provide a link like this https://www.facebook.com/dialog/oauth?client_id=1231298371123&display=popup&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fc%2Fportal%2Fauth%2Ffacebook_login%3F&scope=email,public_profile,user_birthday&response_type=code%20token which will open the dialog. But the dialog is not opening.
And when the SSO is successful FB is redirecting to the url given above but the problem is FB is appending the query strings like state, code, etc with #. Something like: http://localhost:8080/c/portal/auth/facebook_login?#state=ASDASDASDASD&access_token=EAANXZAlBTi........ Because for this I cannot get the parameters in Java.
Do any one came across this kind of issue.
Please help.
Not sure if I understood the question right but if you want to read the string after # you can use the following code
URI uri = new URI("http://test.com/#something=some");
String fragment = uri.getFragment();
fragment will be everything after #
I was trying out the new enhanced revocable sessions in Parse on my Android app. It works well when logging in or signing up via email password or facebook but doesn't work well for custom authentication, e.g. google+.
I'm currently logging in the user using the cloud code which also creates the new user when signing up. This does not create a new Session object, that means the new enhanced sessions are not used and it still uses the legacy sessions.
I pass the session token back to client where using the become method the user logs in but it's the legacy sessions.
This feels like the feature is not complete but I would really like to move to the new enhanced sessions with my app. Has anyone worked with them yet? Are there any workarounds using the REST API or by creating the sessions manually and handling them manually? I looked into the JS API but it says it's only read only.
Here's the Blog post on Enhanced Sessions.
Where should I go next?
Yes, I found a solution but it's a workaround, works for my case because I don't support signing up with user/password.
Basically, the solution (cloud code) in semi pseudo-code is:
Fetch the user with master key
Check if user.getSessionToken() has value
if it has, return the session token and do a user.become() in the client as usual
if it's not, here the workaround, do the following:
yourPreviousPromiseInOrderToChainThem.then(function(user)
password = new Buffer(24);
_.times(24, function(i) {
password.set(i, _.random(0, 255));
});
password = password.toString('base64')
user.setPassword(password);
return user.save();
}).then(function(user) {
return Parse.User.logIn(user.get('username'), password)
}).then(function(user) {
var sessionToken = user.getSessionToken();
// Return the session token to the client as you've been doing with legacy sessions
})
That means, I'm changing the user password each time in order to make a remote login and, of course, I know thist can't be applied to all cases, it's enough for app because I don't support login with user/password (only third party logins) but I understand that maybe it's not for all cases.
I got the idea from this official Parse example.
I don't like this solution because I think is not a workaround, it's a mega hack but I think there is no other way to do it currently (either Parse.com or Parse-Server)
If you find other workaround, please, share it :)
I want to get the values of all custom fields for a particular JIRA issue using SOAP API. I have a custom field named 'Phase' having value Decision Pending for a JIRA issue JIRA-123.
I am using JIRA 5.1.3.
I am able to get all the properties of JIRA issue using SOAP API except the value of the custom field for above issue.
I tried following code, but I am not able to use ComponentManager in my code
IssueManager issueManager = ComponentManager.getInstance().getIssueManager();
CustomFieldManager customFieldManager = ComponentManager.getInstance().getCustomFieldManager();
Issue issue = issueManager.getIssueObject("JIRA-123");
CustomField customField = customFieldManager.getCustomFieldObjectByName("Phase");
Object customFieldValue = issue.getCustomFieldValue(customField);
I would highly appreciate if anyone can provide correct approach.
The SOAP API is deprecated by 5.1.3. I suggest you use the REST API - it is both more easy to use and implement.
What is REST?: read here. The basic idea is to bind HTTP request types to actions, it's quite obvious - check this table for a quick run-in.
Jira has a powerful REST API that you can use. This is the main documentation of the current release.
What do you need to do in some high-level steps?:
Set-Up some type of authentication with your JIRA instance. Be it:
Baisc - example
OAuth - example
Get a list of all fields via the API:
The /rest/api/2/field' [method returns a list of all fields][6] - both System and Custom.
Then when you identify the exact field use/rest/api/2/customFieldOption/{id}` to get the full
representation of the Custom Field Option.
I recommend you use a tools like Chrome REST Console ,or anything similar that you can easily make requests with, to get to know the API. The bonus is that you don't need to setUp authentication if you're logged in through the same browser. Your user will require full admin access though.
This is the root of all JIRA REST API docs. Check it out.
If you're doing this in PHP I would personally recommend using some kind of library. I've used
Guzzle (in a CakePHP environment) for this exact task and it turned out very well.
I'm not sure of how do you use the soap API, here is example of using it via the PHP-SOAP:
#!/usr/bin/php -q
<?php
$soapClient = new SoapClient("https://jira.com/rpc/soap/jirasoapservice-v2?wsdl");
$token = $soapClient->login('user', 'password');
$myIssue = $soapClient->getIssue($token,"TES-13");
print_r($myIssue); // all of the issue details
print_r($myIssue->customFieldValues); // get all custom fields
foreach ($myIssue->customFieldValues as $customFieldValue) {
// search for the right custom field
if ($customFieldValue->customfieldId == 'customfield_10402') {
echo $customFieldValue->values[0];
die();
}
}
?>
In case you want to use any other API, have a look at the JIRA Remote API Reference.
A remark regarding the REST and SOAP APIs -To quote from Jira's site the SOAP API "Supported but no future development". The Rest API is still a bit new and there are things you can't yet do with the REST API (example), and can be done easily using the SOAP API.
I have configured atk-addons oauth login using facebook. After entering user creantial facebook redirect to my application which leads server error
The website encountered an error while retrieving =">http://demo.test.com/admin/?page=index&auth=admin_controller_oauth_facebook&callback=1&code=AQA-7FlLE8Z-JRZFkOzYasQC88Erpz7D2NsdGcw-yw122UW_3DeEC18JnuhZQcLuW3vWP18eYDkThwxq5G2jNO-Blkv69YO3IrZx9PD3Py_G4H6Qr8BX_16UsrM7fFDbjBaQDenCuerER_6XRsVqoBwaBK40GNeLnqPxIY6qbYIy0Pm4GsYIvMuJX4s_VDGgXNY#=. It may be down for maintenance or configured incorrectly.
How to fix this?
From my email to group on May 25, 2012:
Moved oauth, sni to dedicated namespaces out of misc.
They are updated and address a few issues (especially with Facebook).
Usage of misc/lib/Controller/OAuth.php is discouraged and deprecated. Make your adjustments.
new syntax for Facebook oAuth:
$f = $this->add("oauth/Controller_OAuth_Facebook");
$c = $this->add("sni/Controller_SNI_Facebook");
Remember, to reuse Facebook token to perform extra requests, use following syntax:
$f->setSignatureInfo();
$f->setAuthToken($fbtoken["access_token"], $fbtoken["expires"]);
$c = $this->add("sni/Controller_SNI_Facebook");
$c->setOAuth($f);
given, you have stored $fbtoken, which is usually retrieved by:
if ($fbtoken = $f->check()){}
Rest of the code remains the same.
Using the new ASP.NET Web API beta. I can not seem to get the suggested method of authenticating users, to work. Where the suggested approach seems to be, to add the [Authorize] filter to the API controllers. For example:
[Authorize]
public IEnumerable<Item> Get()
{
return itemsService.GetItems();
}
This does not work as intended though. When requesting the resource, you get redirected to a login form. Which is not very suitable for a RESTful webapi.
How should I proceed with this? Will it work differently in future versions?, or should I fall back to implementing my own action filter?
Double check that you are using the System.Web.Http.AuthorizeAttribute and not the System.Web.Mvc.AuthorizeAttribute. This bit me before. I know the WebAPI team is trying to pull everything together so that it is familiar to MVC users, but I think somethings are needlessly confusing.
Set your authentication mode to None:
<authentication mode="None" />
None Specifies no authentication. Your application expects only anonymous users or the application provides its own authentication.
http://msdn.microsoft.com/en-us/library/532aee0e.aspx
Of course then you have to provide some sort of authentication via headers or tokens or something. You could also specify Windows and use the built in auth via headers.
If this site is mixed between API and actual pages that do need the Forms setting, then you will need to write your own handling.
All the attribute does is return an HttpUnauthorizedResult instance, the redirection is done outside of the attribute, so its not the problem, its your authentication provider.
Finally, I've found a solution at:
ASP.NET MVC 4 WebAPI authorization
This article shows how you can fix this issue.
You are being redirected to login page because forms authentication module does this automatically. To get rid of that behavior disable forms authentication as suggested by Paul.
If you want to use more REST friendly approach you should consider implementing HTTP authorization support.
Take a look at this blog post http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-membership-provider/
ASP.NET 5 Introduced the new Microsoft.AspNet.Authorization System which can secure both MVC and Web API controllers.
For more see my related answer here.
Update:
At that time 2 years ago it was Microsoft.AspNetCore.Authorization.
As #Chris Haines pointed out. now it resides on
Microsoft.AspNetCore.Authorization.
From .NET core 1.0 to 2.0 many namespaces have been moved i think.
And spread functionality between .net classic and core was obscure.
That's why Microsoft introduced the .net standard.
.net standard
Also, look at my answer for:
How to secure an ASP.NET Web API
There is a NuGet package I have created which you can use for convenience.
If you're using a Role, make sure you have it spelled correctly :
If your role is called 'Administrator' then this - for instance will not work :
[System.Web.Http.Authorize(Roles = "Administator")]
Neither will this :
[System.Web.Http.Authorize(Roles = "Administrators")]
Oops...
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Produces("application/json")]
[Route("api/[controller]")]
public class CitiesController : Controller
{
[HttpGet("[action]")]
public IActionResult Get(long cityId) => Ok(Mapper.Map<City, CityDTO>(director.UnitOfWork.Cities.Get(cityId)));
}
Use
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
Filter with authentication type