For a long time in search of an answer, but nowhere to say how to get Nonce from the header'a, I tried to do it this way: let data = await response.headers.get('Nonce') , but the header answer is null , although it is, I can see it in the browser, how do I get it ?
let data = await response.headers.get('Nonce') - expected value of Nonce , but it's null
localStorage.setItem('Nonce', ${data}); - expected value of Nonce will saved
const nonce = localStorage.getItem('Nonce'); - expected to get nonce values
Related
I keep getting an error message when trying to send the key through url with encodeforURL() and decodefromUrl(). The code example is below.
This is my entry page:
key = generateSecretKey(("AES"),128);
data = encrypt(serializeJSON(pg_info), key, "AES", "HEX");
location("home.cfm?str=#encodeForURL(key)#&dt=#data#", "false", "301");
This is my home page:
if ( structKeyExists(url, "str") ) {
key = DecodeFromURL(url.str);
strData = deserializeJSON(decrypt(url.dt, key, "AES", "HEX")); // This is the line where the error message is pointing
} else {
writeOutput("<p>Error! Please contact your administrator.</p>");
abort;
}
The code is very simple. When user gets to the entry page the data parameters are being encrypted and sent trhough url to home page. Once user gets to home page data is extracted from ul. I tried adding the size when creating the secret key (128) in hope that issue will be resolved. The error is still happening and it seems that might be related to something else. I though that key length is the issue, but the error message is pointing to the line of code where url string is being applied to deserializeJSON(). Is there a way to find out what is causing an error an how to fix this issue? Thank you.
BTW, I assume this code is just for testing purpose, since passing the encryption key alongside the encrypted text utterly and completely defeats the purpose of encryption ;-)
Is there a way to find out what is causing an error
With troubleshooting, location() tends to get in the way, so best to temporarily replace it with a hyperlink. Then you'll be able to output the original key generated and compare it to what's actually received on the home page.
Test Case (Single Page)
<cfscript>
// It make take a few executions to hit a failing key like `n+Py4flPF6uOwNXwpq2J4g==`.
pg_info = { "plain" : "text" };
key = "generateSecretKey(("AES"),128);
data = encrypt(serializeJSON(pg_info), key, "AES", "HEX");
writeOutput( "[key] "& key &"<br>[encoded] "& encodeForURL(key) &"<br><br>");
writeOutput( 'Test' );
if ( url.keyExists("str")) {
writeDump( var=[url.str], label="url.str (Original)" );
writeDump( var=[DecodeFromURL(url.str)], label="url.str (Decoded)" );
key = DecodeFromURL(url.str);
strData = deserializeJSON(decrypt(url.dt, key, "AES", "HEX"));
writeDump( var=strData, label="strData" );
}
</cfscript>
how to fix this issue?
CF already decodes url parameters automatically. So decoding url.str a second time alters the original key value, causing decrypt() to fail because the key is no longer valid. Notice with a failing key like n+Py4flPF6uOwNXwpq2J4g== the original url.str value differs from the decoded key?
url.str (Original) n+Py4flPF6uOwNXwpq2J4g== (has "+" char)
key (Decoded) n Py4flPF6uOwNXwpq2J4g== ("+" changes to space char)
Right now I am using an http 0.11.3+16 and I am able to add a true value to an item on the site using the following function:
if (newAcceptStatus) {
response = await http.put('https://example.com/example1/${selectedOrder.id}/example2/${_authenticatedUser.id}.json?auth=${_authenticatedUser.token}',
body: json.encode(true));
this function is only called when the admin is logged in and the admin is the only one that can change the status of the Boolean, so the value is stored under the admins id and token. so I tried the following to help show if the item was changed by the admin to the user but i keep getting that the value is null when i decode the response with the following function:
Future<Null> checkAccept() async{
http.Response response;
response = await http.get('https://example.com/example1/${selectedOrder.id}/example2/(admin id goes here).json?auth=${_authenticatedUser.token}');
accepted = json.decode(response.body);
}
not sure what i am doing wrong. any help would be appreciated!
I was calling the wrong list of items which were very similar, thus giving me an empty list
I have a simple firebase DB which looks like
someNode: {
pushId-A: {param1: 'some string'},
pushId-B: {param1: 'some other string')
}
Using Axios GET, is there a way to query someNode for the value of param1 where I don't know the value of the pushId?
I want it to return the pushId of the node that contains "param1: 'some string'.
[EDIT}
I understand now that this is not an Axios question, but rather a Firebase question.
I've read the firebase docs here:
Filtering Data
But when I send the get request with any paramaters other than the auth token, I get back a 400 code. Which tells me it is incorrectly syntaxed.
here is the last part of the DB url
a8/data/houses/-L4OiszP7IOzkfh1f1NY/houseName
where houseName = "Aubergine"
Trying to filter for houseName I am passing:
axios.get('/houses.json/' + '?orderBy="houseName"&startAt="A"' + '&auth=' + token)
I'm keeping the params separate so I can more easily read and change them. Concatenating the strings has no effect.
No matter what combination of params I pass I get the 400 error code. If I leave them off, then the data comes through as expected.
What am I doing wrong????
I'm trying to make my first POST request to an API. For some reason, I always get status 403 in return. I suspect it's the signature that is being incorrectly generated. The api-key and client id is for sure correct.
My code
nonce <-as.integer(Sys.time())
post_message <- paste0(nonce, data_client.id, data_key) # data_client.id = client id # data_key = key
sha.message <- toupper(digest::hmac(data_secret, object = post_message, algo = 'sha256', serialize = TRUE))
url <- 'https://www.bitstamp.net/api/v2/balance/'
body = list('API-KEY' = data_key, 'nonce' = nonce, 'signature' = sha.message)
httr::POST(url, body = body, verbose())
Output
<- HTTP/1.1 403 Authentication Failed
I'm trying to access the Bitstamp API: https://www.bitstamp.net/api/?package=Rbitcoin&version=0.9.2
All private API calls require authentication. For a successful
authentication you need to provide your API key, a signature and a
nonce parameter.
API KEY
To get an API key, go to "Account", "Security" and then "API Access".
Set permissions and click "Generate key".
NONCEN
once is a regular integer number. It must be increased with every
request you make. Read more about it here. Example: if you set nonce
to 1 in your first request, you must set it to at least 2 in your
second request. You are not required to start with 1. A common
practice is to use unix time for that parameter.
SIGNATURE
Signature is a HMAC-SHA256 encoded message containing nonce, customer
ID (can be found here) and API key. The HMAC-SHA256 code must be
generated using a secret key that was generated with your API key.
This code must be converted to it's hexadecimal representation (64
uppercase characters).
I'm not sure if your question is still standing, but based on your code, I managed to get it working. In fact, the main problem is in the body, the API documentation shows it expects 'key' instead of 'API-KEY'.
Also, serialize should be FALSE instead of TRUE.
At the moment this works (but the API may change):
nonce <-as.integer(Sys.time())
post_message <- paste0(nonce, data_client.id, data_key) # data_client.id = client id # data_key = key
sha.message <- toupper(digest::hmac(data_secret, object = post_message, algo = 'sha256', serialize = FALSE))
url <- 'https://www.bitstamp.net/api/v2/balance/'
body = list('key' = data_key, 'nonce' = nonce, 'signature' = sha.message)
httr::POST(url, body = body, verbose())
I'm trying to implement a service Redsys payments on my .net website.
The payment is successful (data are sent by post) but when the POST data back to my website ( to confirm the payment ) and i try to retrieve them with:
Request.form string value = [ "name"]
the value is always empty
I tried to count how many are in Request.Form.Keys.Count and always gives me zero values.
In the vendor documentation it indicated that the variables may be collected with Request.form [ "name"] and I called them to ask why I do not get the data and they dont know why...so I'm desperate,
What may be due?
I have reviewed the header I get from the server ( width Request.Headers ) and have the following parameters. HttpMethod:: GET Requestype: GET and contentlength: 0 . My bank tell me that they response POST not GET... so it´s a mistery. May be the error is becouse that sendings are made from a https to a htttp ?
You are receiving a POST without parameters.
The parameters are in the content of the call.
You should read the content and get the values of each parameter:
[System.Web.Http.HttpPost]
public async Task<IHttpActionResult> PostNotification()
{
string body = "";
await
Request.Content.ReadAsStreamAsync().ContinueWith(x =>
{
var result = "";
using (var sr = new StreamReader(x.Result))
{
result = sr.ReadToEnd();
}
body += result;
});
In body you can read the parameters (the order of them can change).