I have written a custom backend for JWT authentication in cookies. I'd like to test it using the DRF-Spectacular. To this end, I've written the following scheme:
from drf_spectacular.extensions import OpenApiAuthenticationExtension
from .backends import JWTCookieAuthentication
class JWTCookieAuthenticationScheme(OpenApiAuthenticationExtension):
name = "JWTCookieAuthenticationScheme"
target_class = JWTCookieAuthentication
def get_security_definition(self, auto_schema):
return {
'type': 'apiKey',
'in': 'cookie',
'name': 'jwt',
}
The "Authorize" button appears in the generated API, but the entered value is passed in the header instead of the cookie. The generated CURL command for an exemplary request is the following:
curl -X 'GET'
'http://localhost:8001/user/my_user/'
-H 'accept: application/json'
-H 'Cookie: jwt=12345'
while the expected one would be something like:
curl -X 'GET'
'http://localhost:8001/user/my_user/'
-H 'accept: application/json'
--cookie 'jwt=12345'
Is it a bug or I'm doing something wrong?
Related
I'm trying to connect the API to my r studio. After executing the below code I got the error 403. Access Denied due to Invalid Authorization.
apiKey <- "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiIsImtpZCI6IjI4YTMxOGY3LTAwMDAtYTFlYi03ZmExLTJjNzQzM2M2Y2NhNSJ9.eyJpc3MiOiJzdXBlcmNlbGwiLCJhdWQiOiJzdXBlcmNlbGw6Z2FtZWFwaSIsImp0aSI6ImQ2YzliYjRmLTIwZmMtNDc3NS1iMTYxLWNmMzgzZWMyYThmYSIsImlhdCI6MTYzODgzMDY2Miwic3ViIjoiZGV2ZWxvcGVyLzU1M2E1ODA1LTA1YzctNTQyZS00MjAyLTY4NjNkYjZmYjg0OCIsInNjb3BlcyI6WyJicmF3bHN0YXJzIl0sImxpbWl0cyI6W3sidGllciI6ImRldmVsb3Blci9zaWx2ZXIiLCJ0eXBlIjoidGhyb3R0bGluZyJ9LHsiY2lkcnMiOlsiODQuODIuMjA5LjMiXSwidHlwZSI6ImNsaWVudCJ9XX0.lUSKahV0RJR23NHQmEQJopkp31qwD3VcGqr8gBVTIEt0Hg3cK4AMg00kGVD9NFqXhUmnEOeQtLug2ZJcsXCYbQ"
url <- "https://api.brawlstars.com/v1/players/%238QUYQ8/battlelog"
headers <- c('Content-type' = 'application/json',
'Accept' = 'application/json',
'authorization' = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiIsImtpZCI6IjI4YTMxOGY3LTAwMDAtYTFlYi03ZmExLTJjNzQzM2M2Y2NhNSJ9.eyJpc3MiOiJzdXBlcmNlbGwiLCJhdWQiOiJzdXBlcmNlbGw6Z2FtZWFwaSIsImp0aSI6ImQ2YzliYjRmLTIwZmMtNDc3NS1iMTYxLWNmMzgzZWMyYThmYSIsImlhdCI6MTYzODgzMDY2Miwic3ViIjoiZGV2ZWxvcGVyLzU1M2E1ODA1LTA1YzctNTQyZS00MjAyLTY4NjNkYjZmYjg0OCIsInNjb3BlcyI6WyJicmF3bHN0YXJzIl0sImxpbWl0cyI6W3sidGllciI6ImRldmVsb3Blci9zaWx2ZXIiLCJ0eXBlIjoidGhyb3R0bGluZyJ9LHsiY2lkcnMiOlsiODQuODIuMjA5LjMiXSwidHlwZSI6ImNsaWVudCJ9XX0.lUSKahV0RJR23NHQmEQJopkp31qwD3VcGqr8gBVTIEt0Hg3cK4AMg00kGVD9NFqXhUmnEOeQtLug2ZJcsXCYbQ')
The curl code is working well. Here below is the curl code:
curl -X GET --header 'Accept: application/json' --header "authorization: Bearer <API token>" 'https://api.brawlstars.com/v1/players/%238QUYQ8/battlelog'
Here is my test HTTP request I need to rewrite to use in groovy:
curl 'https://api-dev.test.ru/uaa/oauth/token' -H 'Authorization: Basic 1234567=' -H 'Content-Type: application/x-www-form- urlencoded' -H 'Accept: application/json, text/plain, */*' --data 'grant_type=password' --data-urlencode 'username=theLogin' --data-urlencode 'password=thePassword'
Here is the way I've rewritten it:
def httpRequest = [path : 'https://api-dev.test.ru/uaa/oauth/token',
headers : ['Authorization: Basic 1234567='
'Content-Type': 'application/x-www-form-urlencoded',
'Accept' : 'application/json, text/plain, */*'],
data : ['grant_type=password'],
data_urlencode: ['username=theLogin',
'password=thePassword']
]
It seems to be not correctly, because the test app doesn't work with the request. Have I rewritten the request correctly. If I haven't, where is my mistake?
You should be using Http Builder. Your code would look like:
def result = HttpBuilder,configure {
request.uri = 'https://api-dev.test.ru/uaa/oauth/token'
request.contentType = 'application/x-www-form-urlencoded'
request.headers.Accept = 'application/json, text/plain, */*'
}.post {
request.auth.basic 'admin', 'myp#$$w0rd'
request.uri.query = [ grant_type:'password' ]
request.body = [username:'theLogin', password:'thePassword']
}
I'm trying to use the sendgrid v3 API to purge bounces, it works fine when using CURL in CLI, here is the command:
curl -v -X DELETE -d '{"delete_all": true}' -H "Content-Type: application/json" -H "Authorization: Bearer SG.mykey" "https://api.sendgrid.com/v3/suppression/bounces"
But when trying to launch it with Symfony2 / Guzzle, I am getting a bad request error, however the request seems OK, here is the output of (string) $request:
"""
DELETE /v3/suppression/bounces HTTP/1.1\r\n
Host: api.sendgrid.com\r\n
Authorization: Bearer SG.mykey\r\n
User-Agent: Guzzle/3.9.3 curl/7.35.0 PHP/5.5.9-1ubuntu4.17\r\n
Accept: application/json\r\n
Content-Length: 20\r\n
\r\n
{"delete_all": true}
"""
And the exception:
[Guzzle\Http\Exception\ClientErrorResponseException]
Client error response
[status code] 400
[reason phrase] BAD REQUEST
[url] https://api.sendgrid.com/v3/suppression/bounces
When using the GET method, it works correctly and it returns me all the bounces.
Here is the guzzle code:
$request = $this->httpClient->delete('/v3/suppression/bounces', null, '{"delete_all": true}');
$response = $request->send();
The http client is a service initialized with the https://api.sendgrid.com base URL.
Your problem I think is that you are sending 3 params to delete when it only has two, instead what you need to do is pass the body in options array.
$response = $this->httpClient->delete(
'/v3/suppression/bounces',
[
'body' => json_encode(['delete_all', true]),
'Authorization' => 'Basic ' . base64_encode($username . ':' . $password),
'content-type' => 'application/json'
]
);
Guzzle options docs
Answering to myself. The problem was pretty obvious: The content-type header was not set, the "accept" one was. I didn't care about this header because you don't have to pass it when using the GET method for this API. So now when debugging my request object I have:
"""
DELETE /v3/suppression/bounces HTTP/1.1\r\n
Host: api.sendgrid.com\r\n
Authorization: Bearer SG.mykey\r\n
Content-Type: application/json\r\n
Content-Length: 20\r\n
User-Agent: Guzzle/3.9.3 curl/7.35.0 PHP/5.5.9-1ubuntu4.17\r\n
Accept: application/json\r\n
\r\n
{"delete_all": true}
"""
I refered this document,
http://sldn.softlayer.com/reference/Object-Storage-CDN/Set-Time-Live-TTL
my request headers are like below but I get 400 error with this message "NetworkError: 400 Bad Request - http://localhost:8080/cloud/objectstorage"
'X-Context' : 'cdn',
'X-Cdn-Ttl' : 3600,
'Accept' : 'application/json',
'X-Auth-Token' : token
Try this curl:
curl -i -XPOST -H "X-Cdn-Ttl: 3600" -H "X-Context: cdn" -H "X-Auth-Token: AUTH_XXXX" https://dal05.objectstorage.softlayer.net/v1/AUTH_6d6s56a-1665-4135-b145-8584d3427299/407608/mycontainer
Replace your token, URL
The value 407608 is the ID of your account
mycontainer is the name of the container you wish to edit the Time
Regards
This is the Google Apps Script that makes the request:
UrlFetchApp.fetch('https://user:password#sitename.com/api', {
method: 'put',
headers: { 'Accept': '*/*' },
payload: 'foo=bar&baz=qux'
});
Which can be successfully posted to http://requestb.in/, for examination:
PUT /1bfk94g1 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; GoogleDocs; script; +http://docs.google.com)
Host: requestb.in
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Connection: keep-alive
Accept-Encoding: gzip
Accept: */*
foo=bar&baz=qux
But fails when the request URL is https://user:password#sitename.com/api. The only error information shown is Bad request: https://user:password#sitename.com/api.
I've constructed a curl command which yields the exact same HTTP request:
curl -XPUT \
-H 'Accept-Encoding: gzip' \
--user-agent 'Mozilla/5.0 (compatible; GoogleDocs; script; +http://docs.google.com)' \
-d foo='bar' \
-d baz='qux'\
https://user:password#sitename.com/api
Which successfully posts to https://user:password#sitename.com/api. How can two identical requests have different outcomes? Am I missing something with regards to my Google Apps Script? I've tried using the debugger, but it didn't help.
It appears that UrlFetchApp doesn't yet support requests with credentials in the URL. The Authorization HTTP header needs to be built manually. The following works:
var response = UrlFetchApp.fetch('https://sitename.com/api', {
headers: {
'Authorization': 'Basic ' + Utilities.base64Encode(user + ':' + password)
}
});