Is there any element in SABRE Webservices TravelItineraryRead v3.5 that indicates a stored fare is refundable or non refundable besides parsing out text in the endorsements?
There is no specific element to indicate whether or not the fare is refundable on the PQ.
You'd need to do that from the endorsements' string as you mention.
TravelItineraryReadRQ API will be decommissioned; please use GetReservationRQ API instead.
Might be you will get something in the new API that indicates a stored fare is refundable or non refundable
Related
We have a payment successful page where we read the query string ?paid=yes.
If paid=yes then we show the payment sucessfull message etc. Otherwise payment failed.
What's the best way to:
Validate ?paid=yes query string is valid? In other words, how can we stop people from manually manipulating query string ?
Set query string expiry time or set attempt (max 1)?
Thanks.
As usual: never trust user input. The only difference between a request with ?paid=yes or not in the querystring would be the message you show. You have to find a different way to validate the payment by communicating with the payment provider directly to check the result.
In my opinion you cant validate a payment in a query, I would instead give the client a ticket, so now the query would be ?ticket=UUID, where uuid can be generated with GUID class Giud.NewGuid().
now in the database of your server you should create the ticket too and a boolean field indicating if the payment is done.
I'm using Spring MVC and I have a REST API.
I need some informations, for example, Date, Person ... but I have another information where I'll put to add information where will be text.
For example:
/addtimesheetjson/{idusuario}/{data}/{latitude}/{longitude}/{other}
{other} can be (for example): lorem/ipsum/dolar/ -- the user can put any text there.
When the user sends the information, my system will give error because there are a lot "/".
My question is, how can I pass text where my Spring MVC understand that "/" is information instead of a path of my REST?
Spring will not handle your case very well and escaping doesn't solve it unfortunately. You will need to find another way to pass the value of other. You can add a header to the request e.g. X-OTHER: /lorem/ipsum/dolar
I know that in most MVC frameworks, for example, both query string params and form params will be made available to the processing code, and usually merged into one set of params (often with POST taking precedence). However, is it a valid thing to do according to the HTTP specification? Say you were to POST to:
http://1.2.3.4/MyApplication/Books?bookCode=1234
... and submit some update like a change to the book name whose book code is 1234, you'd be wanting the processing code to take both the bookCode query string param into account, and the POSTed form params with the updated book information. Is this valid, and is it a good idea?
Is it valid according HTTP specifications ?
Yes.
Here is the general syntax of URL as defined in those specs
http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
There is no additional constraints on the form of the http_URL. In particular, the http method (i.e. POST,GET,PUT,HEAD,...) used don't add any restriction on the http URL format.
When using the GET method : the server can consider that the request body is empty.
When using the POST method : the server must handle the request body.
Is it a good idea ?
It depends what you need to do. I suggest you this link explaining the ideas behind GET and POST.
I can think that in some situation it can be handy to always have some parameters like the user language in the query part of the url.
I know that in most MVC frameworks, for example, both query string params and form params will be made available to the processing code, and usually merged into one set of params (often with POST taking precedence).
Any competent framework should support this.
Is this valid
Yes. The POST method in HTTP does not impose any restrictions on the URI used.
is it a good idea?
Obviously not, if the framework you are going to use is still clue-challenged. Otherwise, it depends on what you want to accomplish. The major use case (redirection of a data subset to a new POST target) has been irretrievably broken by browser implementations (all mechanically following the broken lead of Mosaic/Netscape), so the considerations here are mostly theoretical.
I am using alfresco default web script to get a ticket for a user but i am not sure till when this obtained ticket is valid.
Also i am extracting ticket is from obtained XML response of alfresco default login web script.
Does a ticket has any expiry date or once a ticket is obtained, it will not expire till session expiry?
The following property set on the Alfresco repository, along with its default value, configures the ticket life span to be one hour:
authentication.ticket.validDuration=P1H
You can override such property in the usual way. Meaningful values are described in the Duration class:
* The lexical representation of duration is
* PnYnMnDTnHnMnS.
*
* P is a literal value that starts the expression
* nY is an integer number of years followed by the literal Y
* nM is an integer number of months followed by the literal M
* nD is an integer number of days followed by the literal D
* T is the literal that separates the date and time
* nH is an integer number of hours followed by a literal H
* nM is an integer number of minutes followed by a literal M
* nS is a decimal number of seconds followed by a literal S
Please note that by default successful usages of a ticket will renew its validity, meaning that given a ticket validity of one hour, if you authenticate, say, a web script call using the ticket after 59m from its generation, its validity will be extended to another hour.
As the ticket lifecycle is completely configurable, have a look at the ticketComponent Spring bean defined in authentication-services-context.xml to see the available options (e.g. setting oneOff to true to only allow one single use of a given ticket).
The best way to handle alfresco authentication tickets is to handle it manually. E.g. for getting a ticket, use OOTB web script.
http://localhost:8080/alfresco/service/api/login?u=admin&pw=admin
which return ticket such as TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9 (needs to be extracted).
Now when using this ticket for any kind of operation, try to verify ticket validity using OOTB alfresco web script.Note that this is a HTTP GET method based web script
GET /alfresco/service/api/login/ticket/{ticket}
http://localhost:8080/alfresco/service/api/login/ticket/TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9?alf_ticket=TICKET_29ced6613a114294fa4bb9e67b663112076f3d9
Thing to note here is that you need to authenticate this web script also by appending ?alf_ticket={ALFRESCO_TICKET} without which it will not work.
Finally when you are done with your things, always log out using OOTB alfresco logout web script. Note that this is a HTTP DELETE method based web script
DELETE /alfresco/service/api/login/ticket/{ticket}).
http://localhost:8080/alfresco/service/api/login/ticket/TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9?alf_ticket=TICKET_29ced6613a114294fa4bb9e67bf663112076f3d9
Again you need to authenticate this web script also by appending ?alf_ticket={ALFRESCO_TICKET} without which it will not work.
This way you can ensure proper authentication as well as system will not be overburdened with stale tickets.
P.S. http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference#Logout
I am storing response from openid provider using
NameValueCollection query = HttpContext.Current.Request.QueryString;
I am sending request for emailid as
"&openid.ax.type.email=" +
HttpUtility.UrlEncode("http://schema.openid.net/contact/email"))
but receiving emailid in openid.ext1.value.email in some case and openid.ax.value.email in others.
There is a similar question, which I answered.
You must check everything starting with "openid.ns." and search for the correct namespace.
You can't depend on it being ax, ext1, or anything else.
Additionally, you can't depend on the name being "email", you still have to check what it's named by checking namespaces in openid.ax.type. (where ax can be any alias, see above)