Search Results

Search found 367 results on 15 pages for 'authorize'.

Page 13/15 | < Previous Page | 9 10 11 12 13 14 15  | Next Page >

  • User must have accepted TOS - Facebook Graph API error when posting photos to group page

    - by user370309
    Hi all, I've been struggling to upload an image from the user's computer and posted to our group page using the Facebook Graph API. I was able to send a post request to facebook with the image however, I'm getting this error back: ERROR: (#200) User must have accepted TOS. To some extent, I don't believe that I need the user to authorize himself as the photo is being uploaded to our group page. This below, is the code i'm using: if($albumId != null) { $args = array( 'message' = $description ); $args[basename($photoPath)] = '@' . realpath($photoPath); $ch = curl_init(); $url = 'https://graph.facebook.com/'.$albumId.'/photos?'.$token; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $args); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $data = curl_exec($ch); $photoId = json_decode($data, true); if(isset($photoId['error'])) die('ERROR: '.$photoId['error']['message']); $temp = explode('.', sprintf('%f', $photoId['id'])); $photoId = $temp[0]; return $photoId; } Can somebody tell me if I need to request extra permissions from the user or what i'm doing wrong? Thanks very much!

    Read the article

  • How to stop MVC caching the results of invoking and action method?

    - by Trey Carroll
    I am experiencing a problem with IE caching the results of an action method. Other articles I found were related to security and the [Authorize] attribute. This problem has nothing to do with security. This is a very simple "record a vote, grab the average, return the avg and the number of votes" method. The only slightly interesting thing about it is that it is invoked via Ajax and returns a Json object. I believe that it is the Json object that is getting catched. When I run it from FireFox and watch the XHR traffic with Firebug, everything works perfectly. However, under IE 8 the "throbber" graphic doesn't ever have time to show up and the page elements that display the "new" avg and count that are being injected into the page with jQuery are never different. I need a way to tell MVC to never cache this action method. This article seems to address the problem, but I cannot understand it: http://stackoverflow.com/questions/1441467/prevent-caching-of-attributes-in-asp-net-mvc-force-attribute-execution-every-tim I need a bit more context for the solution to understand how to extend AuthorizationAttribute. Please address your answer as if you were speaking to someone who lacks a deep understanding of MVC even if that means replying with an article on some basics/prerequisites that are required. Thanks, Trey Carroll

    Read the article

  • I am Unable to Post Xml to Linkedin Share API

    - by Vijesh V.Nair
    I am using Delphi 2010, with Indy 10.5.8(svn version) and oAuth.pas from chuckbeasley. I am able to collect token with app key and App secret, authorize token with a web page and Access the final token. Now I have to post a status with Linkedin’s Share API. I am getting a unauthorized response. My request and responses are giving bellow. Request, POST /v1/people/~/shares HTTP/1.0 Content-Encoding: utf-8 Content-Type: text/xml; charset=us-ascii Content-Length: 999 Authorization: OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D" Host: api.linkedin.com Accept: text/html, */* Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library) %3C%3Fxml+version=%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%253Cshare%253E%253Ccomment%253E83%2525%2520of%2520employers%2520will%2520use%2520social%2520media%2520to%2520hire%253A%252078%2525%2520LinkedIn%252C%252055%2525%2520Facebook%252C%252045%2525%2520Twitter%2520%255BSF%2520Biz%2520Times%255D%2520http%253A%252F%252Fbit.ly%252FcCpeOD%253C%252Fcomment%253E%253Ccontent%253E%253Ctitle%253ESurvey%253A%2520Social%2520networks%2520top%2520hiring%2520tool%2520-%2520San%2520Francisco%2520Business%2520Times%253C%252Ftitle%253E%253Csubmitted-url%253Ehttp%253A%252F%252Fsanfrancisco.bizjournals.com%252Fsanfrancisco%252Fstories%252F2010%252F06%252F28%252Fdaily34.html%253C%252Fsubmitted-url%253E%253Csubmitted-image-url%253Ehttp%253A%252F%252Fimages.bizjournals.com%252Ftravel%252Fcityscapes%252Fthumbs%252Fsm_sanfrancisco.jpg%253C%252Fsubmitted-image-url%253E%253C%252Fcontent%253E%253Cvisibility%253E%253Ccode%253Eanyone%253C%252Fcode%253E%253C%252Fvisibility%253E%253C%252Fshare%253E Response, HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 x-li-request-id: K14SWRPEPL Date: Sat, 23 Jun 2012 08:07:17 GMT Vary: * x-li-format: xml Content-Type: text/xml;charset=UTF-8 Content-Length: 341 Connection: keep-alive <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <error> <status>401</status> <timestamp>1340438838344</timestamp> <request-id>K14SWRPEPL</request-id> <error-code>0</error-code> <message>[unauthorized]. OAU:xxx|nnnnn|*01|*01:1340438599:Pz8/Pz8/Pz9ePzkxPyc/DD82Pz8=</message> </error> Please help. Regards, Vijesh Nair

    Read the article

  • Athentication Problem - not recognizing 'else' - Ruby on rails...

    - by bgadoci
    I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login. Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %) but I need it to say 'failed login' and redirect to login path. Here is my code: SessionsController class SessionsController < ApplicationController def create if session[:password] = params[:password] flash[:notice] = 'Successfully logged in' redirect_to posts_path else flash[:notice] = "whoops" redirect_to login_path end end def destroy reset_session flash[:notice] = 'Successfully logged out' redirect_to posts_path end end ApplicationController class ApplicationController < ActionController::Base helper_method :admin? protected def authorize unless admin? flash[:error] = "unauthorized request" redirect_to posts_path false end end def admin? session[:password] == "string0826" end helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details # end

    Read the article

  • What is wrong with my Basic Authentication in my Browser?

    - by Pure.Krome
    Hi folks, i'm trying to goto the following url :- http://user1:pass1@localhost:1234/api/users?format=xml nothing to complex. Notice how i've got the username/password in the url? this, i believe, is for basic authentication. When I do that, the Request Headers are MISSING the 'Authorize' header. Er... that's not right :( I have anonymous authentication only setup on the site. I don't want to have anon off and basic turned on .. because not all of the site requires basic.. only a few action methods. So .. why is this not working? Is this something to do with the fact my code is not sending a 401 challenge or some crap? For What It's Worth, my site is ASP.NET MVC1 running on IIS7 (and the same thing happens when i run it on cassini). Update: If this is an illegal way of calling a resource using basic auth (ala security flaw) .. then is this possible to do, for an ASP.NET MVC website .. per action method (and not the entire site, per say)?

    Read the article

  • Kerberos and/or other authentication systems - One time logon for all PHP scripts

    - by devviedev
    I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking for, in order of importance: Easy PHP implementation (storing/reading easily roles, etc.). Redundant, if possible. If an auth system goes down everyone is not locked out. Has clients for Windows and Mac. Easy web-based administration (adding/removing users/roles, changing passwords). If not, I can build an administration system without too much effort. One-time log on. I'd also like, when an auth token is issued, to store the user's IP address and use that to authorize the user for some non web-based applications. For that reason, I'd like a desktop client to issue the token and revoke tokens when, for example, the user becomes idle at their workstation. I'm thinking Kerberos might be a solution, but what are other options?

    Read the article

  • Authentication Problem - not recognizing 'else' - Ruby on rails...

    - by bgadoci
    I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login. Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %) but I need it to say 'failed login' and redirect to login path. Here is my code: SessionsController class SessionsController < ApplicationController def create if session[:password] = params[:password] flash[:notice] = 'Successfully logged in' redirect_to posts_path else flash[:notice] = "whoops" redirect_to login_path end end def destroy reset_session flash[:notice] = 'Successfully logged out' redirect_to posts_path end end ApplicationController class ApplicationController < ActionController::Base helper_method :admin? protected def authorize unless admin? flash[:error] = "unauthorized request" redirect_to posts_path false end end def admin? session[:password] == "123456" end helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details # end

    Read the article

  • GET Trello JSON to put in a string var

    - by Verber
    I'm trying to get the JSON that a TRELLO API Url returns and put it into a string. On my own private board I am getting "401 Unauthorized". But the Trello Api doesn't seem to give any way to authorize a user through the URL. If I try a public board I get "XMLHttpRequest cannot load https://api.trello.com/1/board/4d5ea62fd76aa1136000000c?key=68d02bf40d2ad57dd9eb418eb15f9564. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers." This is my code: <body> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js"> </script> <script> var list = $.getJSON(" https://api.trello.com/1/board/4d5ea62fd76aa1136000000c? key=68d02bf40d2ad57dd9eb418eb15f9564"); document.getElementById('print').innerHTML = list; </script> <div id="print"> </div> </body>

    Read the article

  • Facebook Application with PHP running loosing session

    - by ArneRie
    Iam trying to build an Facebook Application based on PHP. The Application is running under php on my own Webhost inside an Canvas as iFrame. I have included the newest Client Library for PHP from Facebook: facebook-php-sdk-94fcb13 To Authorize the user inside my application iam trying to use Facebook Connect, like the example shipped with the Client. Everything works fine the 1st Login, but when i hit the F5 Key to reload the page, the session is lost and i have to login again. When i call my application outside of the Facebook Canvas everything is fine. Iam not sure, but i think my Browser (Chrome/FireFox - Ubuntu) is not allowing to store an cookie inside an iFrame. Does someone knows an solution for this Problem? Here are some Parts of the Sourcecode: $facebook = new Facebook(array( 'appId' => 'x', 'secret' => 'x', 'cookie' => 'true', )); $session = $facebook->getSession(); $facebook->setSession($session); $me = null; // Session based API call. if ($session) { try { $uid = $facebook->getUser(); $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } } // login or logout url will be needed depending on current user state. if ($me) { $logoutUrl = $facebook->getLogoutUrl(); } else { $loginUrl = $facebook->getLoginUrl(); }

    Read the article

  • How does MVC ViewData work?

    - by Matt
    I am toying around with an MVC application just to learn the technology. I am mocking up a check register application that keeps track of a checking account, what has cleared the bank and what has not. I am using EF for my model and everything seems to be working correctly insofar as Edit, Create, etc. However, I have a couple of totals at the top. One to show the bank's balance and another to show the actual balance. It works most of the time but when I do Edit's it does not always accurately reflect the new total and I need it to update everytime a change is made (i.e when something clears the bank): [Authorize(Roles = "admin, checkUser")] public ActionResult Index() { var resultSet = from myChecking in chk.tblCheckings orderby myChecking.id descending select myChecking; ViewData.Model = resultSet.Take(45).ToList(); //for balances var actualBalance = from theChecking in chk.tblCheckings select theChecking.deposit - theChecking.withdrawal; var bankBalance = from theChecking in chk.tblCheckings where theChecking.cleared == true select theChecking.deposit - theChecking.withdrawal; //get bank balance ViewData["bankBalance"] = bankBalance.Sum(); //get actual balance ViewData["actualBalance"] = actualBalance.Sum(); return View(); } I am showing the actual and other balance in the Index view as follows: <td colspan="9" style="text-align: center; font-size: 11pt; color: white;"> <%= string.Format("Bank Balance: {0:c}", ViewData["bankBalance"]) %> ------ <%= string.Format("Actual Balance: {0:c}", ViewData["actualBalance"]) %> </td>

    Read the article

  • Simple continuously running XMPP client in python

    - by tom
    I'm using python-xmpp to send jabber messages. Everything works fine except that every time I want to send messages (every 15 minutes) I need to reconnect to the jabber server, and in the meantime the sending client is offline and cannot receive messages. So I want to write a really simple, indefinitely running xmpp client, that is online the whole time and can send (and receive) messages when required. My trivial (non-working) approach: import time import xmpp class Jabber(object): def __init__(self): server = 'example.com' username = 'bot' passwd = 'password' self.client = xmpp.Client(server) self.client.connect(server=(server, 5222)) self.client.auth(username, passwd, 'bot') self.client.sendInitPresence() self.sleep() def sleep(self): self.awake = False delay = 1 while not self.awake: time.sleep(delay) def wake(self): self.awake = True def auth(self, jid): self.client.getRoster().Authorize(jid) self.sleep() def send(self, jid, msg): message = xmpp.Message(jid, msg) message.setAttr('type', 'chat') self.client.send(message) self.sleep() if __name__ == '__main__': j = Jabber() time.sleep(3) j.wake() j.send('[email protected]', 'hello world') time.sleep(30) The problem here seems to be that I cannot wake it up. My best guess is that I need some kind of concurrency. Is that true, and if so how would I best go about that? EDIT: After looking into all the options concerning concurrency, I decided to go with twisted and wokkel. If I could, I would delete this post.

    Read the article

  • Facebook Application with PHP running losing session

    - by ArneRie
    Iam trying to build an Facebook Application based on PHP. The Application is running under php on my own Webhost inside an Canvas as iFrame. I have included the newest Client Library for PHP from Facebook: facebook-php-sdk-94fcb13 To Authorize the user inside my application iam trying to use Facebook Connect, like the example shipped with the Client. Everything works fine the 1st Login, but when i hit the F5 Key to reload the page, the session is lost and i have to login again. When i call my application outside of the Facebook Canvas everything is fine. Iam not sure, but i think my Browser (Chrome/FireFox - Ubuntu) is not allowing to store an cookie inside an iFrame. Does someone knows an solution for this Problem? Here are some Parts of the Sourcecode: $facebook = new Facebook(array( 'appId' => 'x', 'secret' => 'x', 'cookie' => 'true', )); $session = $facebook->getSession(); $facebook->setSession($session); $me = null; // Session based API call. if ($session) { try { $uid = $facebook->getUser(); $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } } // login or logout url will be needed depending on current user state. if ($me) { $logoutUrl = $facebook->getLogoutUrl(); } else { $loginUrl = $facebook->getLoginUrl(); }

    Read the article

  • Getting broken link error whle Using App Engine service accounts

    - by jade
    I'm following this tutorial https://developers.google.com/bigquery/docs/authorization#service-accounts-appengine Here is my main.py code import httplib2 from apiclient.discovery import build from google.appengine.ext import webapp from google.appengine.ext.webapp.util import run_wsgi_app from oauth2client.appengine import AppAssertionCredentials # BigQuery API Settings SCOPE = 'https://www.googleapis.com/auth/bigquery' PROJECT_NUMBER = 'XXXXXXXXXX' # REPLACE WITH YOUR Project ID # Create a new API service for interacting with BigQuery credentials = AppAssertionCredentials(scope=SCOPE) http = credentials.authorize(httplib2.Http()) bigquery_service = build('bigquery', 'v2', http=http) class ListDatasets(webapp.RequestHandler): def get(self): datasets = bigquery_service.datasets() listReply = datasets.list(projectId=PROJECT_NUMBER).execute() self.response.out.write('Dataset list:') self.response.out.write(listReply) application = webapp.WSGIApplication( [('/listdatasets(.*)', ListDatasets)], debug=True) def main(): run_wsgi_app(application) if __name__ == "__main__": main() Here is my app.yaml file code application: bigquerymashup version: 1 runtime: python api_version: 1 handlers: - url: /favicon\.ico static_files: favicon.ico upload: favicon\.ico - url: .* script: main.py And yes i have added app engine service account name in google api console Team tab with can edit permissions. When upload the app and try to access the link it says Oops! This link appears to be broken. Ealier i ran this locally and tried to access it using link localhost:8080.Then i thought may be running locally might be giving the error so i uploaded my code to http://bigquerymashup.appspot.com/ but still its giving error.

    Read the article

  • Facebook offline access step-by-step

    - by Ben
    After searchinge litteraly 1 day on fb and google for an up-to-date and working way to do something seemingly simple: I am looking for a step-by-step explanation to get offline_access for a user for a facebook app and then using this (session key) to retrieve offline & not within a browser friends & profile data. Preferrably doing this in the Fb Java API. Thanks. And yes I did check the facebook wiki. Update: Anyone? this: http://www.facebook.com/authorize.php?api_key=<api-key>&v=1.0&ext_perm=offline_access gives me offline_Access, however how to retrieve the session_key? Why can't facebook just do simple documentation, I mean there are like 600 people working there? The seemingly same question: http://stackoverflow.com/questions/617043/getting-offlineaccess-to-work-with-facebook Does not answer how to retrieve the session key Edit: I am still stuck with that. I guess nobody really tried such a batch access out yet...

    Read the article

  • Multi-account sync with Dropbox API

    - by Dan
    I'm trying to create a web app that lets users share files with each other through Dropbox. At the moment, Dropbox handles all the sharing, and there's one central Dropbox account running on the web server that shares the folder with the people who want it. I'm trying to change it so people don't have to accept a new folder invitation each time. I'd like to have them authorize my app to access an app folder in their Dropbox account, and all their shared folders would go inside there. Any changes they make would get noticed by the app on the server and synced to everyone else's folders. There's a couple things I'm having trouble figuring out to make this work: Do I need to make repeated calls to /delta for every account? I can't think how else I'd do this, but that sounds like it would quickly turn into thousands of requests a minute just polling for updates. When someone adds a file, do I have to upload it once for each account? That seems like a huge waste of bandwidth. I've looked into using /copy_ref, which I think would add a file to another user's account without my app ever touching it, but my app's web interface also allows users to upload files directly to my server, which would then need to be synced with everyone else's folders. That file isn't on Dropbox's servers yet, so /copy_ref obviously wouldn't work. For a little extra context, my app is written in node.js, and I've been playing with this library to interface with Dropbox, which uses their REST API.

    Read the article

  • web service client authentication

    - by Jack
    I want to consume Java based web service with c#.net client. The problem is, I couldnt authenticate to the service. it didnt work with this: mywebservice.Credentials = new System.Net.NetworkCredential(userid, userpass); I tried to write base class for my client method. public class ClientProtocols : SoapHttpClientProtocol { protected override WebRequest GetWebRequest(Uri uri) { System.Net.WebRequest request = base.GetWebRequest(uri); if (null != Credentials) request.Headers.Add("Authorization", GetAuthHeader()); return request; } protected override WebResponse GetWebResponse(WebRequest request) { WebResponse response = base.GetWebResponse(request); return response; } private string GetAuthHeader() { StringBuilder sb = new StringBuilder(); sb.Append("Basic "); NetworkCredential cred = Credentials.GetCredential(new Uri(Url), "Basic"); string s = string.Format("{0}:{1}", cred.UserName, cred.Password); sb.Append(Convert.ToBase64String(Encoding.ASCII.GetBytes(s))); return sb.ToString(); } } How can I use this class and authorize to the web service? Thanks.

    Read the article

  • How can I bind a simple Javascript array to an MVC3 controller action method?

    - by Sergio Tapia
    Here is the javascript code I use to create the array and send it on it's way: <script type="text/javascript" language="javascript"> $(document).ready(function () { $("#update-cart-btn").click(function() { var items = []; $(".item").each(function () { var productKey = $(this).find("input[name='item.ProductId']").val(); var productQuantity = $(this).find("input[type='text']").val(); items[productKey] = productQuantity; }); $.ajax({ type: "POST", url: "@Url.Action("UpdateCart", "Cart")", data: items, success: function () { alert("Successfully updated your cart!"); } }); }); }); </script> The items object is properly constructed with the values I need. What data type must my object be on the backend of my controller? I tried this but the variable remains null and is not bound. [Authorize] [HttpPost] public ActionResult UpdateCart(object[] items) // items remains null. { // Some magic here. return RedirectToAction("Index"); }

    Read the article

  • What exactly can "Full Control" with SharePoint Designer accomplish?

    - by Brian L.
    I've been brought in as an intern to develop a SharePoint site. My team won't authorize the budget for Visual Studio and I don't have physical or remote access to the SharePoint server (running Windows SharePoint Services 3.0 a.k.a. WSS) on the back-end. So what exactly can I do? I'm a pretty decent programmer when it comes to web technologies like PHP, JS and the obvious HTML and CSS. In an environment like this locked-down SharePoint though, I'm stumped trying to figure out how much control I have with MS's definition of "Full Control". If I figured out a way to write some C#, I'm pretty sure I could handle my own, but as I said no Visual Studio for me. Any good ideas of features that people will use on a site built with the limited functionality of WSS and SharePoint Designer with "Full Control"? Can I somehow manipulate the default Web Parts into something cool or useful? Are there Ajax tricks I can do to accomplish something on the back-end? Thanks in advance, I'm new to StackOverflow and very anxious to get involved here!

    Read the article

  • ActionController::RoutingError (No route matches {:action=>"show", :controller=>"users", :id=>nil}):

    - by Matt Bishop
    I have been trying to fix this routing error for a long time. I would appreciate any assistance! This error is preventing me from being able to authenticate. Here is what I am getting in my Heroku logs. app/controllers/authentications_controller.rb:12:in `create' ActionController::RoutingError (No route matches {:action=>"show", :controller=>"users", :id=>nil}) Here is the routes.rb file: Company::Application.routes.draw do resources :profile_individual resources :careers match 'careers' => 'careers#index' match 'about' => 'about#index' constraints(:subdomain => /^$|www/) do devise_for :users resources :authentications, :identities #, :beta_invitations resources :users do resources :invitations, :controller => 'UserInvitation' do post :upload, :on => :collection get :email_template, :on => :collection get :plaintext_template, :on => :collection get :facebook_invitation, :on => :collection end member do get :summary get :recruits get :friends_events get :events_near_me get :recent_activity get :impact get :campaigns end end resources :password_resets do get 'password_reset' => 'password_resets#show', :as => 'password_reset' end resources :events, :only => [:new, :index, :create] resources :organizations, :only => [:index, :create] resources :orders do post :ipn, :on => :member resource :payment do member do post :relay_response get :receipt end end resource :paypal_integration do member do get :authorize get :cancel post :finalize end end end match '/users/:id/impact/money/:d' => 'users#impact_money_graph', :constraints => {:d => /\d+{4}_\d+{2}-\d+{2}/}, :as => :user_impact_money match '/users/:id/impact/money' => 'users#impact_money_graph', :as => :user_impact_money match '/users/:id/impact/recruits/:d' => 'users#impact_recruits_graph', :constraints => {:d => /\d+{4}_\d+{2}-\d+{2}/}, :as => :user_impact_recruits match '/users/:id/impact/recruits' => 'users#impact_recruits_graph', :as => :user_impact_recruits match '/auth/failure' => 'authentications#failure' match '/auth/:provider/callback' => 'authentications#create' match '/auth/:provider/callback' => 'authentications#show', :controller => 'users', :as => :login match '/logout' => 'authentications#destroy', :as => :logout match '/login' => 'authentications#new', :as => :login match "/join_team/:id" => "team_members#join", :as => :join_team match "/rsvp/:id" => "rsvps#show", :as => :rsvp match "/signup" => 'authentications#signup', :as => :signup match "/beacon/:id.gif" => "email_beacons#show", :as => :email_beacon root :to => "homes#show" match '/corporate_giving' => "homes#corporate_giving" end constraints(Subdomain) do resource :organization, :path => "/", :only => [:edit, :update] do member do get :org_photos_videos get :org_recent_activity end end resources :events, :except => [:index] do post :publish, :on => :member resource :supporter_invite resource :team_management do post :mailer, :on => :member end resource :team_member do post :invite, :on => :member end resource :rsvp do put :make_order, :on => :collection get :make_order, :on => :collection end resources :invites do post :upload, :on => :collection end resources :ticket_tiers, :team_members end match "/events" => redirect("/") root :to => "organizations#show" end namespace :admin do resources :stats resources :organizations resources :campaigns do resources :rewards resources :contents put :header, :action => 'header_update' end resources :users do member do post :grant_access post :revoke_access end end resources :nonprofits do member do put :approve put :revoke end end end resources :campaigns do get :find_charities, :on => :collection get :how_many_charities, :on => :collection member do post :join get :join post :header, :action => 'header_creation' put :header, :action => 'header_update' end resources :rewards resources :contents resource :donations do resource :paypal_integration, :controller => 'donations' do member do get :authorize get :cancel post :finalize end end end end match '/campaigns/:id/graph/:d' => 'campaigns#graph', :constraints => {:d => /\d+{4}_\d+ {2}-\d+{2}/}, :as => :graph_campaign match '/campaigns/:id/graph' => 'campaigns#graph', :as => :graph_campaign resources :business_campaigns, :controller => 'campaigns' resources :businesses do put :logo, :on => :collection, :action => 'upload_logo' member do get :summary get :recruits get :friends_events get :events_near_me get :recent_activity get :impact get :campaigns end end resources :nonprofit_campaigns, :controller => 'campaigns' resources :nonprofits do put :logo, :on => :collection, :action => 'upload_logo' member do get :summary get :recruits get :friends_events get :events_near_me get :recent_activity get :impact get :campaigns get :supporting_campaigns end end resources :publicities match '/campaigns/:campaign_id/rewards/:id' => 'campaigns#reward', :via => :get match "/robots.txt" => "application#robots_txt" match "/beta_invitations" => redirect('/') resource :sitemap resources :referrals end Here is my authentications_controller.rb file class AuthenticationsController < ApplicationController skip_before_filter :require_beta_access before_filter :redirect_to_profile_if_logged_in, :only => [:create, :new] layout :resolve_layout def create omniauth = request.env["omniauth.auth"] authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid']) if authentication && authentication.user.present? sign_in(:user, authentication.user) redirect_to session[:redirect_to] || user_path(current_user, :subdomain => nil) elsif current_user current_user.authentications.create!(:provider => omniauth['provider'], :uid => omniauth['uid']) redirect_to session[:redirect_to] || user_path(current_user, :subdomain => nil) else user = User.new user.apply_omniauth(omniauth) logger.debug "=======================auth=============================" logger.debug session[:referrer_token] logger.debug "========================================================" if session[:referrer_token] publicity = Publicity.find_by_token(session[:referrer_token]) user.invited_by = publicity user.recruited_by = publicity end if user.save sign_in(user) unless session[:redirect_to] session[:referrer_token] = nil end redirect_to session[:redirect_to] || user_path(current_user, :subdomain => nil) #redirect_to session[:redirect_to] || campaigns_url(:tc => request.env['omniauth.params']['tc']) #tc is for AB testing else session[:omniauth] = omniauth.except('extra') redirect_to signup_path end end end def failure flash[:error] = "Please check your email and password and try again" redirect_to login_path end def destroy reset_session redirect_to root_path end def signup # end private def redirect_to_profile_if_logged_in redirect_to user_path(current_user.permalink) if current_user end def resolve_layout case action_name when "new", "signup" "authentication" else "selfcontained" end end end I am adding my appplication_controller.rb too: class ApplicationController < ActionController::Base #Wrote by George for beta users -before_filter :require_beta_access before_filter :save_referrer_token protect_from_forgery helper_method :organization_admin?, :team_member?, :profile_url, :current_profile def set_headers # Set our headers here end def save_referrer_token #session.delete(:referrer_token) if params[:ref] publicity = Publicity.find_by_token(params[:ref]) logger.debug "========================================================" logger.debug current_profile.nil? logger.debug publicity.creator logger.debug current_profile logger.debug current_profile != publicity.creator session[:referrer_token] = params[:ref] if current_profile.nil? or publicity.creator != current_profile logger.debug session[:referrer_token] logger.debug "========================================================" end end def robots_txt robots = File.read(Rails.root + "public/robots.#{Rails.env}.txt") render :text => robots, :layout => false, :content_type => "text/plain" end def load_organization @organization = Organization.find_by_permalink(request.subdomain) raise ActiveRecord::RecordNotFound if @organization.nil? end def require_user unless current_user session[:redirect_to] = request.url redirect_to login_url(:host => request.domain) end end def require_beta_access if !current_user redirect_to root_url(:host => request.domain) elsif !current_user.beta_access? redirect_to new_beta_invitation_url(:host => request.domain) end end def require_organization_admin unless organization_admin? redirect_to root_url(:subdomain => @organization.permalink) end end def team_member? if current_user && @event.team_memberships.where(:user_id => current_user.id).count != 0 true end end def organization_admin? if current_user && current_user.beta_access? && @organization && @organization.memberships.where(:user_id => current_user.id, :role => 'admin').count != 0 true end end def profile_url(profile, opt = nil) if profile == current_user user_url(profile, :host => opt[:host]) elsif profile.is_a? BusinessProfile business_url(profile) elsif profile.is_a? NonprofitProfile nonprofit_url(profile) end end def set_current_profile(profile) session[:current_profile] = profile end def current_user @current_user ||= User.find_by_auth_token!(cookies[:auth_token]) if cookies[:auth_token] end def current_profile #if session session[:current_profile] || current_user #else # nil #end end IGIVEMORE_HTML5_OPTIOINS = { :style => 'z-index: 0;',:width => '290', :height => '200', :frameborder => '0', :url_params => {:wmode=>"opaque"} } def campaign_header_body(camp, opt = IGIVEMORE_HTML5_OPTIOINS) if camp.header_type == Campaign::HEADER_YOUTUBE youtube_html5(camp.header_url, opt).html_safe elsif camp.header_type == Campaign::HEADER_IMAGE "<img src=\"#{camp.header_url}\" width=\"#{opt[:width]}\" height=\"#{opt[:height]}\"/>'".html_safe else "Unsupported Type!!" end end def youtube_html5(url, opt) begin video = YouTubeIt::Client.new.video_by(url) video.embed_html5(opt).gsub(/http:\/\//,"https://") rescue => e "<div style='color:red; width:290px; height:100px; padding-top:100px'>Given Video URL has problem.</div>" end end end

    Read the article

  • How should I secure my webapp written using Wicket, Spring, and JPA?

    - by Martin
    So, I have an web-based application that is using the Wicket 1.4 framework, and it uses Spring beans, the Java Persistence API (JPA), and the OpenSessionInView pattern. I'm hoping to find a security model that is declarative, but doesn't require gobs of XML configuration -- I'd prefer annotations. Here are the options so far: Spring Security (guide) - looks complete, but every guide I find that combines it with Wicket still calls it Acegi Security, which makes me think it must be old. Wicket-Auth-Roles (guide 1 and guide 2) - Most guides recommend mixing this with Spring Security, and I love the declarative style of @Authorize("ROLE1","ROLE2",etc). I'm concerned about having to extend AuthenticatedWebApplication, since I'm already extending org.apache.wicket.protocol.http.WebApplication, and Spring is already proxying that behind org.apache.wicket.spring.SpringWebApplicationFactory. SWARM / WASP (guide) - This looks the newest (though the main contributor passed away years ago), but I hate all of the JAAS-styled text files that declare permissions for principals. I also don't like the idea of making an Action class for every single thing a user might want to do. Secure models also aren't immediately obvious to me. Plus, there isn't an Authn example. Additionally, it looks like lots of folks recommend mixing the first and second options. I can't tell what the best practice is at all, though.

    Read the article

  • facebook authentication / login trouble

    - by salmane
    I have setup facebook authentication using php and it goes something like this first getting the authorization here : https://graph.facebook.com/oauth/authorize?client_id=<?= $facebook_app_id ?>&redirect_uri=http://www.example.com/facebook/oauth/&scope=user_about_me,publish_stream then getting the access Token here : $url = "https://graph.facebook.com/oauth/access_token?client_id=".$facebook_app_id."&redirect_uri=http://www.example.com/facebook/oauth/&client_secret=".$facebook_secret."&code=".$code;" function get_string_between($string, $start, $end){ $string = " ".$string; $ini = strpos($string,$start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string,$end,$ini) - $ini; return substr($string,$ini,$len); } $access_token = get_string_between(file_get_contents($url), "access_token=", "&expires="); then getting user info : $facebook_user = file_get_contents('https://graph.facebook.com/me?access_token='.$access_token); $facebook_id = json_decode($facebook_user)->id; $first_name = json_decode($facebook_user)->first_name; $last_name = json_decode($facebook_user)->last_name; this is pretty ugly ( in my opinion ) but it works....how ever....the user is still not logged in...because i did not create or retrieve any session variables to confirm that the user is logged in to facebook... which means that after getting the authentication done the use still has to login .... first: is there a better way using php to do what i did above ? second: how do i set/ get session variable / cookies that ensure that the user doesnt have to click login thanks for your help

    Read the article

  • ASP.NET MVC - Wrong redirecting, how to debug?

    - by Xorty
    I am stuck with redirecting problem in ASP.NET MVC project. I have mapped tables via LINQtoSQL and each has unique ID as primary key. I am implementing functionallity of 'CREATE'. Basically, after new value is added into SQL table (which means I pressed Save button), I want to be redirected to Details of this freshly added item. Here's little code how I am doing it : [AcceptVerbs(HttpVerbs.Post), Authorize] public ActionResult Create(Item item) { .... return RedirectToAction("Details", new { id = item.ItemID }); Trouble is, I am never redirected to Details view (I have Details.aspx view for items). When I check CallHierarchy in Visual Studio (2010 pro) the hierarchy is indeed little strange, like this : RedirectToAction(string,object) Calls To 'RedirectToAction' Create Calls To Create (no results) Calls From Create (methods of created instance. From there I'll get back to 'RedirectToAction' and to 'Calls to Create' and 'Calls From Create' etc. etc. - loop Edit Calls From 'RedirectToAction' Not supported I am looking for some tools or more specifically 'know how' (since VS probably has some tools) to debug this kind of situations. PS: rooting is default :"{controller}/{action}/{id}", Thanks

    Read the article

  • How do I get require_login()-like functionality using the new PHP Client Library for Facebook?

    - by cc
    Howdy. I've been tasked with making a Facebook game, but I'm new to Facebook development, so I'm just getting started. Apologies in advance if this is a no-brainer to people. I'm having trouble following all the examples I see on sites, and I keep running into missing pages in the Facebook documentation when I am trying to read up. I think it's because there's a new version of the PHP Client Library for Facebook, and everything I'm finding is referring to the old client. For instance, I see this code in a lot of examples: require 'facebook.php'; $facebook = new Facebook( array( 'appId' => '(id)', 'secret' => '(secret)' ) ); $facebook_account = $facebook->require_login(); ...but there's no "require_login()" in the client library provided in the facebook.php file. From what I can tell, it looks like Facebook has very recently rolled out some new system for development, but I don't see any sample code anywhere to deal with it. The new library comes with an "example.php" file, but it appears to be only for adding "Log in with Facebook" functionality to other sites (what I'm assuming is what they mean by "Facebook Connect" sites), not for just running apps in a Canvas page on Facebook itself. Specifically, what I need to do is let users visit an application page within Facebook, have it bring up the dialog box allowing them to authorize the app, have it show up in their "games" page, and then have it pass me the relevant info about the user so I can start creating the game. But I can't seem to find any tutorials or examples that show how to do this using the new library. Seems like this should be pretty straightforward, but I'm running into roadblocks. Or am I missing something about the PHP client library? Should require_login() be working for me, and there's something broken with my implementation, such as having the wrong client library or something? I downloaded from GitHub yesterday, so I'm pretty sure I have the most recent version of the code I have, but perhaps I'm downloading the wrong "facebook.php" file...?

    Read the article

  • How can I debug PEAR auth?

    - by croceldon
    I have a directory on my site that I've implemented PEAR's Auth to run my authentication. It is working great. However, I've tried to make a copy of my site (it's going to be translated to a different language), and on this new site, the Auth process doesn't seem to be working correctly. I can login properly, but every time I try to go to a different page in the same directory, and use Auth to authorize, it forces me to login again. Here's my logic: $auth_options = array( 'dsn' => mysql://user:password@server/db', 'table' => 'users', 'usernamecol' => 'username', 'passwordcol' => 'password', 'db_fields' => '*' ); $auth = new Auth("DB", $auth_options, "login_function"); $auth->setFailedLoginCallback('bad_login'); $auth->start(); if (!$auth->checkAuth()) { die('cannot succeed in checkAuth') exit; } else { include("nocache.php"); } This is part of a file that's included in every php page I that I desire to require authentication. I can login properly once, but whenever I then try to go to a different page that requires authentication, it makes me login again (and I see the 'cannot succeed' die message at the bottom of the page). Again, this solution works fine on my original site, I copied all the files, and only changed the db server/password - it still doesn't work. And I'm using the same webhost for both. What am I doing wrong here? Or how can I debug this further?

    Read the article

  • Images in IFRAME no longer showing after I log out of Flickr?

    - by contact-kram
    I have a iframe window which displays user's flickr images. I use the flickr.photos.search api to download the user's image from flickr. This works great when the user is logged into flickr. But when I explicitly log off the user from flickr and the yahoo network and then attempt to download the flickr images, I get redirected to www.yahoo.com in a full browser window (not in my iframe). If I remember correctly, I did not have this issue when I was not using iframes and I was being redirected to the yahoo login screen. Any suggestions? To elaborate, this URI - http://www.flickr.com/services/api/auth.howto.web.html, lists the below step - Create an auth handler When users follow your login url, they are directed to a page on flickr.com which asks them if they want to authorize your application. This page displays your application title and description along with the logo, if you uploaded one. When the user accepts the request, they are sent back to the Callback URL you defined in step 2. The URL will have a frob parameter added to it. For example, if your Callback URL was http://test.com/auth.php then the user might be redirected to http://test.com/auth.php?frob=185-837403740 (The frob value in this example is '185-837403740'). This does not happen when I am in my iframe window but it does happen in my full browser window.

    Read the article

< Previous Page | 9 10 11 12 13 14 15  | Next Page >