Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

Page 65/261 | < Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >

  • PHP 5.3, using old authentication?

    - by Geir
    Hi. We're setting up a new webserver with PHP5.3 and are getting the "Error: could not connect: mysqlnd cannot connect to MySQL 4.1+ using old authentication ?" error message. After some google'ing I've found that we should set old passwords = 0 in my.cnf and reset the password(s). But we still have webservers running php 4.x & 5.2 that access the same mysql server (different users & databases), how will these be affected by this ? Will the mysql server be compatible with all the different PHP versions ? Thanks.

    Read the article

  • Consuming Web Service via Windows Authentication

    - by saravanaram
    I am just trying to consuming a web service in remote computer using windows authentication however login credentials are different in local & remote computer. Code Snippet: Dim objproxy As New WebReference.Service1 'Create a new instance of CredentialCache. Dim mycredentialCache As CredentialCache = New CredentialCache() 'Create a new instance of NetworkCredential using the client Dim credentials As NetworkCredential = New NetworkCredential("username", "pwd","domain") 'Add the NetworkCredential to the CredentialCache. 'mycredentialCache.Add(New Uri(objproxy.Url), "Basic", credentials) objproxy.Credentials = credentials It is timing out but when i use mycredentialCache.Add(New Uri(objproxy.Url), "Basic", credentials) I get "401 Unauthorized" message, Please assist.

    Read the article

  • Access Authentication

    - by youssef
    I wanna know, how I can set user name and password for each user in TortoiseSVN and I already did these steps to made repository: - Created a file then created repository in this file. - Changed " svnserve.conf " in conf file. - Then set all user and them passwd in conf file. - I changed authz to access my repository also including in conf file. I try and try to Authentication many of users for each project but as file not Http. I hope to someone help me in this issue.

    Read the article

  • Sitemap Links don't work on live site, Windows Authentication

    - by Chris
    I have a intranet site with Windows Authentication. I have 'Administrator' pages in an 'Administrator' folder that will only show for those in the admin group (windows security group) These pages work I have a folder with sub folders containing reports. These permissions are broken down for each type of report. They have similar role priveleges. When I test the application, I can navigate to the pages. When I deploy the site live on the intranet the links don't return a page. Error missing link 404. Do I need to set something in IIS?

    Read the article

  • using php Download File From a given URL by passing username and password for http authentication

    - by Acharya
    Hi all, I need to download a text file using php code. The file is having http authentication. What procedure I should use for this. Should I use fsocketopen or curl or Is there any other way to do this? I am using fsocketopen but it does not seem to work. $fp=fsockopen("www.example.com",80,$errno,$errorstr); $out = "GET abcdata/feed.txt HTTP/1.1\r\n"; $out .= "User: xyz \r\n"; $out .= "Password: xyz \r\n\r\n"; fwrite($fp, $out); while(!feof($fp)) { echo fgets($fp,1024); } fclose($fp); Here fgets is returning false. Any help!!!

    Read the article

  • Rails: authentication system based on external API

    - by Slevin
    i'm building a Rails application to extend features of an existing online Rails app. The existing Rails app provides an API for authentication. My approach: user X have an account at the existing Rails app. With these login data the user X should authenticate on my Rails app. The existing app offers a gem to connect to the API after login. Whats the best method to store the information about a successful login? Should i use sessions? Or does Rails offer better methods for this?

    Read the article

  • How to use LDAP for authentication in Tomcat with Custom Authorization

    - by djc4
    Hello, I'm using JNDIRealm with Tomcat for authentication, which at the moment works fine. However, we do not store any roles in the LDAP, so all authenticated users are not returning any roles. This sends user's to an HTTP 401 failed authorization page. I'd like to assign an "Admin" role to any and all user's who authenticate successfully. Here is my fragment from my web.xml file. SecurityConstraint Resource Resource *.jsp GET POST Admin FORM login.jsp loginError.jsp Admin Should I be using a JAASRealm with custom LoginModule? After the realm calls the authenticate() method and returns success, should I override another method to explicitly set the RolePrincipal to "Admin" so that authorization succeeds? Please help! Thanks, Andy

    Read the article

  • Rails Authlogic authentication method

    - by Rabbott
    Within Authlogic, is there a way that I can add conditions to the authentication method? I know by using the find_by_login_method I can specify another method to use, but when I use this I need to pass another parameter since the find_by_login_method method only passes the parameter that is deemed the 'login_field'. What I need to do is check something that is an association of the authentic model.. Here is the method I want to use # make sure that the user has access to the subdomain that they are # attempting to login to, subdomains are company names def self.find_by_email_and_company(email, company) user = User.find_by_email(email) companies = [] user.brands.each do |b| companies << b.company.id end user && companies.include?(company) end But this fails due to the fact that only one parameter is sent to the find_by_email_and_company method. The company is actually the subdomain, so in order to get it here I am just placing it in a hidden field in the form (only way I could think to get it to the model) Is there a method I can override somehow..?

    Read the article

  • google calendar api (java) authentication error in dynamic web project

    - by HazProblem
    org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.NoClassDefFoundError: com/google/gdata/util/AuthenticationException org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:823) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:641) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) The class i have written works fine as a normal java application, but when i try to use the code in an dynamic web project i get this authentication failure. Where´s the difference?

    Read the article

  • What causes session/forms authentication timeouts in MVC3

    - by SimpleUser
    Can somebody please let me know what are the reasons for your authentication to die suddenly, even when you are working on an application without any idle time? Both with and without AJAX calls. And what are the different reasons for getting a 302 redirect from an MVC3 application to the Logon page. Been struggling with an issue with timeouts that happen at random. Sometimes within a few minutes of login to the application and sometimes you can go for hours (with/without idle time) without being thrown out. Thank You

    Read the article

  • IIS Strategies for Accessing Secured Network Resources

    - by ErikE
    Problem: A user connects to a service on a machine, such as an IIS web site or a SQL Server database. The site or the database need to gain access to network resources such as file shares (the most common) or a database on a different server. Permission is denied. This is because the user the service is running under doesn't have network permissions in the first place, or if it does, it doesn't have rights to access the remote resource. I keep running into this problem over and over again and am tired of not having a really solid way of handling it. Here are some workarounds I'm aware of: Run IIS as a custom-created domain user who is granted high permissions If permissions are granted one file share at a time, then every time I want to read from a new share, I would have to ask a network admin to add it for me. Eventually, with many web sites reading from many shares, it is going to get really complicated. If permissions are just opened up wide for the user to access any file shares in our domain, then this seems like an unnecessary security surface area to present. This also applies to all the sites running on IIS, rather than just the selected site or virtual directory that needs the access, a further surface area problem. Still use the IUSR account but give it network permissions and set up the same user name on the remote resource (not a domain user, a local user) This also has its problems. For example, there's a file share I am using that I have full rights to for sharing, but I can't log in to the machine. So I have to find the right admin and ask him to do it for me. Any time something has to change, it's another request to an admin. Allow IIS users to connect as anonymous, but set the account used for anonymous access to a high-privilege one This is even worse than giving the IIS IUSR full privileges, because it means my web site can't use any kind of security in the first place. Connect using Kerberos, then delegate This sounds good in principle but has all sorts of problems. First of all, if you're using virtual web sites where the domain name you connect to the site with is not the base machine name (as we do frequently), then you have to set up a Service Principal Name on the webserver using Microsoft's SetSPN utility. It's complicated and apparently prone to errors. Also, you have to ask your network/domain admin to change security policy for both the web server and the domain account so they are "trusted for delegation." If you don't get everything perfectly right, suddenly your intended Kerberos authentication is NTLM instead, and you can only impersonate rather than delegate, and thus no reaching out over the network as the user. Also, this method can be problematic because sometimes you need the web site or database to have permissions that the connecting user doesn't have. Create a service or COM+ application that fetches the resource for the web site Services and COM+ packages are run with their own set of credentials. Running as a high-privilege user is okay since they can do their own security and deny requests that are not legitimate, putting control in the hands of the application developer instead of the network admin. Problems: I am using a COM+ package that does exactly this on Windows Server 2000 to deliver highly sensitive images to a secured web application. I tried moving the web site to Windows Server 2003 and was suddenly denied permission to instantiate the COM+ object, very likely registry permissions. I trolled around quite a bit and did not solve the problem, partly because I was reluctant to give the IUSR account full registry permissions. That seems like the same bad practice as just running IIS as a high-privilege user. Note: This is actually really simple. In a programming language of your choice, you create a class with a function that returns an instance of the object you want (an ADODB.Connection, for example), and build a dll, which you register as a COM+ object. In your web server-side code, you create an instance of the class and use the function, and since it is running under a different security context, calls to network resources work. Map drive letters to shares This could theoretically work, but in my mind it's not really a good long-term strategy. Even though mappings can be created with specific credentials, and this can be done by others than a network admin, this also is going to mean that there are either way too many shared drives (small granularity) or too much permission is granted to entire file servers (large granularity). Also, I haven't figured out how to map a drive so that the IUSR gets the drives. Mapping a drive is for the current user, I don't know the IUSR account password to log in as it and create the mappings. Move the resources local to the web server/database There are times when I've done this, especially with Access databases. Does the database have to live out on the file share? Sometimes, it was just easiest to move the database to the web server or to the SQL database server (so the linked server to it would work). But I don't think this is a great all-around solution, either. And it won't work when the resource is a service rather than a file. Move the service to the final web server/database I suppose I could run a web server on my SQL Server database, so the web site can connect to it using impersonation and make me happy. But do we really want random extra web servers on our database servers just so this is possible? No. Virtual directories in IIS I know that virtual directories can help make remote resources look as though they are local, and this supports using custom credentials for each virtual directory. I haven't been able to come up with, yet, how this would solve the problem for system calls. Users could reach file shares directly, but this won't help, say, classic ASP code access resources. I could use a URL instead of a file path to read remote data files in a web page, but this isn't going to help me make a connection to an Access database, a SQL server database, or any other resource that uses a connection library rather than being able to just read all the bytes and work with them. I wish there was some kind of "service tunnel" that I could create. Think about how a VPN makes remote resources look like they are local. With a richer aliasing mechanism, perhaps code-based, why couldn't even database connections occur under a defined security context? Why not a special Windows component that lets you specify, per user, what resources are available and what alternate credentials are used for the connection? File shares, databases, web sites, you name it. I guess I'm almost talking about a specialized local proxy server. Anyway, so there's my list. I may update it if I think of more. Does anyone have any ideas for me? My current problem today is, yet again, I need a web site to connect to an Access database on a file share. Here we go again...

    Read the article

  • IIS Strategies for Accessing Secured Network Resources

    - by Emtucifor
    Problem: A user connects to a service on a machine, such as an IIS web site or a SQL Server database. The site or the database need to gain access to network resources such as file shares (the most common) or a database on a different server. Permission is denied. This is because the user the service is running as doesn't have network permissions in the first place, or if it does, it doesn't have rights to access the remote resource. I keep running into this problem over and over again and am tired of not having a really solid way of handling it. Here are some workarounds I'm aware of: Run IIS as a custom-created domain user who is granted high permissions If permissions are granted one file share at a time, then every time I want to read from a new share, I would have to ask a network admin to add it for me. Eventually, with many web sites reading from many shares, it is going to get really complicated. If permissions are just opened up wide for the user to access any file shares in our domain, then this seems like an unnecessary security surface area to present. This also applies to all the sites running on IIS, rather than just the selected site or virtual directory that needs the access, a further surface area problem. Still use the IUSR account but give it network permissions and set up the same user name on the remote resource (not a domain user, a local user) This also has its problems. For example, there's a file share I am using that I have full rights to for sharing, but I can't log in to the machine. So I have to find the right admin and ask him to do it for me. Any time something has to change, it's another request to an admin. Allow IIS users to connect as anonymous, but set the account used for anonymous access to a high-privilege one This is even worse than giving the IIS IUSR full privileges, because it means my web site can't use any kind of security in the first place. Connect using Kerberos, then delegate This sounds good in principle but has all sorts of problems. First of all, if you're using virtual web sites where the domain name you connect to the site with is not the base machine name (as we do frequently), then you have to set up a Service Principal Name on the webserver using Microsoft's SetSPN utility. It's complicated and apparently prone to errors. Also, you have to ask your network/domain admin to change security policy for the web server so it is "trusted for delegation." If you don't get everything perfectly right, suddenly your intended Kerberos authentication is NTLM instead, and you can only impersonate rather than delegate, and thus no reaching out over the network as the user. Also, this method can be problematic because sometimes you need the web site or database to have permissions that the connecting user doesn't have. Create a service or COM+ application that fetches the resource for the web site Services and COM+ packages are run with their own set of credentials. Running as a high-privilege user is okay since they can do their own security and deny requests that are not legitimate, putting control in the hands of the application developer instead of the network admin. Problems: I am using a COM+ package that does exactly this on Windows Server 2000 to deliver highly sensitive images to a secured web application. I tried moving the web site to Windows Server 2003 and was suddenly denied permission to instantiate the COM+ object, very likely registry permissions. I trolled around quite a bit and did not solve the problem, partly because I was reluctant to give the IUSR account full registry permissions. That seems like the same bad practice as just running IIS as a high-privilege user. Note: This is actually really simple. In a programming language of your choice, you create a class with a function that returns an instance of the object you want (an ADODB.Connection, for example), and build a dll, which you register as a COM+ object. In your web server-side code, you create an instance of the class and use the function, and since it is running under a different security context, calls to network resources work. Map drive letters to shares This could theoretically work, but in my mind it's not really a good long-term strategy. Even though mappings can be created with specific credentials, and this can be done by others than a network admin, this also is going to mean that there are either way too many shared drives (small granularity) or too much permission is granted to entire file servers (large granularity). Also, I haven't figured out how to map a drive so that the IUSR gets the drives. Mapping a drive is for the current user, I don't know the IUSR account password to log in as it and create the mappings. Move the resources local to the web server/database There are times when I've done this, especially with Access databases. Does the database have to live out on the file share? Sometimes, it was just easiest to move the database to the web server or to the SQL database server (so the linked server to it would work). But I don't think this is a great all-around solution, either. And it won't work when the resource is a service rather than a file. Move the service to the final web server/database I suppose I could run a web server on my SQL Server database, so the web site can connect to it using impersonation and make me happy. But do we really want random extra web servers on our database servers just so this is possible? No. Virtual directories in IIS I know that virtual directories can help make remote resources look as though they are local, and this supports using custom credentials for each virtual directory. I haven't been able to come up with, yet, how this would solve the problem for system calls. Users could reach file shares directly, but this won't help, say, classic ASP code access resources. I could use a URL instead of a file path to read remote data files in a web page, but this isn't going to help me make a connection to an Access database, a SQL server database, or any other resource that uses a connection library rather than being able to just read all the bytes and work with them. I wish there was some kind of "service tunnel" that I could create. Think about how a VPN makes remote resources look like they are local. With a richer aliasing mechanism, perhaps code-based, why couldn't even database connections occur under a defined security context? Why not a special Windows component that lets you specify, per user, what resources are available and what alternate credentials are used for the connection? File shares, databases, web sites, you name it. I guess I'm almost talking about a specialized local proxy server. Anyway, so there's my list. I may update it if I think of more. Does anyone have any ideas for me? My current problem today is, yet again, I need a web site to connect to an Access database on a file share. Here we go again...

    Read the article

  • On REST: WADL or not IDL, is the following approach right ?

    - by redben
    This question is a bit long, please bear with me. In REST, i think we should not need WADL or any IDL. But rather something that would implicitly cover its concept. The way I think about it is when we (humans) surf the Web, when we go to a web site for the first time, we don't know what services it provides. You discover those on the html home page (or a sitemap page in a help section) or maybe just the main menu on the home page. If you make an analogy, the homepage or site map to us humans is what WSDL is to WS-* or what WADL could be to a REST service. Only that its just like any other html content. I think that in REST the following is a good way to do things, respecting the HATEOS paradigm. Have a top level (or default) resource that lists links to your other resources. For a library example, say RestLibrary.com/ it could be something like: <root xmlns:lib="http://librarystandards.com/libraryml"> <resource class="lib:book"> <link type="application/vnd.libraryml+xml" template="mylib.com/book/{isbn}" /> <link type="application/vnd.libraryml+xml" rel="add" href="mylib.com/book" method="POST" /> <link type="application/vnd.libraryml+xml" rel="update" template="mylib.com/book/{isbn}" method="PUT" /> </resource> <resource class="lib:bookList"> <link template="mylib.com/book?keywords={keywords}" type="application/vnd.openlibrary+xml" rel="search" /> </resource> </root> Note that it is assumed that the media type "application/vnd.libraryml+xml" is a defined standard or (may be just proprietary vocabulary) named libraryml. Also, the client should be able to understand this "homepage" resource (elements root, resource and link). This is the part that could be used instead of WADL : an Abstract vocabulary that should be understandable by any client. You could use an existing standard like Atom for example. But the main idea is to have an abstract vocabulary understandable by any client. Why not WADL then ? well wadl is only for service discovery. The idea here is to have an light abstract vocabulary that would serve as a base for hypermedia. A "root" vocabulary. Like in owl we have owl:thing...etc Now if the client knows the "libraryml" standard it can follow the links to the things it understands (after parsing the media type properties and xmlns). If not, it just won't. When i can't understand how to deal with something in REST architecture i tend to see how we Humans do it in the Web. In the Web, we have the Generic language that is HTML that enables site builders to deliver any specific content, regardless of its meaning to the client (the user), Browsers understand HTML but not the "meaning" of its content. It is the user that understands the (domain specific) content. If i go to say QuantumPhysics.org, my browser can render the home page (it is just html after all) and i can read the home page. If i understand quantum then fine i can continue browsing. If i don't i just get out (unless i want to learn the hardway :) ) In the RetsLibrary.com example the client app is just like me+my browser on QuantumPhysics.org. the media type "application/vnd.libraryml+xml" is quantum physics (knowledge). http is http in both examples. Now HTML of QuantumPhysics.org is in RestLibrary.com is XML + that tiny little abstract vocabulary (root resource and link, that you could replace with something like Atom). So does this approach have any value ? don't we need a root tiny hyper-vocabulary so we can succeed with hypermedia and the "initial URI" concept ? edit Yeah why not RDF as the root vocabulary !

    Read the article

  • Parameter parsing with Java Restlet

    - by Leaf
    I'm trying to make a calculator web service that has more than 10 parameters. Is there any function in the Java Restlet or in Java itself that allows you to see the parameter ids? e.g. http://mywebsite.com/calculator?id1=value1&id2=value2&id3=value3 = I'm trying to access the values of id1, id2, and id3 so that I don't have to require people using the web service to input all parameters (some of them are likely to be 0).

    Read the article

  • Facebook publishActivity: No error, but no activity published

    - by carlo.capocasa
    Hi, implementing publishActivity in PHP using the REST API using this code: $activity = array( 'message' => '{*actor*} did something.', 'action_link' => array( 'text' => 'Play Travians', 'href' => WEBROOT ) ); $activity = $facebook->api_client->dashboard_publishActivity($activity); I get a 15-digit number returned and no errors, however no activity appears in the logged in account or friends of this account. Help appreciated. Carlo

    Read the article

  • How to remove default header from WCF REST Outgoing Response?

    - by bmsantos
    The following C# WCF based REST service gives me some undesired headers that I'm not sure if I can remove them trough the API. The interface: [ServiceContract] public interface IControlSystem { [OperationContract] [WebGet] System.IO.Stream About(); } The implementation: public class ControlSystem : IControlSystem { public System.IO.Stream About() { return new System.IO.MemoryStream(ASCIIEncoding.Default.GetBytes("Hello World")); } } Out of a raw socket connection it gives the following response: HTTP/1.1 200 OK Server: ASP.NET Development Server/9.0.0.0 Date: Tue, 15 Jun 2010 13:12:51 GMT X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: application/octet-stream Content-Length: 39 Connection: Close Hello World Question is, is it possible to get the server to not report anything other than the actual message? Need it in some calls so due to some small embedded device clients that will try to connect to the server and I would like to minimize the amount of parsing. Thanks, B.

    Read the article

  • Per-User basis security with restful_authentication in Rails ?

    - by benoror
    Hi! I'm using restful_authentication plugin, but I would like to have per-user security, for example: class PostsController < ApplicationController # Login required before_filter :login_required, :except => [ :index, :show ] # Only the same user can create, edit and delete their own posts before_filter :only_by_same_user, :only => [ :create, :update, :destroy ] end Thanks!

    Read the article

  • REST API Help in Rails

    - by dannymcc
    Hi Everyone, I am trying to get some information posted using our accountancy package (FreeAgentCentral) using their API via a GEM. http://github.com/aaronrussell/freeagent_api/ I have the following code to get it working (supposedly): Kase Controller def create @kase = Kase.new(params[:kase]) @company = Company.find(params[:kase][:company_id]) @kase = @company.kases.create!(params[:kase]) respond_to do |format| if @kase.save UserMailer.deliver_makeakase("[email protected]", "Highrise", @kase) @kase.create_freeagent_project(current_user) #flash[:notice] = 'Case was successfully created.' flash[:notice] = fading_flash_message("Case was successfully created & sent to Highrise.", 5) format.html { redirect_to(@kase) } format.xml { render :xml => @kase, :status => :created, :location => @kase } else format.html { render :action => "new" } format.xml { render :xml => @kase.errors, :status => :unprocessable_entity } end end end To save you looking through, the important part is: @kase.create_freeagent_project(current_user) Kase Model # FreeAgent API Project Create # Required attribues # :contact_id # :name # :payment_term_in_days # :billing_basis # must be 1, 7, 7.5, or 8 # :budget_units # must be Hours, Days, or Monetary # :status # must be Active or Completed def create_freeagent_project(current_user) p = Freeagent::Project.create( :contact_id => 0, :name => "#{jobno} - #{highrisesubject}", :payment_terms_in_days => 5, :billing_basis => 1, :budget_units => 'Hours', :status => 'Active' ) user = Freeagent::User.find_by_email(current_user.email) Freeagent::Timeslip.create( :project_id => p.id, :user_id => user.id, :hours => 1, :new_task => 'Setup', :dated_on => Time.now ) end lib/freeagent_api.rb require 'rubygems' gem 'activeresource', '< 3.0.0.beta1' require 'active_resource' module Freeagent class << self def authenticate(options) Base.authenticate(options) end end class Error < StandardError; end class Base < ActiveResource::Base def self.authenticate(options) self.site = "https://#{options[:domain]}" self.user = options[:username] self.password = options[:password] end end # Company class Company def self.invoice_timeline InvoiceTimeline.find :all, :from => '/company/invoice_timeline.xml' end def self.tax_timeline TaxTimeline.find :all, :from => '/company/tax_timeline.xml' end end class InvoiceTimeline < Base self.prefix = '/company/' end class TaxTimeline < Base self.prefix = '/company/' end # Contacts class Contact < Base end # Projects class Project < Base def invoices Invoice.find :all, :from => "/projects/#{id}/invoices.xml" end def timeslips Timeslip.find :all, :from => "/projects/#{id}/timeslips.xml" end end # Tasks - Complete class Task < Base self.prefix = '/projects/:project_id/' end # Invoices - Complete class Invoice < Base def mark_as_draft connection.put("/invoices/#{id}/mark_as_draft.xml", encode, self.class.headers).tap do |response| load_attributes_from_response(response) end end def mark_as_sent connection.put("/invoices/#{id}/mark_as_sent.xml", encode, self.class.headers).tap do |response| load_attributes_from_response(response) end end def mark_as_cancelled connection.put("/invoices/#{id}/mark_as_cancelled.xml", encode, self.class.headers).tap do |response| load_attributes_from_response(response) end end end # Invoice items - Complete class InvoiceItem < Base self.prefix = '/invoices/:invoice_id/' end # Timeslips class Timeslip < Base def self.find(*arguments) scope = arguments.slice!(0) options = arguments.slice!(0) || {} if options[:params] && options[:params][:from] && options[:params][:to] options[:params][:view] = options[:params][:from]+'_'+options[:params][:to] options[:params].delete(:from) options[:params].delete(:to) end case scope when :all then find_every(options) when :first then find_every(options).first when :last then find_every(options).last when :one then find_one(options) else find_single(scope, options) end end end # Users class User < Base self.prefix = '/company/' def self.find_by_email(email) users = User.find :all users.each do |u| u.email == email ? (return u) : next end raise Error, "No user matches that email!" end end end config/initializers/freeagent.rb Freeagent.authenticate({ :domain => 'XXXXX.freeagentcentral.com', :username => '[email protected]', :password => 'XXXXXX' }) The above render the following error when trying to create a new Case and send the details to FreeAgent: ActiveResource::ResourceNotFound in KasesController#create Failed with 404 Not Found and ActiveResource::ResourceNotFound (Failed with 404 Not Found): app/models/kase.rb:56:in `create_freeagent_project' app/controllers/kases_controller.rb:96:in `create' app/controllers/kases_controller.rb:93:in `create' Rendered rescues/_trace (176.5ms) Rendered rescues/_request_and_response (1.1ms) Rendering rescues/layout (internal_server_error) If anyone can shed any light on this problem it would be greatly appreciated! Thanks, Danny

    Read the article

  • Google App Engine - Secure Cookies

    - by tponthieux
    I'd been searching for a way to do cookie based authentication/sessions in Google App Engine because I don't like the idea of memcache based sessions, and I also don't like the idea of forcing users to create google accounts just to use a website. I stumbled across someone's posting that mentioned some signed cookie functions from the Tornado framework and it looks like what I need. What I have in mind is storing a user's id in a tamper proof cookie, and maybe using a decorator for the request handlers to test the authentication status of the user, and as a side benefit the user id will be available to the request handler for datastore work and such. The concept would be similar to forms authentication in ASP.NET. This code comes from the web.py module of the Tornado framework. According to the docstrings, it "Signs and timestamps a cookie so it cannot be forged" and "Returns the given signed cookie if it validates, or None." I've tried to use it in an App Engine Project, but I don't understand the nuances of trying to get these methods to work in the context of the request handler. Can someone show me the right way to do this without losing the functionality that the FriendFeed developers put into it? The set_secure_cookie, and get_secure_cookie portions are the most important, but it would be nice to be able to use the other methods as well. #!/usr/bin/env python import Cookie import base64 import time import hashlib import hmac import datetime import re import calendar import email.utils import logging def _utf8(s): if isinstance(s, unicode): return s.encode("utf-8") assert isinstance(s, str) return s def _unicode(s): if isinstance(s, str): try: return s.decode("utf-8") except UnicodeDecodeError: raise HTTPError(400, "Non-utf8 argument") assert isinstance(s, unicode) return s def _time_independent_equals(a, b): if len(a) != len(b): return False result = 0 for x, y in zip(a, b): result |= ord(x) ^ ord(y) return result == 0 def cookies(self): """A dictionary of Cookie.Morsel objects.""" if not hasattr(self,"_cookies"): self._cookies = Cookie.BaseCookie() if "Cookie" in self.request.headers: try: self._cookies.load(self.request.headers["Cookie"]) except: self.clear_all_cookies() return self._cookies def _cookie_signature(self,*parts): self.require_setting("cookie_secret","secure cookies") hash = hmac.new(self.application.settings["cookie_secret"], digestmod=hashlib.sha1) for part in parts:hash.update(part) return hash.hexdigest() def get_cookie(self,name,default=None): """Gets the value of the cookie with the given name,else default.""" if name in self.cookies: return self.cookies[name].value return default def set_cookie(self,name,value,domain=None,expires=None,path="/", expires_days=None): """Sets the given cookie name/value with the given options.""" name = _utf8(name) value = _utf8(value) if re.search(r"[\x00-\x20]",name + value): # Don't let us accidentally inject bad stuff raise ValueError("Invalid cookie %r:%r" % (name,value)) if not hasattr(self,"_new_cookies"): self._new_cookies = [] new_cookie = Cookie.BaseCookie() self._new_cookies.append(new_cookie) new_cookie[name] = value if domain: new_cookie[name]["domain"] = domain if expires_days is not None and not expires: expires = datetime.datetime.utcnow() + datetime.timedelta( days=expires_days) if expires: timestamp = calendar.timegm(expires.utctimetuple()) new_cookie[name]["expires"] = email.utils.formatdate( timestamp,localtime=False,usegmt=True) if path: new_cookie[name]["path"] = path def clear_cookie(self,name,path="/",domain=None): """Deletes the cookie with the given name.""" expires = datetime.datetime.utcnow() - datetime.timedelta(days=365) self.set_cookie(name,value="",path=path,expires=expires, domain=domain) def clear_all_cookies(self): """Deletes all the cookies the user sent with this request.""" for name in self.cookies.iterkeys(): self.clear_cookie(name) def set_secure_cookie(self,name,value,expires_days=30,**kwargs): """Signs and timestamps a cookie so it cannot be forged""" timestamp = str(int(time.time())) value = base64.b64encode(value) signature = self._cookie_signature(name,value,timestamp) value = "|".join([value,timestamp,signature]) self.set_cookie(name,value,expires_days=expires_days,**kwargs) def get_secure_cookie(self,name,include_name=True,value=None): """Returns the given signed cookie if it validates,or None""" if value is None:value = self.get_cookie(name) if not value:return None parts = value.split("|") if len(parts) != 3:return None if include_name: signature = self._cookie_signature(name,parts[0],parts[1]) else: signature = self._cookie_signature(parts[0],parts[1]) if not _time_independent_equals(parts[2],signature): logging.warning("Invalid cookie signature %r",value) return None timestamp = int(parts[1]) if timestamp < time.time() - 31 * 86400: logging.warning("Expired cookie %r",value) return None try: return base64.b64decode(parts[0]) except: return None uid=1234|1234567890|d32b9e9c67274fa062e2599fd659cc14 Parts: 1. uid is the name of the key 2. 1234 is your value in clear 3. 1234567890 is the timestamp 4. d32b9e9c67274fa062e2599fd659cc14 is the signature made from the value and the timestamp

    Read the article

  • Getting 401 on Twitter OAuth POST requests

    - by Baishampayan Ghose
    I am trying to use Twitter OAuth and my POST requests are failing with a 401 (Invalid OAuth Request) error. For example, if I want to post a new status update, I am sending a HTTP POST request to https://twitter.com/statuses/update.json with the following parameters - status=Testing&oauth_version=1.0&oauth_token=xxx& oauth_nonce=xxx&oauth_timestamp=xxx&oauth_signature=xxx& oauth_consumer_key=xxx&in_reply_to=xxx&oauth_signature_method=HMAC-SHA1` My GET requests are all working fine. I can see on the mailing lists that a lot of people have had identical problems but I could not find a solution anywhere. I am using the oauth.py Python library.

    Read the article

  • User signup in REST API

    - by Bhaktavatsalam Nallanthighal
    I have a PHP web application that I want to make accessible across multiple clients. So, I'm trying to make it more like an API. My question is: How would I handle the creation of new users using the API? If I have a URL like http://example.com/user/signup which takes new user details and creates a new user via a POST request, wouldn't it be a problem that people can misuse it and create fake users easily?

    Read the article

  • How do I POST/GET from rails to API with Nestful?

    - by Angela
    Hi, this is a pretty basic question but I'm not entirely clear how to do this. I am trying to use a third-party service that has web-based service. The service is called Postful. But I'm not clear what exactly to do? I've looked at ActiveResource (http://api.rubyonrails.org/classes/ActiveResource/Base.html) and rest-client, but I'm still not clear exactly what steps, code, and files to create. I'm trying to use Nestful but I'm not entirely clear how to make this work. http://github.com/maccman/nestful http://www.postful.com/service/mail is one of the services (details found http://www.postful.com/developer/guide#rest ), but to upload an image I have to post the following (but I'm not sure how I actually do this?). Thanks! > http://www.postful.com/service/upload > > Be sure to include the Content-Type > and Content-Length headers and the > image itself as the body of the > request. > > POST /upload HTTP/1.0 Content-Type: > application/octet-stream > Content-Length: 301456 > > ... file content here ... > > If the upload is successful, you will > receive a response like the following: > > <?xml version="1.0" encoding="UTF-8"?> > <upload> > <id>290797321.waltershandy.2</id> > </upload>

    Read the article

  • Howto specify format of Restlet-response in browser?

    - by martin
    Hello everybody, i've started to introduce myself into REST. I use as REST-framework Restlet. I have defined a resource with methods for the GET with several response formats like @Get("xml") @Get("json") I now want to test my defined response-formats with my browser, but I don't know which parameter I have to specify in my URL to get the format. Something like: http://localhost:8182/members?type=xml I've tried some param-names, but I couldn't find the right param-name. I know that there must be such a parameter, because I've seen it already in an URL, but i forgot the name and couldn't find it in the net. How is the name of this parameter when using restlet? I would be pleased, if somebody can help me, thanks, Martin

    Read the article

  • Re-designing 37signals paths to be hosted under a single domain

    - by Victor P
    37signals is a web app company. Some of their applications: basecamp, to manage projects highrise, to manage contacts backpack, like a wiki they use different domains for each application (basecamphq.com, highrisehq.com, etc) in basecamp, this is the address of a particular comment for a post in a project of my company (acme) https://acme.basecamphq.com/projects/431678/posts/2964581/comments#5854236 if 37signals had chosen to host all the applications under their domain using folders (eg 37signals.com/basecamp/..., how would you design the paths?

    Read the article

< Previous Page | 61 62 63 64 65 66 67 68 69 70 71 72  | Next Page >