Accidentally gave permission to a third party app to my Gmail, under the “view your emails and settings”, the “readonly” scope
https://www.googleapis.com/auth/gmail.readonly
Would this have given the ability for the third party to directly download attachments files from my inbox ?
Yes, the documentation specifies for https://www.googleapis.com/auth/gmail.readonly:
Read all resources and their metadata
A person who has those scopes can also access your attachments and e.g. create a copy of those on his drives.
You can easily test it yourself with a simple Apps Script code.
E.g. send an email with attachment to yourself and run the following code:
function myFunction() {
var blob = GmailApp.getInboxThreads()[0].getMessages()[0].getAttachments()[0].copyBlob();
DriveApp.createFile(blob).setName("copied blob");
}
This code will retrieve the attachment of your newest inbox message and save it on your drive.
If you go on Files -> Project Properties -> Scopes, you will see that the script automatically requested the scopes
https://mail.google.com/
and
https://www.googleapis.com/auth/drive
But now, set your scopes manually by opening the manifest (View -> Show manifest file) and hardcode the authorization scopes e.g.:
{
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/drive"
],
"timeZone": "Europe/Paris",
"dependencies": {
},
"exceptionLogging": "STACKDRIVER",
"runtimeVersion": "V8"
}
Run your code again
You will see that it can still access and save the attachment - even with the https://www.googleapis.com/auth/gmail.readonly scope!
Related
I'm trying to watch for google drive changes, and write down history of changes in database, also I want to store the files (all versions).
For now I have set up webhook, so I get some info in request.header, but this info looks weird, only message number differs, resourceUri or pageToken in it are the same.
Request headers don't contain info about file or folder that was changed. No change id, no file id, no actors.
I want to know, how this method is helpful and what should I do to get real-time changes with information about files that were changed.
There are some steps to handle Drive file changes.
1. Choose the change type you want to track
It could be just changes within the file, changes in the file metadata, such as moving the file to another folder or to a shared drive. You might want to use the Reports API for that one.
2. Watch for changes
You can use the Changes API to detect what data has changed or has been removed. If you want detailed information about the changes, you can also check the Activity API
3. Get the notification
Set up a webhook when changes are detected on the file
POST https://www.googleapis.com/drive/v3/files/fileId/watch
Authorization: Bearer auth_token_for_current_user
Content-Type: application/json
{
"id": "01234567-89ab-cdef-0123456789ab", // Your channel ID.
"type": "web_hook",
"address": "https://example.com/notifications", // Your receiving URL.
...
"token": "target=myApp-myFilesChannelDest", // (Optional) Your channel token.
"expiration": 1426325213000 // (Optional) Your requested channel expiration time.
}
Sample code from https://developers.google.com/drive/api/v3/push
4. Export the new version of the file
After a new change is triggered, you can download the new file version using the export method
You can check a more detailed guide on https://developers.google.com/drive/api/v3/manage-revisions
I am trying to find a way out using node js to fetch the list of files (xlsx and CSV files are of my interest) from User's Microsoft OneDrive. From the list, choose the file and then download it into the local system.
I can see Microsoft documentation about using OneDrive REST API here. But, since I am new at this, I am not really able to work this around. Any help will be appreciated.
I want to do something similar to what we can do with Google Drive where I could get a list of files along with their names and unique id and when the user chooses one file, by use of the unique id, I was able to download the required file. I am wondering if a similar thing can be done with OneDrive.
My progress so far:
I am able to ask users to provide their consent and get code in return to redirect Uri (localhost in my case).
The link that does this- https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={my_client_id}&scope=User.Read%20offline_access%20Files.ReadWrite.all%20Files.ReadWrite&response_type=code&response_mode=query&redirect_uri=https://localhost:3400
After getting the code, I exchanged it for refresh token.
To do this exchange, I used Postman for the POST request. The URL for that is https://login.microsoftonline.com/common/oauth2/v2.0/token?grant_type=authorization_code&client_id=your_app_client_id&code=use_the_code_returned_on_previous_step
Now that I have a refresh token, I want to do operations like listing the files on my OneDrive and select anyone to download.
I suggest looking into the Graph API as follows, and using the same auth_token received above. Instead of /me you can substitute a user ID as well.
Get information about the user's drive:
GET https://graph.microsoft.com/v1.0/me/drive
Get the root folder of the drive:
GET https://graph.microsoft.com/v1.0/me/drive/root/
Note: the documentation and the paths in the JSON results say "root:" but I haven't been able to get it work work with the colon.
Embedded in the result you should see:
"folder": {
"childCount": {whatever the count is}
},
To see the files that are in the folder:
GET https://graph.microsoft.com/v1.0/me/drive/root/children
Files will have an id and a name, both of which can be used to retrieve them:
"createdDateTime": "2020-07-05T18:08:37Z",
"eTag": "\"{29C06DFA-92AE-48D5-AF3D-149EF959030F},1\"",
"id": "01EC2X7VP2NXACTLUS2VEK6PIUT34VSAYP",
"lastModifiedDateTime": "2020-07-05T18:08:37Z",
"name": "wizard of wor.png",
To download a file by ID:
https://graph.microsoft.com/v1.0/me/drive/items/01EC2X7VP2NXACTLUS2VEK6PIUT34VSAYP/content
Or by path (in example below Wizard of Wor.png is the file name):
https://graph.microsoft.com/v1.0/me/drive/root/children/Wizard%20of%20Wor.png/content
Documentation sources:
https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/driveitem-get-content?view=graph-rest-1.0&tabs=http
Is there any method to get current user location. Let say I created some "slash" command /map. When I am calling this command - POST message being send to my nodejs server, and server returns some json data.
{
"channel": "#map",
"username": "test",
"unfurl_links": true,
"icon_emoji": ":world_map:",
"attachments": [
{
"fallback": "Required plain-text summary of the attachment.",
"pretext": "Beautiful Personalized Map Sharing",
"image_url": "http://static.mapjam.com/yrjkbmb/auto/640x480.jpg",
"thumb_url": "http://static.mapjam.com/yrjkbmb/auto/640x480.jpg"
}
]
}
Because I am authenticated I am able to get some Slack user info:
username
email etc..
How can I access Slack user lat, long if it is possible though
Currently there is nothing available in the user info to get the geographical position of a user from the Slack API.
Please refer to the Users Info Slack API documentation and the User Type documentation.
If you are expecting to create a slash command the slack application would have to have permissions to your devices location. Looking at the permissions on my android app id does not request permissions to the devices location.
Just spit-balling, there could be a way to do it. This is completely hypothetical simplified method. You would have to have a helper application on the device that has permissions to the location of the device. That app would listen for the /location /map request then post to the channel where the request came from.
I am working with a form system very similar to WUFOO that allows me to send data to an external website using WebHooks.
I have been able to connect my form to my ASANA system through Zapier but I cannot seem to get the API system to operate correctly. Can someone please advise or assist me on what I am doing incorrectly here?
In the screenshot note the following:
- Web URL functions for any web URL (https or http)
- HTTP method has POST, PUT, or GET options
- Data format allows me to input virtually anything so I can match up form fields with any necessary names for ASANA.
I simply cannot get the system to connect to ASANA. Please help me.
Screen shot of WebHook Options
I don't have access to your exact form builder but assuming it does what it says it is doing you can try the following. I'll use creating a task as an example.
Create a personal access token in Asana. To do this log in to Asana, click the icon in the top right corner and open "My profile settings". Go to the apps tab and create a personal access token. You will only ever see this token once so create a new one if you lose it. Also retrieve your workspace id, you can get it by opening app.asana.com/api/1.0/workspaces while logged in.
Now back to your form. For the website url place the specific endpoint you want to hit at Asana. For example, lets create a new task:
https://app.asana.com/api/1.0/tasks
Under the HTTP Method you want to select POST
Under the HTTP Headers you want to specify something like (replace 0/1234abcd with your access token):
{
"Authorization": "Bearer 0/1234abcd",
"Content-Type": "application/json"
}
You can use Send Raw Data and specify something like the following in the raw data section (replace 1234 with your workspace id):
{
"data": {
"workspace": 1234,
"name": "The name of the task"
}
}
You can of course add other fields- please see the API reference for more information:
https://asana.com/developers/api-reference/tasks
Let me know if that works for you.
I'm looking for sample script that resets the default permissions on an external spreadsheet based on the email address and DocumentID passed to the script. I intent to create a script that can parse information from an email message to acquire the DocumentID and email, execute the permission change from default to anyone with a link, then email the passed address with that link.
It appears that perms are controlled by the DocList API and I'm not finding samples of GAS interacting with that API.
At Google I/O 2013, DriveApp was launched. This allows developers to build use cases like Sharing to Anyone with link
https://developers.google.com/apps-script/reference/drive/
Sample code -
var quizTemplate = DriveApp.getFileById(QUIZ_TEMPLATE_ID);
quizTemplate.setSharing(DriveApp.Access.DOMAIN_WITH_LINK, DriveApp.Permission.VIEW);
or
var openFile = DriveApp.getFileById(WIDE_OPEN_ID)
openFile.setSharing(DriveApp.Access.ANYONE_WITH_LINK, DriveApp.Permission.COMMENT);
AFAIK DocsList Services does not have a function to change the sharing mode, between private/anyone with a link/public, only to add/remove editors and viewers. But we can still achieve this by previously setting manually the share settings of a specific folder to "anyone with a link". Then, we have just to add the file to that folder to have it shared.
A script to do that is particularly simple. e.g.
function shareWithAnyoneAndEmail(documentID,email) {
var sharedFolder = DocsList.getFolderById('id-to-your-previously-shared-folder');
var file = DocsList.getFileById(documentID);
file.addToFolder(sharedFolder);
MailApp.sendEmail(email, 'Here is your file', file.getName()+'\n'+file.getUrl());
}