I'm implementing lib to export/synchronize test cases into TFS automaticaly during test run. One of my requirements is that I need to use NodeJS for that, so I decided to use TFS REST API. In my code I'm using "azure-devops-node-api " lib, I can connect and get different elements, no luck with adding test cases.
I've found on the web that TestCase is kind of WorkItem and as WI should be added. Unfortunately I didn't find a way to add one with azure-devops-node-api.
I tried also to send manually constructed json, unfortunatelly no luck with finding proper url to sent as I'm allways getting :
Error: {"statusCode":404,"body":"Page not found."
My example request:
request.post({
url: 'https://<url>/tfs/<default collection maybe?>/<project>/_apis/wit/workItems/test%20case',
headers: {
'Content-Type': 'application/json',
'Authorization':'Basic ' + this.encodePat('<my auth token>')
},
rejectUnauthorized: false,//add when working with https sites
requestCert: false,//add when working with https sites
agent: false,//add when working with https sites
json: rq
},function (response, err, body){
if (err) throw new Error(JSON.stringify(err));
console.log('Body:',JSON.parse(body));
console.log('Response:',response)
});
Does anyone know what wrom I'm doing or if azure-devops-node-api is able to add WorkItems ?
If you want to add a test case only just as a work item you have to use the template from this link Work Items - Create.
POST https://dev.azure.com/{organization}/{project}/_apis/wit/workitems/${type}?api-version=5.0
You have to add to url "?api-version=X.0". The example:
https://<server name and port>/tfs/<collection name should be>/<project>/_apis/wit/workItems/$test%20case?api-version=3.0
Also you have to encode your pat by this template:
'Authorization':'Basic ' + this.encodePat(':<my auth token>')
Here you can find an example for a build task with node.js: https://github.com/ashamrai/AzureDevOpsExtensions/blob/master/CustomBuildTask/NewWICustomTask/index.ts
Related
I'm developing an Add-in for Outlook Desktop and want to call my service during the OnNewMessageCompose event.
I'm using fetch like this. I'm posting to the my service with a token and a body
const result = await fetch('https://myservice.com/endpoint', {
mode: 'cors',
method: 'POST',
headers: {
'Content-Type' : 'applications/json',
'Authorization': 'Bearer : token'
},
body: JSON.stringify(body)
});
When the add-in runs within the web version of Outlook, it's fine. When run in the Desktop. it fails. A similar issue was reported regarding Excel Custom functions and the solution was to use the Sharedruntime. That does not appear to be available in Outlook. If I take out the headers it's fine, but ideally I need those to authorize against the service. Is there a way to pass custom headers via a POST in the Desktop version of an add-in?
Desktop Outlook does not support SharedRuntime, so that workaround won't work. We have documented the lack of Full CORS support online. Search for Full CORS on this page : https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/autolaunch
As a workaround for now, ensure that your add-in and your service are on the same origin to eliminate the need for CORS.
We are currently working to support Full CORS. Unfortunately, we don't have any timelines to share.
Setup: NodeJS / Express / Helmet API running on Azure App Service, CORS set to allow * so should be all fine.
Client web setup running locally on NodeJS (http://localhost:3000)
I'm trying to POST some JSON from the web client to the API for login validating purposes. Works for some requests and not others, seemingly depending on what actual values I am posting.
I've got a bit of code that uses the Fetch API to send login details and validate them, as follows:
const response = await fetch(`${baseUrl}/auth/validate`, {
method: 'POST',
mode: 'cors',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({EmailAddress: email, Password: password}),
}).catch(error => {
alert('Unable to check login');
});
If the value of email and password are both just me leaning on the keyboard, say 'skdjflsjdf' then it's all fine - the server gets my POST, validates that the login is rubbish and bounces back my error. It allows it because I get the Access-Control-Allow-Origin: * header back, so Chrome is happy.
If the value of email is an actual email address, I don't get the Access-Control-Allow-Origin: * header back and Chrome gets very upset of course.
I can't even begin to imagine how I've gone wrong here and I certainly don't seem to be able to find the right phrase to Google for a sensible answer. I'd really appreciate any help... Thanks.
I'm trying to make a request to a web service with a URL similar to the following:
http://91.21.24.521:7831/XXXXX/WS/{companyName}/XXXXX/XXXX?wsdl
I've blanked out some information with the XXXX, but that's the basic structure of the URL. The company name actually has blank spaces. I've tried making the request with the blank spaces and filling them with %20, but neither work. The URL works fine in Soap UI, where I fill the blank spaces with %20.
In Javascript I'm using the "soap" NPM module. And my current code looks like this:
const auth = 'Basic ' + Buffer.from(`${user}:${password}`).toString('base64')
const options = {
wsdl_headers: {
'Authorization': auth,
forceSoap12Headers: true,
disableCache: true,
}
}
soap.createClient(url, options, function (err, client) {
console.log(err, client)
})
When I inspect the console log, I get an undefined client and an error that says Invalid WSDL URL.
I've tried removing the options, trying different version of the URL, changing the options object structure but nothing seems to work. I'me confused because the URL works fine in Soap UI and the web browswer, but doesn't work in this scenario. Is there something wrong with the code?
Thanks
I am trying to upload a file (PDF) from a local directory to a document library on SharePoint. I have a gulp build system in place that watches the folder for changes and runs a task that pipes the PDF stream through gulp-spsave
gulp-spsave is nice because it abstracts away what appears to be a pretty complex SharePoint REST interface, where I can supply my credentials, url, and upload folder and it does the rest.
However, I keep getting a 404. I'm new to SharePoint and don't really understand the URL structure, so I'm guessing I'm not supplying the correct info to the plugin.
This is the URL to the document library (which is named DST):
https://{subdomain}.{customdomain}.com/depts/indirectsales/DST/Forms/AllItems.aspx
And this is my gulp task:
gulp.task('upload', function() {
var catalog = paths.output + 'catalog.pdf';
return gulp.src(catalog)
.pipe(spsave({
username: '{user}',
password: '{pass}',
siteUrl: 'https://{subdomain}.{customdomain}.com/depts/indirectsales/',
folder: 'DST'
}));
});
I have tried other combinations of siteUrl and folder to no avail, such as:
siteUrl: 'https://{subdomain}.{customdomain}.com',
folder: 'depts/indirectsales/DST'
Does anyone know what the correct strings would be for siteUrl and folder given the document library URL?
EDIT: It looks like I'm trying to connect to an on-premises Sharepoint 2010 installation, and spsave works only for 2013/2016 and SPO. Does anyone know how to upload a file to a document library in SP 2010 using REST?
It turns out the only reason I was having problems with a standard REST request was because I wasn't authenticating to SharePoint with NTLM. I was able to do so with the http-ntlm module in node:
httpntlm.post({
url: 'http://domain.com/site/_vti_bin/copy.asmx',
headers: {
'SOAPAction': 'http://schemas.microsoft.com/sharepoint/soap/CopyIntoItems',
'Content-Type': 'text/xml; charset="utf-8"'
},
username: 'user',
password: 'pass',
body: soapEnv,
}, function(err, response) {
//callback
}
I'm beginning to build out an API using .NET Web API. I'm coming across scenarios where I need to think about how to prevent abuse of my API. Take this example:
On my account creation form, I have a client-side check to see if the username is taken. This check is something like this:
var exists = false;
$.ajax({
url: '/api/people?username=' + name,
method: 'GET',
async: false,
success: function (response) {
exists = response;
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
//alert('error');
}
});
return exists;
My ultimate question is: how do best secure my API so that someone can't build something that just pings https://example.com/api/people?username=blah looking for info? I've read about adding Basic Auth, but how is that design best implemented in this scenario?
You could consider using Access Control rules and only allow calls from www.example.com, so if someone calls from www.othersite.com, it will reject the request.
Access Control
Same-Origin Policy
But if you're trying to allow outside sites to access your API, you will definitely need authentication. Hope this helps!!