I created a fresh rails-api app and added an address model to it and then installed rails_admin. And whenever I try to add rows, I get 422s
I can see that CSRF token has been sent in the JSON, but it says its invalid.
Processing by RailsAdmin::MainController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"9PP0EREx/cTK2TVtMp38ao/U9QCu6pjwmvV4fxIGEwTjZvGUfTcz7hpWL85UR/7qO3w+kytA2HD98+u7yiy3wg==", "address"=>{"door_no"=>"229", "street"=>"", "area"=>"", "city"=>"", "state"=>"", "pin"=>"", "code"=>""}, "return_to"=>"", "_save"=>"", "model_name"=>"address"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms)
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken)
What could be wrong? Something in the gem maybe?
I initially thought that the issue was same that I encountered some months before, posted on Github, however even after downgrading to 1.1.0 I had same issues. Currently I'm on Rails 5.1.2 and Rails Admin 1.2.0.
Setting config.api_only = false solves the problem
api-only mode seems to clash with some csrf verification stuff, which started to work pretty perfect as soon as I changed the flag.
Related
i made a Discord bot which was working just fine until recently; since yesterday it's refusing to log in (output says invalid token was provided but creating a new token and putting it into code won't work).
The funny part is I actually have two versions of the same bot (deploy and test where the latter is only in one of my servers where i test new functions before implementing them in the deployed version).
Just replacing the token with the "test-bot" one fix the issue and allows me to correctly login (with the wrong bot of course since I'm using bot-test token).
To verify the token i made this very small script:
client.login(botToken).then().catch(reason => {
console.log("Login failed: " + reason);
console.log("Token used: " + botToken);
}); //login in discord
This allows me, in case of failed login to have similiar output:
Login failed: Error [TOKEN_INVALID]: An invalid token was provided.
Token used: NjAxMzc3Mzg3NDgwODc1MDE4.Xr5Cyg.xhX3QYqk0prPC7y3KS0yc5JA02U
Here you can see a screenshot from discord bot page where you can double-check the token used IS correct (the token now has been reset so this one won't be valid anymore)
I can tell the import method of the token (it's imported from another file) works fine (bot.js can see it and what i actually do when I change version is commenting/decommenting 2 lines of code (containing token and client ID which is used by a bot function).
Additional info:
I'm using Discord 12 at the moment but the bug started yesterday giving out the same result and I had installed discord 11+ back then.
nodejs version used is 12.16.3
npm version used is 6.14.4
bot is hosted in a VPS running Debian 9
Is anyone able to help with this or encountered similiar error?
Thanks in advance,
I'm using the dialogflow-fulfillment npm package, included using:
"dialogflow-fulfillment": "github:dialogflow/dialogflow-fulfillment-nodejs"
I have to do this, because Google can't seem to manage to upload the 0.6.2 version to NPM. (Which supposedly fixes this error, but no).
Apparently DialogFlow seems to be unable to realize that it has Reponses already defined in the Console. When I call agent.setContext() or agent.context.set() without adding a Response via agent.add() I get a fulfillment error:
No Response defined for device: [SOME DEVICE]
even if I have static Reponses defined. The same is true for agent.setFollowupEvent(), but there I can just add an empty Response agent.add(' ') because it's not executed anyway. But when I do that with .setContext(), the empty Response is relayed to the user instead of the static ones.
The problem with agent.setFollowupEvent() seems to be fixed in 0.6.2, but I didn't test extensively.
After repeatedly losing my mind, I have resorted to simply adding all the Responses defined in the console again. I did this by looping through the consoleMessages and adding them.
for (let response of agent.consoleMessages) agent.add(response);
This seems to work for all Intents, although some further testing might be required.
I'm using the Admin SDK, Auth feature.
When calling admin.auth().verifyIdToken(token) and the token is expired I get the error
Firebase ID token has expired. Get a fresh token from your client app and try again. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
With error code
auth/argument-error
First of all, should the error code not be "auth/user-token-expired"?
Second, the error code I received is not in the Admin Authentication API Errors
I have a hard time handling all firebase errors properly so I can reply with proper error messages to the consumers of my API.
Expired tokens and invalid signatures are reported with the AuthClientErrorCode.INVALID_ARGUMENT error code. It seems the value of this constant is defined as argument-error in source. This can be fixed in a future release (or alternatively update the documentation to reflect the correct value of the constant, and avoid a potentially breaking change).
There is no such error code as auth/user-token-expired in Admin SDK. Suggest you report a feature request in the Github repo if that is important to you.
I am banging my head trying to use Flickr API...
My goal is to be able to upload images and create albums in my Flickr account from my website...
I tried the phpFlickr library but apparently it needs updates for getting authenticated tokens...It keeps giving me "Invalid auth token".
I did some reading on how to get tokens and using DPZFlickr managed to get oauth_token & oauth_verifier but failed to exchange that with an access token...It also failed in uploading any photo to my account using the included upload.php example (Giving me an "empty" error!).
After digging in DBZ flickr.php code, I managed to get this error when trying to upload to Flickr: "oauth_problem=signature_invalid&"
So I began to search how to create a valid signature to eventually get a valid access token...and concluded that it is quite some work to be done here if I am going to build everything from scratch.
So my question is: Are there any updated php libraries that I can use to successfully create albums and upload photos to my Flickr account? Or should I go ahead and try building one?
OK..I finally got it to work with the DPZ library.
For future reference anybody facing the same problem as I had:
I managed to create an album using DPZFlickr by changing the method in auth.php to flickr.photosets.create....which indicated that the library correctly generates an access token with write permission..
However, the upload example kept giving me the "Invalid signature" error....
I checked the code. Flickr.php correctly unsets the photo parameter before signing the request then adds it back and submits the request which is exactly as indicated in: www.flickr.com/services/api/upload.api.html
I found a discussion in https://www.flickr.com/groups/51035612836#N01/discuss/72157650261711318/ that cleared out that the error was not actually a signature problem, but rather the 'photo' parameter that is being sent is the problem. It's just that Flickr doesn't know what to do with the photo parameter so it sends the signature error.
So what' wrong with the photo parameter?
Flickr API requires that the image has to be sent in binary form...The DBZ library, Flickr.php script line 677, does the hard work for us using the cURL function in php (http://au.php.net/manual/en/function.curl-setopt.php).
It sends the $parameters (which includes the uploaded photo) to the post field of the http request which should do the upload in binary format for us.
However, a brilliant comment I found in CURL PHP send image
states that:
"CURLOPT_SAFE_UPLOAD defaulted to true in 5.6.0... so you will need to add curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); before setting CURLOPT_POSTFIELDS"
Checking the manual: http://au.php.net/manual/en/function.curl-setopt.php
it says:
"Added in PHP 5.5.0 with FALSE as the default value. PHP 5.6.0 changes the default value to TRUE."
So if your php version is 5.5.0 the library will work just fine whilst if using version PHP 5.6.0 you need to add a line before 677 in Flickr.php to change the CURLOPT_SAFE_UPLOAD to false (that's why the library works with some and others not).
To solve the issue...Just add this line before line 677 in Flickr.php:
curl_setopt($curl, CURLOPT_SAFE_UPLOAD, false);
That's it. (-:
I'm integrating Google's login with a Flask site using Flask-OAuth.
Everything is working fine. I can authorise the login and get a token back etc without any difficulties. But when I use Flask-OAuth's get method to request the logged in user's email address I get an error saying:
TypeError: Unicode-objects must be encoded before hashing
I'm using Python3 and this has the smell of a Python version issue but I can't figure out what I'd need to change.
The code I'm using is this:
def get_additional_data(self):
access_token = session.get('oauth_token')
headers = {'Authorization': 'OAuth ' + access_token[0]}
return self.service.get(
'https://www.googleapis.com/oauth2/v1/userinfo', None,
headers=headers)
I'm not sure what I can encode in that request. Even if I don't pass the headers I get the same error (rather than an invalid request or something like that).
I've run 2to3 on oauth2/__init__.py and the tweaks is suggests are very minor and shouldn't prevent the code from running in Python 3. Also, everything else OAuth2 related is working.
The bad news is that the solution to this problem is switching to Flask-OAuthlib.
The good news is it required very few changes from Flask-OAuth to get it working.